From 13bdcc518d65f0799943d0b028c3c22395fde7ff Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 22 Nov 2016 11:25:40 -0800 Subject: [PATCH 01/86] Pulled in patches from Debian package. --- ChangeLog | 1 + Makefile.am | 37 +++++++++++++++++++++---------------- configure.ac | 18 ++++++++++++------ wolfcrypt/src/aes_asm.s | 6 +++++- 4 files changed, 39 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index e69de29bb..87ed82401 100644 --- a/ChangeLog +++ b/ChangeLog @@ -0,0 +1 @@ +Please see the file 'README' in this directory. diff --git a/Makefile.am b/Makefile.am index 09e1e7219..7870f527c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -88,23 +88,28 @@ include testsuite/include.am include tests/include.am include sslSniffer/sslSnifferTest/include.am include rpm/include.am -include mqx/util_lib/Sources/include.am -include mqx/wolfcrypt_benchmark/Sources/include.am -include mqx/wolfcrypt_test/Sources/include.am -include mqx/wolfssl/include.am -include mqx/wolfssl_client/Sources/include.am -include mplabx/include.am -include mplabx/wolfcrypt_benchmark.X/nbproject/include.am -include mplabx/wolfcrypt_test.X/nbproject/include.am -include mplabx/wolfssl.X/nbproject/include.am -include mcapi/include.am -include mcapi/wolfcrypt_mcapi.X/nbproject/include.am -include mcapi/wolfcrypt_test.X/nbproject/include.am -include mcapi/wolfssl.X/nbproject/include.am -include mcapi/zlib.X/nbproject/include.am -include tirtos/include.am + +if BUILD_DISTRO + # Exclude references to non-DFSG sources from build files +else + include mqx/util_lib/Sources/include.am + include mqx/wolfcrypt_benchmark/Sources/include.am + include mqx/wolfcrypt_test/Sources/include.am + include mqx/wolfssl/include.am + include mqx/wolfssl_client/Sources/include.am + include mplabx/include.am + include mplabx/wolfcrypt_benchmark.X/nbproject/include.am + include mplabx/wolfcrypt_test.X/nbproject/include.am + include mplabx/wolfssl.X/nbproject/include.am + include mcapi/include.am + include mcapi/wolfcrypt_mcapi.X/nbproject/include.am + include mcapi/wolfcrypt_test.X/nbproject/include.am + include mcapi/wolfssl.X/nbproject/include.am + include mcapi/zlib.X/nbproject/include.am + include tirtos/include.am + include IDE/include.am +endif include scripts/include.am -include IDE/include.am if USE_VALGRIND TESTS_ENVIRONMENT=./valgrind-error.sh diff --git a/configure.ac b/configure.ac index ee8d9822c..ac4dda2df 100644 --- a/configure.ac +++ b/configure.ac @@ -188,6 +188,7 @@ then enable_stunnel=yes enable_pwdbased=yes fi +AM_CONDITIONAL([BUILD_DISTRO], [test "x$ENABLED_DISTRO" = "xyes"]) # SINGLE THREADED @@ -2165,7 +2166,7 @@ then ENABLED_ECC="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) - + if test "$ENABLED_ECC_SHAMIR" = "yes" then AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" @@ -2238,7 +2239,7 @@ then ENABLED_ECC="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) - + if test "$ENABLED_ECC_SHAMIR" = "yes" then AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" @@ -2342,7 +2343,7 @@ then ENABLED_ECC="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) - + if test "$ENABLED_ECC_SHAMIR" = "yes" then AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" @@ -2839,7 +2840,7 @@ AC_ARG_ENABLE([asynccrypt], if test "$ENABLED_ASYNCCRYPT" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT" - + # if Cavium not enabled the use async simulator for testing if test "x$ENABLED_CAVIUM" = "xno" then @@ -3023,7 +3024,8 @@ AS_IF([test "x$ENABLED_DTLS" = "xno" && \ ################################################################################ # OPTIMIZE FLAGS -if test "$GCC" = "yes" +# For distro disable custom build options that interfere with symbol generation +if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no" then AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused" if test "$ax_enable_debug" = "no" @@ -3072,7 +3074,11 @@ case $host_os in esac # add user C_EXTRA_FLAGS back -CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS" +# For distro disable custom build options that interfere with symbol generation +if test "$ENABLED_DISTRO" = "no" +then + CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS" +fi OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS" CREATE_HEX_VERSION diff --git a/wolfcrypt/src/aes_asm.s b/wolfcrypt/src/aes_asm.s index ac67a09ee..e47b3469e 100644 --- a/wolfcrypt/src/aes_asm.s +++ b/wolfcrypt/src/aes_asm.s @@ -1205,7 +1205,7 @@ pslldq $4, %xmm4 pxor %xmm4, %xmm3 pxor %xmm2, %xmm3 ret - + /* void AES_256_Key_Expansion (const unsigned char *userkey, @@ -1372,3 +1372,7 @@ gfmul: ret #endif /* HAVE_AESGCM */ + +#if defined(__linux__) && defined(__ELF__) + .section .note.GNU-stack,"",%progbits +#endif From a2dc01413c20307091ad3586d6f99bc5c304955a Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 29 Nov 2016 13:29:19 -0800 Subject: [PATCH 02/86] For distro build don't install options.h (conflicts with multi-arch). Fix for BUILD_DISTRO excludes with indent. --- Makefile.am | 37 ++++++++++++++++++------------------- cyassl/include.am | 8 +++++++- wolfssl/include.am | 8 +++++++- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/Makefile.am b/Makefile.am index 7870f527c..e9aadbec0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -89,25 +89,24 @@ include tests/include.am include sslSniffer/sslSnifferTest/include.am include rpm/include.am -if BUILD_DISTRO - # Exclude references to non-DFSG sources from build files -else - include mqx/util_lib/Sources/include.am - include mqx/wolfcrypt_benchmark/Sources/include.am - include mqx/wolfcrypt_test/Sources/include.am - include mqx/wolfssl/include.am - include mqx/wolfssl_client/Sources/include.am - include mplabx/include.am - include mplabx/wolfcrypt_benchmark.X/nbproject/include.am - include mplabx/wolfcrypt_test.X/nbproject/include.am - include mplabx/wolfssl.X/nbproject/include.am - include mcapi/include.am - include mcapi/wolfcrypt_mcapi.X/nbproject/include.am - include mcapi/wolfcrypt_test.X/nbproject/include.am - include mcapi/wolfssl.X/nbproject/include.am - include mcapi/zlib.X/nbproject/include.am - include tirtos/include.am - include IDE/include.am +# Exclude references to non-DFSG sources from build files +if !BUILD_DISTRO +include mqx/util_lib/Sources/include.am +include mqx/wolfcrypt_benchmark/Sources/include.am +include mqx/wolfcrypt_test/Sources/include.am +include mqx/wolfssl/include.am +include mqx/wolfssl_client/Sources/include.am +include mplabx/include.am +include mplabx/wolfcrypt_benchmark.X/nbproject/include.am +include mplabx/wolfcrypt_test.X/nbproject/include.am +include mplabx/wolfssl.X/nbproject/include.am +include mcapi/include.am +include mcapi/wolfcrypt_mcapi.X/nbproject/include.am +include mcapi/wolfcrypt_test.X/nbproject/include.am +include mcapi/wolfssl.X/nbproject/include.am +include mcapi/zlib.X/nbproject/include.am +include tirtos/include.am +include IDE/include.am endif include scripts/include.am diff --git a/cyassl/include.am b/cyassl/include.am index db1f089ee..b4c7e0436 100644 --- a/cyassl/include.am +++ b/cyassl/include.am @@ -16,10 +16,16 @@ nobase_include_HEADERS+= \ cyassl/certs_test.h \ cyassl/test.h \ cyassl/version.h \ - cyassl/options.h \ cyassl/ocsp.h \ cyassl/crl.h noinst_HEADERS+= \ cyassl/internal.h +# For distro build don't install options.h. +# It depends on the architecture and conflicts with Multi-Arch. +if BUILD_DISTRO +noinst_HEADERS+= cyassl/options.h +else +nobase_include_HEADERS+= cyassl/options.h +endif diff --git a/wolfssl/include.am b/wolfssl/include.am index a02488fc8..03883b086 100644 --- a/wolfssl/include.am +++ b/wolfssl/include.am @@ -16,10 +16,16 @@ nobase_include_HEADERS+= \ wolfssl/certs_test.h \ wolfssl/test.h \ wolfssl/version.h \ - wolfssl/options.h \ wolfssl/ocsp.h \ wolfssl/crl.h noinst_HEADERS+= \ wolfssl/internal.h +# For distro build don't install options.h. +# It depends on the architecture and conflicts with Multi-Arch. +if BUILD_DISTRO +noinst_HEADERS+= wolfssl/options.h +else +nobase_include_HEADERS+= wolfssl/options.h +endif From 9399cc05cb346791a3d1ad809a9fa1816f9df2a6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 7 Dec 2016 07:07:27 -0800 Subject: [PATCH 03/86] Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined. --- configure.ac | 9 +++++++-- src/crl.c | 13 ++++++------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index ac4dda2df..ad4471a67 100644 --- a/configure.ac +++ b/configure.ac @@ -1764,7 +1764,12 @@ then *linux* | *darwin* | *freebsd*) AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;; *) - AC_MSG_ERROR([crl monitor only allowed on linux, OS X, or freebsd]) ;; + if test "x$ENABLED_DISTRO" = "xyes" ; then + ENABLED_CRL_MONITOR="no" + else + AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd]) + fi + break;; esac fi @@ -2214,7 +2219,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) fi - if test "x$ENABLED_CRL_MONITOR" = "xno" + if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno" then ENABLED_CRL_MONITOR="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" diff --git a/src/crl.c b/src/crl.c index fcc925af7..2fbcde08c 100644 --- a/src/crl.c +++ b/src/crl.c @@ -42,8 +42,12 @@ #include #ifdef HAVE_CRL_MONITOR - static int StopMonitor(int mfd); -#endif + #if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__)) + static int StopMonitor(int mfd); + #else + #error "CRL monitor only currently supported on linux or mach" + #endif +#endif /* HAVE_CRL_MONITOR */ /* Initialize CRL members */ @@ -718,11 +722,6 @@ static void* DoMonitor(void* arg) return NULL; } - -#else - -#error "CRL monitor only currently supported on linux or mach" - #endif /* MACH or linux */ From c5fbf9655796fad8ade9168511b6f21b5d8e8c3b Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 16 Dec 2016 15:58:18 -0700 Subject: [PATCH 04/86] PKCS#7: fixes for building with AES disabled, smallstack --- wolfcrypt/src/error.c | 3 ++ wolfcrypt/src/pkcs7.c | 51 ++++++++++++++++++++++++++++++--- wolfcrypt/test/test.c | 15 +++++++++- wolfssl/wolfcrypt/error-crypt.h | 3 +- 4 files changed, 66 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 9a030bdc6..2de4e7c0a 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -401,6 +401,9 @@ const char* wc_GetErrorString(int error) case ASN_PATHLEN_INV_E: return "ASN CA path length larger than signer error"; + case BAD_KEYWRAP_ALG_E: + return "Unsupported key wrap algorithm error"; + case BAD_KEYWRAP_IV_E: return "Decrypted AES key wrap IV does not match expected"; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 65351f09f..76d0c6ef2 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1079,6 +1079,7 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek, return BAD_FUNC_ARG; switch (keyWrapAlgo) { +#ifndef NO_AES case AES128_WRAP: case AES192_WRAP: case AES256_WRAP: @@ -1101,12 +1102,17 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek, return ret; break; +#endif /* NO_AES */ default: WOLFSSL_MSG("Unsupported key wrap algorithm"); - return BAD_FUNC_ARG; + return BAD_KEYWRAP_ALG_E; }; + (void)cekSz; + (void)kekSz; + (void)outSz; + (void)direction; return ret; } @@ -1515,7 +1521,7 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert, int* keyEncSz, byte* out, word32 outSz) { int ret = 0, idx = 0; - int keySz; + int keySz, direction = 0; /* ASN.1 layout */ int totalSz = 0; @@ -1561,6 +1567,20 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert, if (keyAgreeAlgo != ECDSAk) return BAD_FUNC_ARG; + /* set direction based on keyWrapAlgo */ + switch (keyWrapAlgo) { +#ifndef NO_AES + case AES128_WRAP: + case AES192_WRAP: + case AES256_WRAP: + direction = AES_ENCRYPTION; + break; +#endif + default: + WOLFSSL_MSG("Unsupported key wrap algorithm"); + return BAD_KEYWRAP_ALG_E; + } + kari = wc_PKCS7_KariNew(pkcs7, WC_PKCS7_ENCODE); if (kari == NULL) return MEMORY_E; @@ -1596,7 +1616,7 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert, /* encrypt CEK with KEK */ keySz = wc_PKCS7_KariKeyWrap(contentKeyPlain, blockKeySz, kari->kek, kari->kekSz, contentKeyEnc, *keyEncSz, keyWrapAlgo, - AES_ENCRYPTION); + direction); if (keySz <= 0) { wc_PKCS7_KariFree(kari); return ret; @@ -2836,6 +2856,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, { int ret, keySz; int encryptedKeySz; + int direction = 0; word32 keyAgreeOID, keyWrapOID; #ifdef WOLFSSL_SMALL_STACK @@ -2908,6 +2929,24 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return ret; } + /* set direction based on key wrap algorithm */ + switch (keyWrapOID) { +#ifndef NO_AES + case AES128_WRAP: + case AES192_WRAP: + case AES256_WRAP: + direction = AES_DECRYPTION; + break; +#endif + default: + wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + #endif + WOLFSSL_MSG("AES key wrap algorithm unsupported"); + return BAD_KEYWRAP_ALG_E; + } + /* remove RecipientEncryptedKeys */ ret = wc_PKCS7_KariGetRecipientEncryptedKeys(kari, pkiMsg, pkiMsgSz, idx, recipFound, encryptedKey, &encryptedKeySz); @@ -2932,7 +2971,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* decrypt CEK with KEK */ keySz = wc_PKCS7_KariKeyWrap(encryptedKey, encryptedKeySz, kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz, - keyWrapOID, AES_DECRYPTION); + keyWrapOID, direction); if (keySz <= 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK @@ -3147,13 +3186,17 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); if (blockKeySz < 0) { +#ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); +#endif return blockKeySz; } expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); if (expBlockSz < 0) { +#ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); +#endif return expBlockSz; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index e3f26f761..672b882e8 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9099,9 +9099,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0x72,0x6c,0x64 }; +#ifndef NO_AES byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; +#endif /* NO_AES */ const pkcs7EnvelopedVector testVectors[] = { @@ -9178,8 +9180,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, /* encode envelopedData */ envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, sizeof(enveloped)); - if (envelopedSz <= 0) + if (envelopedSz <= 0) { + printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); return -210; + } /* decode envelopedData */ decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, @@ -9204,6 +9208,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, wc_PKCS7_Free(&pkcs7); } + (void)eccCert; + (void)eccCertSz; + (void)eccPrivKey; + (void)eccPrivKeySz; return 0; } @@ -9362,6 +9370,7 @@ int pkcs7encrypted_test(void) 0x72,0x6c,0x64 }; +#ifndef NO_DES3 byte desKey[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; @@ -9370,6 +9379,9 @@ int pkcs7encrypted_test(void) 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; +#endif + +#ifndef NO_AES byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 @@ -9417,6 +9429,7 @@ int pkcs7encrypted_test(void) { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } }; +#endif /* NO_AES */ const pkcs7EncryptedVector testVectors[] = { diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 62bad6f83..9ebdc5d21 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -178,7 +178,8 @@ enum { ASN_PATHLEN_SIZE_E = -237, /* ASN CA path length too large error */ ASN_PATHLEN_INV_E = -238, /* ASN CA path length inversion error */ - BAD_KEYWRAP_IV_E = -239, /* Decrypted AES key wrap IV incorrect */ + BAD_KEYWRAP_ALG_E = -239, + BAD_KEYWRAP_IV_E = -240, /* Decrypted AES key wrap IV incorrect */ MIN_CODE_E = -300 /* errors -101 - -299 */ From 060ff5e5ef5a2d4ecde828205db3382fdf3f8a34 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 19 Dec 2016 11:53:14 -0700 Subject: [PATCH 05/86] address fortify critical issues --- src/internal.c | 4 +++- wolfcrypt/src/asn.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index a62c1e634..9b69cc049 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10527,7 +10527,9 @@ int SendCertificate(WOLFSSL* ssl) sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, handshake, 1, 0); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (inputSz > 0) + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0) return sendSz; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 28e3cb02a..f780e7971 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1907,6 +1907,14 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) return ASN_PARSE_E; } + if (length > MAX_IV_SIZE) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ASN_PARSE_E; + } + XMEMCPY(cbcIv, &input[inOutIdx], length); inOutIdx += length; } From 4d637146d7728b5d3fb43f0526c29ad8e20155b3 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 19 Dec 2016 14:03:07 -0700 Subject: [PATCH 06/86] fix make dist with SGX project --- IDE/WIN-SGX/include.am | 1 - 1 file changed, 1 deletion(-) diff --git a/IDE/WIN-SGX/include.am b/IDE/WIN-SGX/include.am index cce4b10f0..f7ef78fbc 100644 --- a/IDE/WIN-SGX/include.am +++ b/IDE/WIN-SGX/include.am @@ -5,6 +5,5 @@ EXTRA_DIST+= IDE/WIN-SGX/ReadMe.txt EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.edl EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.sln -EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.suo EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.vcxproj EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.vcxproj.filters From 345df93978c41da1ac8047a37f1fed5286883d8d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 19 Dec 2016 14:51:42 -0700 Subject: [PATCH 07/86] Bug fix for cache attack --- wolfcrypt/src/tfm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index e73135a60..71b5735ea 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -446,12 +446,11 @@ INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C) pa = FP_SIZE-1; } - if (A == C || B == C) { + /* Always take branch to use tmp variable. This avoids a cache attack for + * determining if C equals A */ + if (1) { fp_init(&tmp); dst = &tmp; - } else { - fp_zero(C); - dst = C; } TFM_INTEL_MUL_COMBA(A, B, dst) ; From 46f3b2a367044fcfaf29979041f8fe32ae0031cd Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 19 Dec 2016 15:50:11 -0700 Subject: [PATCH 08/86] address fortify high issues --- src/internal.c | 11 ++++++----- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/pwdbased.c | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/internal.c b/src/internal.c index 9b69cc049..afd894c26 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6177,7 +6177,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; - if (x509 == NULL || dCert == NULL) + if (x509 == NULL || dCert == NULL || + dCert->subjectCNLen < 0) return BAD_FUNC_ARG; x509->version = dCert->version + 1; @@ -6234,14 +6235,14 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) else x509->deviceTypeSz = 0; minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz != 0) { + if (minSz > 0) { x509->hwTypeSz = minSz; XMEMCPY(x509->hwType, dCert->hwType, minSz); } else x509->hwTypeSz = 0; minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); - if (minSz != 0) { + if (minSz > 0) { x509->hwSerialNumSz = minSz; XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); } @@ -6251,14 +6252,14 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* WOLFSSL_SEP */ { int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ); - if (minSz != 0) { + if (minSz > 0) { x509->notBeforeSz = minSz; XMEMCPY(x509->notBefore, dCert->beforeDate, minSz); } else x509->notBeforeSz = 0; minSz = min(dCert->afterDateLen, MAX_DATE_SZ); - if (minSz != 0) { + if (minSz > 0) { x509->notAfterSz = minSz; XMEMCPY(x509->notAfter, dCert->afterDate, minSz); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f780e7971..204d1b279 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -410,7 +410,7 @@ time_t XTIME(time_t * timer) static INLINE word32 btoi(byte b) { - return b - 0x30; + return (word32)(b - 0x30); } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index d0bf3a206..668ab3605 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -91,7 +91,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, hLen = (int)MD5_DIGEST_SIZE; #endif - if (kLen > hLen) + if ((kLen > hLen) || (kLen < 0)) return BAD_FUNC_ARG; if (iterations < 1) From ac27d6d7ca4251b1db41358dcdf5559ee2cd2079 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 20 Dec 2016 09:30:46 -0800 Subject: [PATCH 09/86] DTLS Sequence Number update 1. Set the prevSeq to nextSeq on CCS. 2. Fully clear nextSeq on CCS. --- src/internal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index ca67970df..ec7199374 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9723,10 +9723,13 @@ int ProcessReply(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { DtlsMsgPoolReset(ssl); - ssl->keys.nextEpoch++; - ssl->keys.nextSeq_lo = 0; + ssl->keys.prevSeq_lo = ssl->keys.nextSeq_lo; + ssl->keys.prevSeq_hi = ssl->keys.nextSeq_hi; XMEMCPY(ssl->keys.prevWindow, ssl->keys.window, DTLS_SEQ_SZ); + ssl->keys.nextEpoch++; + ssl->keys.nextSeq_lo = 0; + ssl->keys.nextSeq_hi = 0; XMEMSET(ssl->keys.window, 0, DTLS_SEQ_SZ); } #endif From d73338851d92aaf6087711273a1b052c128211f6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Dec 2016 13:39:33 -0800 Subject: [PATCH 10/86] Combine generic math functions into new wolfmath.c/.h. Cleanup of the !ALT_ECC_SIZE code so fp_int always has size. This is in prep for async changes for new WC_BIGINT type for hardware crypto. --- IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp | 6 ++ IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp | 2 + IDE/WIN/wolfssl-fips.vcxproj | 3 +- src/include.am | 3 +- wolfcrypt/src/ecc.c | 18 ---- wolfcrypt/src/rsa.c | 66 ------------- wolfcrypt/src/tfm.c | 76 +++++++-------- wolfcrypt/src/wolfmath.c | 104 +++++++++++++++++++++ wolfssl-ntru.vcproj | 4 + wolfssl.vcproj | 4 + wolfssl.vcxproj | 1 + wolfssl/wolfcrypt/include.am | 3 +- wolfssl/wolfcrypt/integer.h | 9 +- wolfssl/wolfcrypt/tfm.h | 31 +++--- wolfssl/wolfcrypt/wolfmath.h | 33 +++++++ 15 files changed, 214 insertions(+), 149 deletions(-) create mode 100644 wolfcrypt/src/wolfmath.c create mode 100644 wolfssl/wolfcrypt/wolfmath.h diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp index 61982d704..219a61c9a 100644 --- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp +++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp @@ -2040,6 +2040,12 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wolfmath.c + + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wolfevent.c + wolfSSL diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp index ad5c68af8..3deb98b3e 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp +++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp @@ -102,6 +102,8 @@ + + diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 8575aeb9a..10977ceb3 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -300,6 +300,7 @@ + @@ -324,4 +325,4 @@ - \ No newline at end of file + diff --git a/src/include.am b/src/include.am index 82be0c1a0..031e9645c 100644 --- a/src/include.am +++ b/src/include.am @@ -120,7 +120,8 @@ src_libwolfssl_la_SOURCES += \ wolfcrypt/src/wc_encrypt.c \ wolfcrypt/src/wc_port.c \ wolfcrypt/src/error.c \ - wolfcrypt/src/signature.c + wolfcrypt/src/signature.c \ + wolfcrypt/src/wolfmath.c if BUILD_MEMORY src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ecdc408a2..0ebfbda56 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -982,24 +982,6 @@ static int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id) #ifndef WOLFSSL_ATECC508A -/* helper for either lib */ -static int get_digit_count(mp_int* a) -{ - if (a == NULL) - return 0; - - return a->used; -} - -/* helper for either lib */ -static mp_digit get_digit(mp_int* a, int n) -{ - if (a == NULL) - return 0; - - return (n >= a->used || n < 0) ? 0 : a->dp[n]; -} - /** Add two ECC points P The point to add diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index df475d800..fba54b011 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -846,72 +846,6 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, return ret; } - -#ifdef WC_RSA_BLINDING - -/* helper for either lib */ -static int get_digit_count(mp_int* a) -{ - if (a == NULL) - return 0; - - return a->used; -} - - -static int get_rand_digit(WC_RNG* rng, mp_digit* d) -{ - return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); -} - - -static int mp_rand(mp_int* a, int digits, WC_RNG* rng) -{ - int ret; - mp_digit d; - - if (rng == NULL) - return MISSING_RNG_E; - - if (a == NULL) - return BAD_FUNC_ARG; - - mp_zero(a); - if (digits <= 0) { - return MP_OKAY; - } - - /* first place a random non-zero digit */ - do { - ret = get_rand_digit(rng, &d); - if (ret != 0) { - return ret; - } - } while (d == 0); - - if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { - return ret; - } - - while (--digits > 0) { - if ((ret = mp_lshd(a, 1)) != MP_OKAY) { - return ret; - } - if ((ret = get_rand_digit(rng, &d)) != 0) { - return ret; - } - if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { - return ret; - } - } - - return ret; -} - - -#endif /* WC_RSA_BLINGING */ - - static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 71b5735ea..bafcc8029 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -49,6 +49,7 @@ #include #include #include /* will define asm MACROS or C ones */ +#include /* common functions */ #if defined(FREESCALE_LTC_TFM) #include @@ -1004,12 +1005,12 @@ int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) fp_init(&t); fp_mul(a, b, &t); -#ifdef ALT_ECC_SIZE - err = fp_mod(&t, c, &t); - fp_copy(&t, d); -#else - err = fp_mod(&t, c, d); -#endif + if (d->size < FP_SIZE) { + err = fp_mod(&t, c, &t); + fp_copy(&t, d); + } else { + err = fp_mod(&t, c, d); + } return err; } @@ -1022,12 +1023,12 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) fp_init(&t); fp_sub(a, b, &t); -#ifdef ALT_ECC_SIZE - err = fp_mod(&t, c, &t); - fp_copy(&t, d); -#else - err = fp_mod(&t, c, d); -#endif + if (d->size < FP_SIZE) { + err = fp_mod(&t, c, &t); + fp_copy(&t, d); + } else { + err = fp_mod(&t, c, d); + } return err; } @@ -1040,12 +1041,12 @@ int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) fp_init(&t); fp_add(a, b, &t); -#ifdef ALT_ECC_SIZE - err = fp_mod(&t, c, &t); - fp_copy(&t, d); -#else - err = fp_mod(&t, c, d); -#endif + if (d->size < FP_SIZE) { + err = fp_mod(&t, c, &t); + fp_copy(&t, d); + } else { + err = fp_mod(&t, c, d); + } return err; } @@ -2167,12 +2168,12 @@ void fp_sub_d(fp_int *a, fp_digit b, fp_int *c) fp_int tmp; fp_init(&tmp); fp_set(&tmp, b); -#ifdef ALT_ECC_SIZE - fp_sub(a, &tmp, &tmp); - fp_copy(&tmp, c); -#else - fp_sub(a, &tmp, c); - #endif + if (c->size < FP_SIZE) { + fp_sub(a, &tmp, &tmp); + fp_copy(&tmp, c); + } else { + fp_sub(a, &tmp, c); + } } @@ -2186,7 +2187,6 @@ int mp_init (mp_int * a) return MP_OKAY; } -#ifdef ALT_ECC_SIZE void fp_init(fp_int *a) { a->size = FP_SIZE; @@ -2206,7 +2206,6 @@ void fp_clear(fp_int *a) a->sign = FP_ZPOS; ForceZero(a->dp, a->size * sizeof(fp_digit)); } -#endif /* clear one (frees) */ @@ -2347,7 +2346,6 @@ int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d) return MP_OKAY; } -#ifdef ALT_ECC_SIZE void fp_copy(fp_int *a, fp_int *b) { if (a != b && b->size >= a->used) { @@ -2372,7 +2370,6 @@ void fp_init_copy(fp_int *a, fp_int* b) fp_copy(b, a); } } -#endif /* fast math wrappers */ int mp_copy(fp_int* a, fp_int* b) @@ -2432,12 +2429,14 @@ int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c) fp_init(&t); fp_sqr(a, &t); -#ifdef ALT_ECC_SIZE - err = fp_mod(&t, b, &t); - fp_copy(&t, c); -#else - err = fp_mod(&t, b, c); -#endif + + if (c->size < FP_SIZE) { + err = fp_mod(&t, b, &t); + fp_copy(&t, c); + } + else { + err = fp_mod(&t, b, c); + } return err; } @@ -2850,7 +2849,7 @@ int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap) XMEMSET(buf, 0, len); XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); - + return FP_OKAY; } @@ -3172,14 +3171,9 @@ int mp_toradix (mp_int *a, char *str, int radix) void mp_dump(const char* desc, mp_int* a, byte verbose) { char buffer[FP_SIZE * sizeof(fp_digit) * 2]; - int size = FP_SIZE; - -#ifdef ALT_ECC_SIZE - size = a->size; -#endif printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n", - desc, a, a->used, a->sign, size, (int)sizeof(fp_digit)); + desc, a, a->used, a->sign, a->size, (int)sizeof(fp_digit)); mp_toradix(a, buffer, 16); printf(" %s\n ", buffer); diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c new file mode 100644 index 000000000..9b4ede53a --- /dev/null +++ b/wolfcrypt/src/wolfmath.c @@ -0,0 +1,104 @@ +/* wolfmath.c + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* common functions for either math library */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +/* in case user set USE_FAST_MATH there */ +#include + +#ifdef USE_FAST_MATH + #include +#else + #include +#endif + +#include +#include + + +int get_digit_count(mp_int* a) +{ + if (a == NULL) + return 0; + + return a->used; +} + +mp_digit get_digit(mp_int* a, int n) +{ + if (a == NULL) + return 0; + + return (n >= a->used || n < 0) ? 0 : a->dp[n]; +} + +int get_rand_digit(WC_RNG* rng, mp_digit* d) +{ + return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); +} + +int mp_rand(mp_int* a, int digits, WC_RNG* rng) +{ + int ret; + mp_digit d; + + if (rng == NULL) + return MISSING_RNG_E; + + if (a == NULL) + return BAD_FUNC_ARG; + + mp_zero(a); + if (digits <= 0) { + return MP_OKAY; + } + + /* first place a random non-zero digit */ + do { + ret = get_rand_digit(rng, &d); + if (ret != 0) { + return ret; + } + } while (d == 0); + + if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { + return ret; + } + + while (--digits > 0) { + if ((ret = mp_lshd(a, 1)) != MP_OKAY) { + return ret; + } + if ((ret = get_rand_digit(rng, &d)) != 0) { + return ret; + } + if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { + return ret; + } + } + + return ret; +} diff --git a/wolfssl-ntru.vcproj b/wolfssl-ntru.vcproj index a9f5c4577..3b7703c1b 100755 --- a/wolfssl-ntru.vcproj +++ b/wolfssl-ntru.vcproj @@ -274,6 +274,10 @@ RelativePath=".\wolfcrypt\src\wc_port.c" > + + diff --git a/wolfssl.vcproj b/wolfssl.vcproj index 106ba29fe..6843f4072 100755 --- a/wolfssl.vcproj +++ b/wolfssl.vcproj @@ -271,6 +271,10 @@ RelativePath=".\wolfcrypt\src\wc_port.c" > + + diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj index 985f3383b..7824a9b18 100644 --- a/wolfssl.vcxproj +++ b/wolfssl.vcxproj @@ -318,6 +318,7 @@ + diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 7c9c0fb7f..ca33c8b1e 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -58,7 +58,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/mpi_superclass.h \ wolfssl/wolfcrypt/mem_track.h \ wolfssl/wolfcrypt/wolfevent.h \ - wolfssl/wolfcrypt/pkcs12.h + wolfssl/wolfcrypt/pkcs12.h \ + wolfssl/wolfcrypt/wolfmath.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index c965330ea..7cd447a4c 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -64,7 +64,7 @@ extern "C" { /* C on the other hand doesn't care */ #define OPT_CAST(x) -#endif +#endif /* __cplusplus */ /* detect 64-bit mode if possible */ @@ -179,7 +179,7 @@ typedef int mp_err; #define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1)) /* the infamous mp_int structure */ -typedef struct { +typedef struct mp_int { int used, alloc, sign; mp_digit *dp; #ifdef WOLFSSL_ASYNC_CRYPT @@ -342,6 +342,11 @@ int mp_radix_size (mp_int * a, int radix, int *size); int mp_cnt_lsb(mp_int *a); int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c); + +/* wolf big int and common functions */ +#include + + #ifdef __cplusplus } #endif diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index c7cf9fa06..688c07cc2 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -282,12 +282,10 @@ #define FP_NO 0 /* no response */ /* a FP type */ -typedef struct { +typedef struct fp_int { int used, sign; -#ifdef ALT_ECC_SIZE int size; -#endif fp_digit dp[FP_SIZE]; #ifdef WOLFSSL_ASYNC_CRYPT byte *dpraw; /* Used for hardware crypto */ @@ -370,15 +368,9 @@ typedef struct { /*const char *fp_ident(void);*/ /* initialize [or zero] an fp int */ -#ifdef ALT_ECC_SIZE - void fp_init(fp_int *a); - void fp_zero(fp_int *a); - void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ -#else - #define fp_init(a) (void)XMEMSET((a), 0, sizeof(fp_int)) - #define fp_zero(a) fp_init(a) - #define fp_clear(a) ForceZero((a), sizeof(fp_int)); -#endif +void fp_init(fp_int *a); +void fp_zero(fp_int *a); +void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ /* zero/even/odd ? */ #define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO) @@ -397,13 +389,8 @@ int fp_is_bit_set(fp_int *a, fp_digit b); int fp_set_bit (fp_int * a, fp_digit b); /* copy from a to b */ -#ifndef ALT_ECC_SIZE - #define fp_copy(a, b) (void)(((a) != (b)) ? ((void)XMEMCPY((b), (a), sizeof(fp_int))) : (void)0) - #define fp_init_copy(a, b) fp_copy(b, a) -#else - void fp_copy(fp_int *a, fp_int *b); - void fp_init_copy(fp_int *a, fp_int *b); -#endif +void fp_copy(fp_int *a, fp_int *b); +void fp_init_copy(fp_int *a, fp_int *b); /* clamp digits */ #define fp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : FP_ZPOS; } @@ -703,6 +690,12 @@ WOLFSSL_API word32 CheckRunTimeFastMath(void); /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math FP_SIZE must match, return 1 if a match otherwise 0 */ #define CheckFastMathSettings() (FP_SIZE == CheckRunTimeFastMath()) + + +/* wolf big int and common functions */ +#include + + #ifdef __cplusplus } #endif diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h new file mode 100644 index 000000000..e6a348653 --- /dev/null +++ b/wolfssl/wolfcrypt/wolfmath.h @@ -0,0 +1,33 @@ +/* wolfmath.h + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __WOLFMATH_H__ +#define __WOLFMATH_H__ + + +/* common math functions */ +WOLFSSL_LOCAL int get_digit_count(mp_int* a); +WOLFSSL_LOCAL mp_digit get_digit(mp_int* a, int n); +WOLFSSL_LOCAL int get_rand_digit(WC_RNG* rng, mp_digit* d); +WOLFSSL_LOCAL int mp_rand(mp_int* a, int digits, WC_RNG* rng); + + +#endif /* __WOLFMATH_H__ */ From 3bec816f970511961d1fdc0c9bd8eecfd285e3a3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Dec 2016 14:05:00 -0800 Subject: [PATCH 11/86] =?UTF-8?q?Cleanup=20min(),=20TRUE,=20FALSE,=20ALIGN?= =?UTF-8?q?16=20and=20ALIGN32.=20Replace=20only=20use=20of=20BYTE3=5FLEN?= =?UTF-8?q?=20with=20OPAQUE24=5FLEN.=20Replace=20=E2=80=9C=20=20=20=20?= =?UTF-8?q?=E2=80=9C=20with=20=E2=80=9C\t=E2=80=9D=20(saves=20bytes=20and?= =?UTF-8?q?=20is=20consistent).=20Fix=20align=20issue=20with=20=E2=80=9CWO?= =?UTF-8?q?LFSSL=5FEVP=5FMD=5FCTX=E2=80=9D=20hash.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/internal.c | 50 +++++++++------------------ src/io.c | 48 ++++++++++++------------- src/sniffer.c | 10 ------ src/ssl.c | 16 --------- src/tls.c | 11 ------ wolfcrypt/src/asn.c | 19 ---------- wolfcrypt/src/cmac.c | 11 ------ wolfcrypt/src/dh.c | 22 ++++++------ wolfcrypt/src/dsa.c | 17 ++++----- wolfcrypt/src/ecc.c | 10 ------ wolfcrypt/src/hmac.c | 19 +++++----- wolfcrypt/src/md4.c | 11 ------ wolfcrypt/src/md5.c | 10 ------ wolfcrypt/src/misc.c | 9 +++++ wolfcrypt/src/pkcs7.c | 10 ------ wolfcrypt/src/port/arm/armv8-sha256.c | 21 ----------- wolfcrypt/src/pwdbased.c | 10 ------ wolfcrypt/src/ripemd.c | 9 ----- wolfcrypt/src/sha.c | 25 +++++--------- wolfcrypt/src/sha256.c | 9 ----- wolfcrypt/src/sha512.c | 10 ------ wolfssl/internal.h | 7 ---- wolfssl/openssl/evp.h | 2 +- wolfssl/wolfcrypt/misc.h | 4 +++ wolfssl/wolfcrypt/types.h | 48 ++++++++++++++++++------- 25 files changed, 125 insertions(+), 293 deletions(-) diff --git a/src/internal.c b/src/internal.c index ca67970df..7c172506e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -65,12 +65,6 @@ #include #endif -#ifndef TRUE - #define TRUE 1 -#endif -#ifndef FALSE - #define FALSE 0 -#endif #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } @@ -150,16 +144,6 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); int QSH_Init(WOLFSSL* ssl); #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - int IsTLS(const WOLFSSL* ssl) { @@ -5392,7 +5376,7 @@ static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, *type = input[idx++]; c24to32(input + idx, size); - idx += BYTE3_LEN; + idx += OPAQUE24_LEN; ato16(input + idx, &ssl->keys.dtls_peer_handshake_number); idx += DTLS_HANDSHAKE_SEQ_SZ; @@ -6156,7 +6140,7 @@ static int CheckAltNames(DecodedCert* dCert, char* domain) altName = dCert->altNames; while (altName) { - WOLFSSL_MSG(" individual AltName check"); + WOLFSSL_MSG("\tindividual AltName check"); if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ match = 1; @@ -6436,7 +6420,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, listSz -= certSz + CERT_HEADER_SZ; totalCerts++; - WOLFSSL_MSG(" Put another cert into chain"); + WOLFSSL_MSG("\tPut another cert into chain"); } count = totalCerts; @@ -9242,7 +9226,7 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type, WOLFSSL_MSG("Got alert"); if (*type == close_notify) { - WOLFSSL_MSG(" close notify"); + WOLFSSL_MSG("\tclose notify"); ssl->options.closeNotify = 1; } WOLFSSL_ERROR(*type); @@ -13719,11 +13703,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, WOLFSSL_MSG("server using lower version"); if (!ssl->options.downgrade) { - WOLFSSL_MSG(" no downgrade allowed, fatal error"); + WOLFSSL_MSG("\tno downgrade allowed, fatal error"); return VERSION_ERROR; } if (pv.minor < ssl->options.minDowngrade) { - WOLFSSL_MSG(" version below minimum allowed, fatal error"); + WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); return VERSION_ERROR; } @@ -13738,19 +13722,19 @@ static void PickHashSigAlgo(WOLFSSL* ssl, if (pv.minor == SSLv3_MINOR) { /* turn off tls */ - WOLFSSL_MSG(" downgrading to SSLv3"); + WOLFSSL_MSG("\tdowngrading to SSLv3"); ssl->options.tls = 0; ssl->options.tls1_1 = 0; ssl->version.minor = SSLv3_MINOR; } else if (pv.minor == TLSv1_MINOR) { /* turn off tls 1.1+ */ - WOLFSSL_MSG(" downgrading to TLSv1"); + WOLFSSL_MSG("\tdowngrading to TLSv1"); ssl->options.tls1_1 = 0; ssl->version.minor = TLSv1_MINOR; } else if (pv.minor == TLSv1_1_MINOR) { - WOLFSSL_MSG(" downgrading to TLSv1.1"); + WOLFSSL_MSG("\tdowngrading to TLSv1.1"); ssl->version.minor = TLSv1_1_MINOR; } } @@ -18623,24 +18607,24 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; } if (pv.minor < ssl->options.minDowngrade) { - WOLFSSL_MSG(" version below minimum allowed, fatal error"); + WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); return VERSION_ERROR; } if (pv.minor == SSLv3_MINOR) { /* turn off tls */ - WOLFSSL_MSG(" downgrading to SSLv3"); + WOLFSSL_MSG("\tdowngrading to SSLv3"); ssl->options.tls = 0; ssl->options.tls1_1 = 0; ssl->version.minor = SSLv3_MINOR; } else if (pv.minor == TLSv1_MINOR) { - WOLFSSL_MSG(" downgrading to TLSv1"); + WOLFSSL_MSG("\tdowngrading to TLSv1"); /* turn off tls 1.1+ */ ssl->options.tls1_1 = 0; ssl->version.minor = TLSv1_MINOR; } else if (pv.minor == TLSv1_1_MINOR) { - WOLFSSL_MSG(" downgrading to TLSv1.1"); + WOLFSSL_MSG("\tdowngrading to TLSv1.1"); ssl->version.minor = TLSv1_1_MINOR; } #ifndef NO_RSA @@ -18829,25 +18813,25 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; } if (pv.minor < ssl->options.minDowngrade) { - WOLFSSL_MSG(" version below minimum allowed, fatal error"); + WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); return VERSION_ERROR; } if (pv.minor == SSLv3_MINOR) { /* turn off tls */ - WOLFSSL_MSG(" downgrading to SSLv3"); + WOLFSSL_MSG("\tdowngrading to SSLv3"); ssl->options.tls = 0; ssl->options.tls1_1 = 0; ssl->version.minor = SSLv3_MINOR; } else if (pv.minor == TLSv1_MINOR) { /* turn off tls 1.1+ */ - WOLFSSL_MSG(" downgrading to TLSv1"); + WOLFSSL_MSG("\tdowngrading to TLSv1"); ssl->options.tls1_1 = 0; ssl->version.minor = TLSv1_MINOR; } else if (pv.minor == TLSv1_1_MINOR) { - WOLFSSL_MSG(" downgrading to TLSv1.1"); + WOLFSSL_MSG("\tdowngrading to TLSv1.1"); ssl->version.minor = TLSv1_1_MINOR; } #ifndef NO_RSA diff --git a/src/io.c b/src/io.c index bbfd971af..88aba2730 100644 --- a/src/io.c +++ b/src/io.c @@ -297,32 +297,32 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) { - WOLFSSL_MSG(" Would block"); + WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } else { - WOLFSSL_MSG(" Socket timeout"); + WOLFSSL_MSG("\tSocket timeout"); return WOLFSSL_CBIO_ERR_TIMEOUT; } } else if (err == SOCKET_ECONNRESET) { - WOLFSSL_MSG(" Connection reset"); + WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; } else if (err == SOCKET_EINTR) { - WOLFSSL_MSG(" Socket interrupted"); + WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } else if (err == SOCKET_ECONNREFUSED) { - WOLFSSL_MSG(" Connection refused"); + WOLFSSL_MSG("\tConnection refused"); return WOLFSSL_CBIO_ERR_WANT_READ; } else if (err == SOCKET_ECONNABORTED) { - WOLFSSL_MSG(" Connection aborted"); + WOLFSSL_MSG("\tConnection aborted"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; } else { - WOLFSSL_MSG(" General error"); + WOLFSSL_MSG("\tGeneral error"); return WOLFSSL_CBIO_ERR_GENERAL; } } @@ -353,23 +353,23 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Send error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - WOLFSSL_MSG(" Would Block"); + WOLFSSL_MSG("\tWould Block"); return WOLFSSL_CBIO_ERR_WANT_WRITE; } else if (err == SOCKET_ECONNRESET) { - WOLFSSL_MSG(" Connection reset"); + WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; } else if (err == SOCKET_EINTR) { - WOLFSSL_MSG(" Socket interrupted"); + WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } else if (err == SOCKET_EPIPE) { - WOLFSSL_MSG(" Socket EPIPE"); + WOLFSSL_MSG("\tSocket EPIPE"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; } else { - WOLFSSL_MSG(" General error"); + WOLFSSL_MSG("\tGeneral error"); return WOLFSSL_CBIO_ERR_GENERAL; } } @@ -435,28 +435,28 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { if (wolfSSL_get_using_nonblock(ssl)) { - WOLFSSL_MSG(" Would block"); + WOLFSSL_MSG("\tWould block"); return WOLFSSL_CBIO_ERR_WANT_READ; } else { - WOLFSSL_MSG(" Socket timeout"); + WOLFSSL_MSG("\tSocket timeout"); return WOLFSSL_CBIO_ERR_TIMEOUT; } } else if (err == SOCKET_ECONNRESET) { - WOLFSSL_MSG(" Connection reset"); + WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; } else if (err == SOCKET_EINTR) { - WOLFSSL_MSG(" Socket interrupted"); + WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } else if (err == SOCKET_ECONNREFUSED) { - WOLFSSL_MSG(" Connection refused"); + WOLFSSL_MSG("\tConnection refused"); return WOLFSSL_CBIO_ERR_WANT_READ; } else { - WOLFSSL_MSG(" General error"); + WOLFSSL_MSG("\tGeneral error"); return WOLFSSL_CBIO_ERR_GENERAL; } } @@ -464,7 +464,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (dtlsCtx->peer.sz > 0 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz && XMEMCMP(&peer, dtlsCtx->peer.sa, peerSz) != 0) { - WOLFSSL_MSG(" Ignored packet from invalid peer"); + WOLFSSL_MSG("\tIgnored packet from invalid peer"); return WOLFSSL_CBIO_ERR_WANT_READ; } } @@ -497,23 +497,23 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("Embed Send To error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { - WOLFSSL_MSG(" Would Block"); + WOLFSSL_MSG("\tWould Block"); return WOLFSSL_CBIO_ERR_WANT_WRITE; } else if (err == SOCKET_ECONNRESET) { - WOLFSSL_MSG(" Connection reset"); + WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; } else if (err == SOCKET_EINTR) { - WOLFSSL_MSG(" Socket interrupted"); + WOLFSSL_MSG("\tSocket interrupted"); return WOLFSSL_CBIO_ERR_ISR; } else if (err == SOCKET_EPIPE) { - WOLFSSL_MSG(" Socket EPIPE"); + WOLFSSL_MSG("\tSocket EPIPE"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; } else { - WOLFSSL_MSG(" General error"); + WOLFSSL_MSG("\tGeneral error"); return WOLFSSL_CBIO_ERR_GENERAL; } } diff --git a/src/sniffer.c b/src/sniffer.c index 33278f4e0..3803c153e 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -55,16 +55,6 @@ #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - -static INLINE word32 min(word32 a, word32 b) -{ - return a > b ? b : a; -} - -#endif /* WOLFSSL_HAVE_MIN */ - #ifndef WOLFSSL_SNIFFER_TIMEOUT #define WOLFSSL_SNIFFER_TIMEOUT 900 /* Cache unclosed Sessions for 15 minutes since last used */ diff --git a/src/ssl.c b/src/ssl.c index a865bed42..43c5a0492 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -105,22 +105,6 @@ #endif #endif /* NO_FILESYSTEM */ -#ifndef TRUE - #define TRUE 1 -#endif -#ifndef FALSE - #define FALSE 0 -#endif - -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSSL_HAVE_MIN */ #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX) #define WOLFSSL_HAVE_MAX diff --git a/src/tls.c b/src/tls.c index c0ca6c151..0290e2bce 100644 --- a/src/tls.c +++ b/src/tls.c @@ -66,17 +66,6 @@ #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - #ifdef WOLFSSL_SHA384 #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE #else diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 665199aeb..5d7b4b0ae 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -96,13 +96,6 @@ ASN Options: #endif -#ifndef TRUE - #define TRUE 1 -#endif -#ifndef FALSE - #define FALSE 0 -#endif - #ifndef NO_ASN_TIME #if defined(USER_TIME) /* user time, and gmtime compatible functions, there is a gmtime @@ -6252,18 +6245,6 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - /* Initialize and Set Certificate defaults: version = 3 (0x2) serial = 0 diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 6c7c88dc9..79b13fc43 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -40,17 +40,6 @@ #include -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - static void ShiftAndXorRb(byte* out, byte* in) { int i, j, xorRb; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index b300e5e0d..15b557a76 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -30,6 +30,15 @@ #include #include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + #if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST) #include @@ -40,17 +49,6 @@ #endif -#if !defined(WOLFSSL_HAVE_MIN) && !defined(WOLFSSL_DH_CONST) -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - void wc_InitDhKey(DhKey* key) { (void)key; @@ -185,7 +183,7 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, { int ret = 0; - mp_int x; + mp_int x; mp_int y; mp_int z; diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index d9ba8ac03..eaac64346 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -35,6 +35,13 @@ #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + enum { DSA_HALF_SIZE = 20, /* r and s size */ @@ -42,16 +49,6 @@ enum { }; -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - void wc_InitDsaKey(DsaKey* key) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ecdc408a2..57ebb210a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6982,16 +6982,6 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp) #ifdef HAVE_X963_KDF -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - static INLINE void IncrementX963KdfCounter(byte* inOutCtr) { int i; diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index a699b6542..ba96866e7 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -30,6 +30,14 @@ #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + + #ifdef HAVE_FIPS /* does init */ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz) @@ -780,17 +788,6 @@ int wolfSSL_GetHmacMaxSize(void) #ifdef HAVE_HKDF -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - /* HMAC-KDF with hash type, optional salt and info, return 0 on success */ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, const byte* salt, word32 saltSz, diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c index 3b3ae9555..bac424065 100644 --- a/wolfcrypt/src/md4.c +++ b/wolfcrypt/src/md4.c @@ -37,17 +37,6 @@ #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - - void wc_InitMd4(Md4* md4) { md4->digest[0] = 0x67452301L; diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index fdde46ff7..d142b13e9 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -170,16 +170,6 @@ #else /* Begin wolfCrypt software implementation */ -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - void wc_InitMd5(Md5* md5) { md5->digest[0] = 0x67452301L; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index cbd63c959..899c64880 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -210,6 +210,15 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length) return compareSum; } +#ifndef WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MIN + STATIC INLINE word32 min(word32 a, word32 b) + { + return a > b ? b : a; + } +#endif /* WOLFSSL_HAVE_MIN */ + + #undef STATIC diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 76d0c6ef2..1c586edd2 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -38,16 +38,6 @@ #include #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - /* direction for processing, encoding or decoding */ typedef enum { diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index fdf2634bf..80f3a901a 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -38,27 +38,6 @@ #include #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - -#if !defined (ALIGN32) - #if defined (__GNUC__) - #define ALIGN32 __attribute__ ( (aligned (32))) - #elif defined(_MSC_VER) - /* disable align warning, we want alignment ! */ - #pragma warning(disable: 4324) - #define ALIGN32 __declspec (align (32)) - #else - #define ALIGN32 - #endif -#endif static const ALIGN32 word32 K[64] = { 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 7f545ee92..f3df35201 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -59,16 +59,6 @@ #include #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - #ifndef NO_SHA /* PBKDF1 needs at least SHA available */ diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c index 9da179e4e..8cda86aef 100644 --- a/wolfcrypt/src/ripemd.c +++ b/wolfcrypt/src/ripemd.c @@ -38,15 +38,6 @@ #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ void wc_InitRipeMd(RipeMd* ripemd) { diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 499d72399..ac1a259e9 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -30,15 +30,6 @@ #if !defined(NO_SHA) #include -#include -#include - -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif /* fips wrapper calls, user can call direct */ @@ -60,6 +51,15 @@ #else /* else build without fips */ +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + /****************************************/ /* SHA Hardware Variations */ @@ -378,13 +378,6 @@ #endif /* !USE_CUSTOM_SHA_TRANSFORM */ -#ifndef WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MIN - static INLINE word32 min(word32 a, word32 b) { - return a > b ? b : a; - } -#endif /* WOLFSSL_HAVE_MIN */ - static INLINE void AddLength(Sha* sha, word32 len) { word32 tmp = sha->loLen; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index e0d986546..b5b42485b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -289,15 +289,6 @@ static void set_Transform(void) { #include "fsl_mmcau.h" #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ #ifdef FREESCALE_LTC_SHA int wc_InitSha256(Sha256* sha256) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 9e8b1f7d8..dbf2cec2e 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -81,16 +81,6 @@ int wc_Sha384Final(Sha384* sha, byte* out) #endif -#ifndef WOLFSSL_HAVE_MIN -#define WOLFSSL_HAVE_MIN - - static INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } - -#endif /* WOLFSSL_HAVE_MIN */ - #if defined(USE_INTEL_SPEEDUP) #define HAVE_INTEL_AVX1 #define HAVE_INTEL_AVX2 diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3859c1534..759abe174 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -164,12 +164,6 @@ #pragma warning(disable: 4996) #endif -#ifdef NO_AES - #if !defined (ALIGN16) - #define ALIGN16 - #endif -#endif - #ifdef NO_SHA #define SHA_DIGEST_SIZE 20 #endif @@ -924,7 +918,6 @@ enum Misc { LENGTH_SZ = 2, /* length field for HMAC, data only */ VERSION_SZ = 2, /* length of proctocol version */ SEQ_SZ = 8, /* 64 bit sequence number */ - BYTE3_LEN = 3, /* up to 24 bit byte lengths */ ALERT_SIZE = 2, /* level + description */ VERIFY_HEADER = 2, /* always use 2 bytes */ EXT_ID_SZ = 2, /* always use 2 bytes */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index e13e60ed1..a72027f9b 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -102,7 +102,7 @@ typedef union { typedef struct WOLFSSL_EVP_MD_CTX { unsigned char macType; - WOLFSSL_Hasher hash; + ALIGN16 WOLFSSL_Hasher hash; } WOLFSSL_EVP_MD_CTX; diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 959b2d87f..9e8ab15f2 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -67,6 +67,10 @@ WOLFSSL_LOCAL void ByteReverseWords64(word64*, const word64*, word32); #endif /* WORD64_AVAILABLE */ +#ifndef WOLFSSL_HAVE_MIN + WOLFSSL_LOCAL word32 min(word32 a, word32 b); +#endif + #endif /* NO_INLINE */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index ac20cae99..6d9cd060c 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -391,22 +391,46 @@ /* AESNI requires alignment and ARMASM gains some performance from it */ #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) - #if !defined (ALIGN16) - #if defined (__GNUC__) - #define ALIGN16 __attribute__ ( (aligned (16))) - #elif defined(_MSC_VER) - /* disable align warning, we want alignment ! */ - #pragma warning(disable: 4324) - #define ALIGN16 __declspec (align (16)) - #else - #define ALIGN16 - #endif - #endif + #if !defined(ALIGN16) + #if defined(__GNUC__) + #define ALIGN16 __attribute__ ( (aligned (16))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN16 __declspec (align (16)) + #else + #define ALIGN16 + #endif + #endif /* !ALIGN16 */ + + #if !defined(ALIGN32) + #if defined(__GNUC__) + #define ALIGN32 __attribute__ ( (aligned (32))) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define ALIGN32 __declspec (align (32)) + #else + #define ALIGN32 + #endif + #endif /* !ALIGN32 */ #else #ifndef ALIGN16 #define ALIGN16 #endif - #endif /* WOLFSSL_AESNI or WOLFSSL_ARMASM */ + #ifndef ALIGN32 + #define ALIGN32 + #endif + #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */ + + + #ifndef TRUE + #define TRUE 1 + #endif + #ifndef FALSE + #define FALSE 0 + #endif + #ifdef WOLFSSL_RIOT_OS #define EXIT_TEST(ret) exit(ret) From 338cc9e87320ae105d0c10b71ab0846dc4874b40 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Dec 2016 14:09:19 -0800 Subject: [PATCH 12/86] Added wolfevent.c and wolfmath.c to ltc project. --- IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp index ca6a3a5c5..357ac26f3 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp +++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp @@ -104,6 +104,8 @@ + + From 40800d806506e23ea84378d9d58ca24c8a2c5676 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 21 Dec 2016 14:24:20 -0800 Subject: [PATCH 13/86] DTLS-SCTP fix 1. Add the SCTP suite test file to the include.am. 2. Skip the sequence number increment for client_hello messages in DTLS, but do the increment for SCTP. --- src/internal.c | 2 +- tests/include.am | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index ca67970df..33d18ee58 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8183,7 +8183,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* This branch is in order next, and a complete message. */ ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); if (ret == 0) { - if (type != client_hello) + if (type != client_hello || !IsDtlsNotSctpMode(ssl)) ssl->keys.dtls_expected_peer_handshake_number++; if (ssl->dtls_rx_msg_list != NULL) { ret = DtlsMsgDrain(ssl); diff --git a/tests/include.am b/tests/include.am index 63768e663..8368b49ce 100644 --- a/tests/include.am +++ b/tests/include.am @@ -23,5 +23,6 @@ EXTRA_DIST += tests/test.conf \ tests/test-qsh.conf \ tests/test-psk-no-id.conf \ tests/test-dtls.conf \ + tests/test-sctp.conf \ tests/test-sig.conf DISTCLEANFILES+= tests/.libs/unit.test From 1c17b8eed6f6e4877b1a58b4700cb5954cc2accd Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 21 Dec 2016 16:20:18 -0700 Subject: [PATCH 14/86] static analysis check of null dereference and memory management --- src/ssl.c | 4 +++- sslSniffer/sslSnifferTest/snifftest.c | 3 ++- wolfcrypt/src/pkcs7.c | 5 ++++- wolfcrypt/test/test.c | 3 +++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a865bed42..d02cced24 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9504,7 +9504,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, pem_password_cb cb) { WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb"); - ctx->passwd_cb = cb; + if (ctx != NULL) { + ctx->passwd_cb = cb; + } } int wolfSSL_num_locks(void) diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 5e7757bde..bcbd307da 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -166,8 +166,9 @@ int main(int argc, char** argv) printf("Enter the interface number (1-%d): ", i); ret = scanf("%d", &inum); - if (ret != 1) + if (ret != 1) { printf("scanf port failed\n"); + } if (inum < 1 || inum > i) err_sys("Interface number out of range"); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 76d0c6ef2..d5eb9d022 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1457,6 +1457,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, } else { /* bad direction */ + XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7); return BAD_FUNC_ARG; } @@ -2127,8 +2128,10 @@ static int wc_PKCS7_GenerateIV(WC_RNG* rng, byte* iv, word32 ivSz) return MEMORY_E; ret = wc_InitRng(random); - if (ret != 0) + if (ret != 0) { + XFREE(random, NULL, DYNAMIC_TYPE_RNG); return ret; + } } else { random = rng; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6cfdc0de0..8f7964890 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6675,6 +6675,9 @@ int openssl_test(void) { byte* p; p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) { + return -70; + } XMEMSET(p, 0, 10); CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } From 7752f9ad0532c609c46d4142ad83446c17f3ac18 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 22 Dec 2016 10:59:44 -0700 Subject: [PATCH 15/86] prepare for release 3.10.0 --- README | 37 +++++++++++++++++++++++++++++++++++++ README.md | 37 +++++++++++++++++++++++++++++++++++++ configure.ac | 4 ++-- rpm/spec.in | 2 +- support/wolfssl.pc | 2 +- wolfssl/version.h | 4 ++-- 6 files changed, 80 insertions(+), 6 deletions(-) diff --git a/README b/README index af2771dd7..63f245259 100644 --- a/README +++ b/README @@ -35,6 +35,43 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** +********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + ********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) Release 3.9.10 of wolfSSL has bug fixes and new features including: diff --git a/README.md b/README.md index 17950e4e0..ae166c18e 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,43 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` +# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +## Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + # wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) diff --git a/configure.ac b/configure.ac index 58cad5908..8afb2db4d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.9.10],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.10.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=8:0:5 +WOLFSSL_LIBRARY_VERSION=9:0:6 # | | | # +------+ | +---+ # | | | diff --git a/rpm/spec.in b/rpm/spec.in index 8d19ce753..e7871d05b 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -73,7 +73,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.3 -%{_libdir}/libwolfssl.so.3.5.0 +%{_libdir}/libwolfssl.so.3.6.0 %files devel %defattr(-,root,root,-) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 7970b1466..41636af6d 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.9.10 +Version: 3.10.0 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/version.h b/wolfssl/version.h index bd14b29ee..bd92deb26 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.9.10" -#define LIBWOLFSSL_VERSION_HEX 0x03009010 +#define LIBWOLFSSL_VERSION_STRING "3.10.0" +#define LIBWOLFSSL_VERSION_HEX 0x03010000 #ifdef __cplusplus } From fc168906410c34da4ee185e1af852a3d05c0d740 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 22 Dec 2016 14:01:05 -0800 Subject: [PATCH 16/86] =?UTF-8?q?Fix=20=E2=80=9Cmin=E2=80=9D=20with=20ctao?= =?UTF-8?q?crypt=20FIPS.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/misc.c | 1 + wolfssl/wolfcrypt/misc.h | 1 + 2 files changed, 2 insertions(+) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 899c64880..c61804123 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -212,6 +212,7 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length) #ifndef WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN + #define min min /* for ctaocrypt FIPS */ STATIC INLINE word32 min(word32 a, word32 b) { return a > b ? b : a; diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 9e8ab15f2..71069c6f5 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -68,6 +68,7 @@ void ByteReverseWords64(word64*, const word64*, word32); #endif /* WORD64_AVAILABLE */ #ifndef WOLFSSL_HAVE_MIN + #define min min /* for ctaocrypt FIPS */ WOLFSSL_LOCAL word32 min(word32 a, word32 b); #endif From c4af58b97376eec0ce54b16fd5cfe62c2c3195eb Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 22 Dec 2016 18:11:25 -0800 Subject: [PATCH 17/86] =?UTF-8?q?Refined=20the=20FIPS=20=E2=80=9Cmin?= =?UTF-8?q?=E2=80=9D=20logic.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/misc.c | 4 +++- wolfssl/wolfcrypt/misc.h | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index c61804123..a0581fe35 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -212,7 +212,9 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length) #ifndef WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN - #define min min /* for ctaocrypt FIPS */ + #if defined(HAVE_FIPS) && !defined(min) + #define min min + #endif STATIC INLINE word32 min(word32 a, word32 b) { return a > b ? b : a; diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 71069c6f5..c86fe2a6f 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -68,7 +68,9 @@ void ByteReverseWords64(word64*, const word64*, word32); #endif /* WORD64_AVAILABLE */ #ifndef WOLFSSL_HAVE_MIN - #define min min /* for ctaocrypt FIPS */ + #if defined(HAVE_FIPS) && !defined(min) + #define min min + #endif WOLFSSL_LOCAL word32 min(word32 a, word32 b); #endif From 3b6dac9751047dbb75a0ca617f14b7c968383deb Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sat, 24 Dec 2016 02:46:35 -0500 Subject: [PATCH 18/86] poly1305: fix ADD macros for multi-line --- wolfcrypt/src/poly1305.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 1b5bc2622..637106b63 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -68,9 +68,9 @@ } word128; #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) - #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; + #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; \ out.hi += (out.lo < t) + in.hi; } - #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; + #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; \ out.hi += (out.lo < t); } #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift))) #define LO(in) (in.lo) From fb49dbd083200b977cc55739802043cd4231d935 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 27 Dec 2016 10:34:13 -0700 Subject: [PATCH 19/86] update Windows FIPS build --- IDE/WIN/wolfssl-fips.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index 8575aeb9a..f541e766d 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -301,6 +301,7 @@ + From 511f41b0e458c8aa3b985703ad20f41b48026b5f Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 27 Dec 2016 14:38:14 -0700 Subject: [PATCH 20/86] fix C++ compiler warnings for distro build --- src/internal.c | 13 ++++---- src/keys.c | 38 ++++++++++++++++++++-- src/ssl.c | 9 +++--- src/tls.c | 73 ++++++++++++++++++++++++++----------------- tests/srp.c | 34 ++++++++++---------- wolfcrypt/src/pkcs7.c | 5 +-- wolfcrypt/src/srp.c | 6 ++-- 7 files changed, 116 insertions(+), 62 deletions(-) diff --git a/src/internal.c b/src/internal.c index efce9c491..854aaa624 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7088,7 +7088,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - request = TLSX_CSR_GetRequest(ssl->extensions); + request = (OcspRequest*)TLSX_CSR_GetRequest( + ssl->extensions); ssl->status_request = 0; break; } @@ -7096,8 +7097,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { - request = TLSX_CSR2_GetRequest(ssl->extensions, - status_type, 0); + request = (OcspRequest*)TLSX_CSR2_GetRequest( + ssl->extensions, status_type, 0); ssl->status_request_v2 = 0; break; } @@ -7211,8 +7212,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = BAD_CERTIFICATE_STATUS_ERROR; while (ret == 0) { - request = TLSX_CSR2_GetRequest(ssl->extensions, - status_type, index++); + request = (OcspRequest*)TLSX_CSR2_GetRequest( + ssl->extensions, status_type, index++); if (request == NULL) ret = BAD_CERTIFICATE_STATUS_ERROR; @@ -18810,7 +18811,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->buffers.dtlsCookieSecret.length); if (ret != 0) return ret; ret = wc_HmacUpdate(&cookieHmac, - ssl->buffers.dtlsCtx.peer.sa, + (const byte*)ssl->buffers.dtlsCtx.peer.sa, ssl->buffers.dtlsCtx.peer.sz); if (ret != 0) return ret; ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN); diff --git a/src/keys.c b/src/keys.c index a1095b1eb..7538b18e6 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2690,6 +2690,40 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, } #endif /* HAVE_ONE_TIME_AUTH */ +#ifdef HAVE_SECURE_RENEGOTIATION +/* function name is for cache_status++ + * This function was added because of error incrementing enum type when + * compiling with a C++ compiler. + */ +static void CacheStatusPP(SecureRenegotiation* cache) +{ + switch (cache->cache_status) { + case SCR_CACHE_NULL: + cache->cache_status = SCR_CACHE_NEEDED; + break; + + case SCR_CACHE_NEEDED: + cache->cache_status = SCR_CACHE_COPY; + break; + + case SCR_CACHE_COPY: + cache->cache_status = SCR_CACHE_PARTIAL; + break; + + case SCR_CACHE_PARTIAL: + cache->cache_status = SCR_CACHE_COMPLETE; + break; + + case SCR_CACHE_COMPLETE: + WOLFSSL_MSG("SCR Cache state Complete"); + break; + + default: + WOLFSSL_MSG("Unknown cache state!!"); + } +} +#endif /* HAVE_SECURE_RENEGOTIATION */ + /* Set wc_encrypt/wc_decrypt or both sides of key setup * note: use wc_encrypt to avoid shadowing global encrypt @@ -2804,7 +2838,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) } #endif } - ssl->secure_renegotiation->cache_status++; + CacheStatusPP(ssl->secure_renegotiation); } #endif /* HAVE_SECURE_RENEGOTIATION */ @@ -2822,7 +2856,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData) if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) { keys = &ssl->secure_renegotiation->tmp_keys; - ssl->secure_renegotiation->cache_status++; + CacheStatusPP(ssl->secure_renegotiation); } #endif /* HAVE_SECURE_RENEGOTIATION */ diff --git a/src/ssl.c b/src/ssl.c index d02cced24..afbf53416 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1790,7 +1790,7 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz) if(ssl->session.isDynamic) XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); - ssl->session.ticket = XMALLOC(bufSz, ssl->heap, + ssl->session.ticket = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); if(!ssl->session.ticket) { ssl->session.ticket = ssl->session.staticTicket; @@ -7898,7 +7898,8 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) /* If doing dynamic copy, need to alloc outside lock, then inside a lock * confirm the size still matches and memcpy */ if (doDynamicCopy) { - tmpBuff = XMALLOC(ticketLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + tmpBuff = (byte*)XMALLOC(ticketLen, ssl->heap, + DYNAMIC_TYPE_SESSION_TICK); if (!tmpBuff) return MEMORY_ERROR; @@ -7914,7 +7915,7 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) } if (ret == SSL_SUCCESS) { - copyInto->ticket = tmpBuff; + copyInto->ticket = (byte*)tmpBuff; copyInto->isDynamic = 1; XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen); } @@ -7999,7 +8000,7 @@ int AddSession(WOLFSSL* ssl) ticLen = ssl->session.ticketLen; /* Alloc Memory here so if Malloc fails can exit outside of lock */ if(ticLen > SESSION_TICKET_LEN) { - tmpBuff = XMALLOC(ticLen, ssl->heap, + tmpBuff = (byte*)XMALLOC(ticLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); if(!tmpBuff) return MEMORY_E; diff --git a/src/tls.c b/src/tls.c index c0ca6c151..519001a5a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2084,13 +2084,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, if (!isRequest) { #ifndef NO_WOLFSSL_CLIENT TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); - CertificateStatusRequest* csr = extension ? extension->data : NULL; + CertificateStatusRequest* csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; if (!csr) { /* look at context level */ extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST); - csr = extension ? extension->data : NULL; + csr = extension ? (CertificateStatusRequest*)extension->data : NULL; if (!csr) return BUFFER_ERROR; /* unexpected extension */ @@ -2106,7 +2107,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, /* propagate nonce */ if (csr->request.ocsp.nonceSz) { OcspRequest* request = - TLSX_CSR_GetRequest(ssl->extensions); + (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); if (request) { XMEMCPY(request->nonce, csr->request.ocsp.nonce, @@ -2185,7 +2186,8 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); - CertificateStatusRequest* csr = extension ? extension->data : NULL; + CertificateStatusRequest* csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; int ret = 0; if (csr) { @@ -2215,7 +2217,8 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) void* TLSX_CSR_GetRequest(TLSX* extensions) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); - CertificateStatusRequest* csr = extension ? extension->data : NULL; + CertificateStatusRequest* csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; if (csr) { switch (csr->status_type) { @@ -2231,7 +2234,8 @@ void* TLSX_CSR_GetRequest(TLSX* extensions) int TLSX_CSR_ForceRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); - CertificateStatusRequest* csr = extension ? extension->data : NULL; + CertificateStatusRequest* csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; if (csr) { switch (csr->status_type) { @@ -2433,14 +2437,15 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, if (!isRequest) { #ifndef NO_WOLFSSL_CLIENT TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); - CertificateStatusRequestItemV2* csr2 = extension ? extension->data - : NULL; + CertificateStatusRequestItemV2* csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; if (!csr2) { /* look at context level */ extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); - csr2 = extension ? extension->data : NULL; + csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; if (!csr2) return BUFFER_ERROR; /* unexpected extension */ @@ -2459,7 +2464,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, /* propagate nonce */ if (csr2->request.ocsp[0].nonceSz) { OcspRequest* request = - TLSX_CSR2_GetRequest(ssl->extensions, + (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions, csr2->status_type, 0); if (request) { @@ -2567,7 +2572,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, void* heap) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); - CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + CertificateStatusRequestItemV2* csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; int ret = 0; for (; csr2; csr2 = csr2->next) { @@ -2602,13 +2608,15 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, } } + (void)cert; return ret; } void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); - CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + CertificateStatusRequestItemV2* csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; for (; csr2; csr2 = csr2->next) { if (csr2->status_type == status_type) { @@ -2632,7 +2640,8 @@ void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); - CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; + CertificateStatusRequestItemV2* csr2 = extension ? + (CertificateStatusRequestItemV2*)extension->data : NULL; /* forces only the first one */ if (csr2) { @@ -3292,7 +3301,8 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); - SessionTicket* ticket = extension ? extension->data : NULL; + SessionTicket* ticket = extension ? + (SessionTicket*)extension->data : NULL; if (ticket) { /* TODO validate ticket timeout here! */ @@ -4086,11 +4096,12 @@ void TLSX_FreeAll(TLSX* list, void* heap) break; case TLSX_STATUS_REQUEST: - CSR_FREE_ALL(extension->data, heap); + CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap); break; case TLSX_STATUS_REQUEST_V2: - CSR2_FREE_ALL(extension->data, heap); + CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data, + heap); break; case TLSX_RENEGOTIATION_INFO: @@ -4163,19 +4174,24 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) break; case TLSX_STATUS_REQUEST: - length += CSR_GET_SIZE(extension->data, isRequest); + length += CSR_GET_SIZE( + (CertificateStatusRequest*)extension->data, isRequest); break; case TLSX_STATUS_REQUEST_V2: - length += CSR2_GET_SIZE(extension->data, isRequest); + length += CSR2_GET_SIZE( + (CertificateStatusRequestItemV2*)extension->data, + isRequest); break; case TLSX_RENEGOTIATION_INFO: - length += SCR_GET_SIZE(extension->data, isRequest); + length += SCR_GET_SIZE((SecureRenegotiation*)extension->data, + isRequest); break; case TLSX_SESSION_TICKET: - length += STK_GET_SIZE(extension->data, isRequest); + length += STK_GET_SIZE((SessionTicket*)extension->data, + isRequest); break; case TLSX_QUANTUM_SAFE_HYBRID: @@ -4241,23 +4257,24 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; case TLSX_STATUS_REQUEST: - offset += CSR_WRITE(extension->data, output + offset, - isRequest); + offset += CSR_WRITE((CertificateStatusRequest*)extension->data, + output + offset, isRequest); break; case TLSX_STATUS_REQUEST_V2: - offset += CSR2_WRITE(extension->data, output + offset, - isRequest); + offset += CSR2_WRITE( + (CertificateStatusRequestItemV2*)extension->data, + output + offset, isRequest); break; case TLSX_RENEGOTIATION_INFO: - offset += SCR_WRITE(extension->data, output + offset, - isRequest); + offset += SCR_WRITE((SecureRenegotiation*)extension->data, + output + offset, isRequest); break; case TLSX_SESSION_TICKET: - offset += STK_WRITE(extension->data, output + offset, - isRequest); + offset += STK_WRITE((SessionTicket*)extension->data, + output + offset, isRequest); break; case TLSX_QUANTUM_SAFE_HYBRID: diff --git a/tests/srp.c b/tests/srp.c index 3314a69b6..0ca2a2b70 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -117,8 +117,8 @@ static void test_SrpInit(void) /* invalid params */ AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255 )); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255)); /* success */ AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); @@ -240,8 +240,8 @@ static void test_SrpSetPassword(void) static void test_SrpGetPublic(void) { Srp srp; - byte public[64]; - word32 publicSz = 0; + byte pub[64]; + word32 pubSz = 0; AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); @@ -250,23 +250,23 @@ static void test_SrpGetPublic(void) salt, sizeof(salt))); /* invalid call order */ - AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz)); /* fix call order */ AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); /* invalid params */ - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL, &publicSz)); - AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL)); - AssertIntEQ(BUFFER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, pub, &pubSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL, &pubSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, pub, NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGetPublic(&srp, pub, &pubSz)); /* success */ - publicSz = sizeof(public); + pubSz = sizeof(pub); AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a))); - AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); - AssertIntEQ(publicSz, sizeof(A)); - AssertIntEQ(0, XMEMCMP(public, A, publicSz)); + AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz)); + AssertIntEQ(pubSz, sizeof(A)); + AssertIntEQ(0, XMEMCMP(pub, A, pubSz)); wc_SrpTerm(&srp); @@ -277,16 +277,16 @@ static void test_SrpGetPublic(void) salt, sizeof(salt))); /* invalid call order */ - AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz)); /* fix call order */ AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier))); /* success */ AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b))); - AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); - AssertIntEQ(publicSz, sizeof(B)); - AssertIntEQ(0, XMEMCMP(public, B, publicSz)); + AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz)); + AssertIntEQ(pubSz, sizeof(B)); + AssertIntEQ(0, XMEMCMP(pub, B, pubSz)); wc_SrpTerm(&srp); } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index d5eb9d022..daf7a0c24 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1415,7 +1415,8 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, int keyWrapOID, int keyEncOID) { int ret; - int kSz, kdfType; + int kSz; + enum wc_HashType kdfType; byte* secret; word32 secretSz; @@ -2123,7 +2124,7 @@ static int wc_PKCS7_GenerateIV(WC_RNG* rng, byte* iv, word32 ivSz) /* input RNG is optional, init local one if input rng is NULL */ if (rng == NULL) { - random = XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + random = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (random == NULL) return MEMORY_E; diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 246db1d70..480f81668 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -454,12 +454,12 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) return mp_read_unsigned_bin(&srp->auth, verifier, size); } -int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) +int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size) { mp_int p; int r; - if (!srp || !private || !size) + if (!srp || !priv || !size) return BAD_FUNC_ARG; if (mp_iszero(&srp->auth) == MP_YES) @@ -468,7 +468,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) r = mp_init(&p); if (r != MP_OKAY) return MP_INIT_E; - if (!r) r = mp_read_unsigned_bin(&p, private, size); + if (!r) r = mp_read_unsigned_bin(&p, priv, size); if (!r) r = mp_mod(&p, &srp->N, &srp->priv); if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0; From b57e576abdcf3a4b3bf046aa9a4aa05eabf878fb Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 28 Dec 2016 11:18:41 -0800 Subject: [PATCH 21/86] =?UTF-8?q?Fixes=20for=20compiler=20warnings=20with?= =?UTF-8?q?=20IAR=20EWARM=208.=20*=20Fix=20=E2=80=9Cwc=5FPKCS7=5FDecodeUnp?= =?UTF-8?q?rotectedAttributes=E2=80=9D=20return=20prior=20to=20free=20in?= =?UTF-8?q?=20GetSet=20error=20case.=20*=20Fix=20=E2=80=9Cwc=5FPKCS7=5FKar?= =?UTF-8?q?iGenerateKEK=E2=80=9D=20type=20mismatch=20for=20kdfType.=20*=20?= =?UTF-8?q?Fix=20aes.c=20roll=5Fauth=20use=20of=20inSz=20over=2024-bit.=20?= =?UTF-8?q?*=20Fix=20ecc=20=E2=80=9Cbuild=5Flut=E2=80=9D,=20=E2=80=9Caccel?= =?UTF-8?q?=5Ffp=5Fmul=E2=80=9D=20and=20=E2=80=9Caccel=5Ffp=5Fmul2add?= =?UTF-8?q?=E2=80=9D=20use=20of=20err=20as=20unsigned.=20*=20Fix=20?= =?UTF-8?q?=E2=80=9Cwc=5FHKDF=E2=80=9D=20use=20of=20un-initialized=20?= =?UTF-8?q?=E2=80=9CmyHmac=E2=80=9D=20for=20heap.=20*=20Fix=20undefined=20?= =?UTF-8?q?reference=20to=20=5F=5FREV=20for=20IAR=20due=20to=20missing=20i?= =?UTF-8?q?ntrinsics.h.=20*=20Fix=20build=20error=20for=20=E2=80=9CwolfSSL?= =?UTF-8?q?=5FCTX=5Fset=5Ftmp=5Fdh=E2=80=9D=20if=20OPENSSL=5FEXTRA=20not?= =?UTF-8?q?=20defined=20and=20=E2=80=9CHAVE=5FLIGHTY=20||=20HAVE=5FSTUNNEL?= =?UTF-8?q?=20||=20WOLFSSL=5FMYSQL=5FCOMPATIBLE=E2=80=9D.=20*=20Cleanup=20?= =?UTF-8?q?of=20=E2=80=9CwolfSSL=5Fget=5Fchain=5FX509=E2=80=9D=20brace..?= =?UTF-8?q?=20*=20Cleanup=20SSL=5FCtxResourceFree=20use=20of=20`i`=20and?= =?UTF-8?q?=20define=20comments.=20*=20Added=20=E2=80=9CSIZEOF=5FLONG=5FLO?= =?UTF-8?q?NG=E2=80=9D=20to=20IAR-EWARM=20user=5Fsettings.h=20to=20support?= =?UTF-8?q?=20word64=20(required=20for=20SHA512,=20etc).?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- IDE/IAR-EWARM/Projects/user_settings.h | 1 + src/internal.c | 30 ++++++++++++-------------- src/ssl.c | 7 +++--- wolfcrypt/src/aes.c | 4 ++-- wolfcrypt/src/ecc.c | 15 +++++++------ wolfcrypt/src/hmac.c | 10 ++++----- wolfcrypt/src/misc.c | 6 ++++++ wolfcrypt/src/pkcs7.c | 5 +++-- 8 files changed, 43 insertions(+), 35 deletions(-) diff --git a/IDE/IAR-EWARM/Projects/user_settings.h b/IDE/IAR-EWARM/Projects/user_settings.h index 5e4f36e9a..2652f6df1 100644 --- a/IDE/IAR-EWARM/Projects/user_settings.h +++ b/IDE/IAR-EWARM/Projects/user_settings.h @@ -8,6 +8,7 @@ #define NO_DEV_RANDOM #define USE_CERT_BUFFERS_2048 #define WOLFSSL_USER_CURRTIME +#define SIZEOF_LONG_LONG 8 #define CUSTOM_RAND_GENERATE custom_rand_generate /* warning "write a real random seed!!!!, just for testing now" */ diff --git a/src/internal.c b/src/internal.c index efce9c491..31063cd15 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1435,9 +1435,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) /* In case contexts are held in array and don't want to free actual ctx */ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) { +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 int i; - - (void)i; +#endif #ifdef HAVE_WOLF_EVENT wolfEventQueue_Free(&ctx->event_queue); @@ -1450,14 +1450,14 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #ifndef NO_DH XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); -#endif +#endif /* !NO_DH */ #ifdef SINGLE_THREADED if (ctx->rng) { wc_FreeRng(ctx->rng); XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG); } -#endif +#endif /* SINGLE_THREADED */ #ifndef NO_CERTS FreeDer(&ctx->privateKey); @@ -1467,16 +1467,15 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) if (ctx->ourCert) { XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); } - #endif + #endif /* KEEP_OUR_CERT */ FreeDer(&ctx->certChain); wolfSSL_CertManagerFree(ctx->cm); -#endif +#endif /* !NO_CERTS */ #ifdef HAVE_TLS_EXTENSIONS TLSX_FreeAll(ctx->extensions, ctx->heap); #ifndef NO_WOLFSSL_SERVER - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (ctx->certOcspRequest) { @@ -1485,29 +1484,28 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) } #endif -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 for (i = 0; i < MAX_CHAIN_DEPTH; i++) { if (ctx->chainOcspRequest[i]) { FreeOcspRequest(ctx->chainOcspRequest[i]); XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST); } } -#endif - -#endif /* NO_WOLFSSL_SERVER */ +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ +#endif /* !NO_WOLFSSL_SERVER */ #endif /* HAVE_TLS_EXTENSIONS */ + #ifdef WOLFSSL_STATIC_MEMORY if (ctx->heap != NULL) { #ifdef WOLFSSL_HEAP_TEST /* avoid derefrencing a test value */ - if (ctx->heap != (void*)WOLFSSL_HEAP_TEST) { + if (ctx->heap != (void*)WOLFSSL_HEAP_TEST) #endif - WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap); - wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex); -#ifdef WOLFSSL_HEAP_TEST + { + WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap); + wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex); } -#endif } #endif /* WOLFSSL_STATIC_MEMORY */ } diff --git a/src/ssl.c b/src/ssl.c index d02cced24..c361320ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18046,8 +18046,9 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) InitDecodedCert(cert, chain->certs[idx].buffer, chain->certs[idx].length, NULL); - if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) + if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) { WOLFSSL_MSG("Failed to parse cert"); + } else { x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); @@ -18677,7 +18678,7 @@ int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { } -#ifndef NO_DH +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) /* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) { @@ -18718,7 +18719,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } -#endif /* NO_DH */ +#endif /* OPENSSL_EXTRA && !NO_DH */ #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c1f1f74e8..a5ebc19c3 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4464,12 +4464,12 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) word32 remainder; /* encode the length in */ - if (inSz <= 0xFEFF) { + if (inSz <= 0xFEFF) { /* 16-bit */ authLenSz = 2; out[0] ^= ((inSz & 0xFF00) >> 8); out[1] ^= (inSz & 0x00FF); } - else if (inSz <= 0xFFFFFFFF) { + else if (inSz <= 0xFFFFFF) { /* 24-bit */ authLenSz = 6; out[0] ^= 0xFF; out[1] ^= 0xFE; out[2] ^= ((inSz & 0xFF000000) >> 24); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ecdc408a2..16bd3a631 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3873,9 +3873,9 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, #ifdef HAVE_COMP_KEY else return wc_ecc_export_x963_compressed(key, out, outLen); -#endif - +#else return NOT_COMPILED_IN; +#endif } #endif /* HAVE_ECC_KEY_EXPORT */ @@ -5239,7 +5239,8 @@ static int add_entry(int idx, ecc_point *g) static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, mp_int* mu) { - unsigned x, y, err, bitlen, lut_gap; + int err; + unsigned x, y, bitlen, lut_gap; mp_int tmp; if (mp_init(&tmp) != MP_OKAY) @@ -5385,8 +5386,8 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, #else unsigned char kb[KB_SIZE]; #endif - int x; - unsigned y, z = 0, err, bitlen, bitpos, lut_gap, first; + int x, err; + unsigned y, z = 0, bitlen, bitpos, lut_gap, first; mp_int tk, order; if (mp_init_multi(&tk, &order, NULL, NULL, NULL, NULL) != MP_OKAY) @@ -5534,8 +5535,8 @@ static int accel_fp_mul2add(int idx1, int idx2, #else unsigned char kb[2][KB_SIZE]; #endif - int x; - unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB; + int x, err; + unsigned y, z, bitlen, bitpos, lut_gap, first, zA, zB; mp_int tka, tkb, order; if (mp_init_multi(&tka, &tkb, &order, NULL, NULL, NULL) != MP_OKAY) diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index a699b6542..a292cc440 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -815,13 +815,13 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK - tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return MEMORY_E; - prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER); + prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (prk == NULL) { - XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -873,8 +873,8 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, } #ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prk, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index cbd63c959..83f71f532 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -50,6 +50,12 @@ #else + +#if defined(__ICCARM__) + #include +#endif + + #ifdef INTEL_INTRINSICS #include /* get intrinsic definitions */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index d5eb9d022..6bcc8df8d 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1415,7 +1415,8 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, int keyWrapOID, int keyEncOID) { int ret; - int kSz, kdfType; + int kSz; + enum wc_HashType kdfType; byte* secret; word32 secretSz; @@ -3571,9 +3572,9 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg, /* save attribute value bytes and size */ if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) { - return ASN_PARSE_E; XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS); XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + return ASN_PARSE_E; } if ((pkiMsgSz - idx) < (word32)length) { From 0fd50cd57a6182a1723f3d713ab814ac45a75b52 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 10 Oct 2016 13:05:03 +0900 Subject: [PATCH 22/86] Added AES_set_encrypt/decrypt_key, AES_ecnrypt/decrypt --- wolfcrypt/test/test.c | 63 +++++++++++++++++++++++++++++++++++-- wolfssl/openssl/aes.h | 73 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 wolfssl/openssl/aes.h diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 8f7964890..6ab16926e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -111,6 +111,7 @@ #include #include #include + #include #include #endif @@ -2081,7 +2082,7 @@ int hc128_test(void) (word32)test_hc128[i].outLen) != 0) { return -110; } - if (wc_Hc128_Process(&dec, plain, cipher, + if (wc_Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen) != 0) { return -115; } @@ -4860,7 +4861,7 @@ int rsa_test(void) !defined(HAVE_FIPS) #ifndef NO_SHA XMEMSET(plain, 0, sizeof(plain)); - + do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_RsaAsyncWait(ret, &key); @@ -6926,9 +6927,64 @@ int openssl_test(void) #endif /* NO_AES */ +#define OPENSSL_TEST_ERROR (-10000) + + +#ifdef WOLFSSL_AES_DIRECT + /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ + + /* Test: AES_encrypt/decrypt/set Key */ + AES_KEY enc; +#ifdef HAVE_AES_DECRYPT + AES_KEY dec; +#endif + + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + byte plain[sizeof(msg)]; + byte cipher[sizeof(msg)]; + + printf("openSSL extra test\n") ; + + + AES_set_encrypt_key(key, sizeof(key)*8, &enc); + AES_set_decrypt_key(key, sizeof(key)*8, &dec); + + AES_encrypt(msg, cipher, &enc); + +#ifdef HAVE_AES_DECRYPT + AES_decrypt(cipher, plain, &dec); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR-60; +#endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR-61; + +#endif + return 0; } + #endif /* OPENSSL_EXTRA */ @@ -7094,6 +7150,7 @@ int pbkdf2_test(void) return -102; return 0; + } @@ -8838,7 +8895,7 @@ int ed25519_test(void) #if defined(WOLFSSL_CMAC) && !defined(NO_AES) - + typedef struct CMAC_Test_Case { int type; int partial; diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h new file mode 100644 index 000000000..418914808 --- /dev/null +++ b/wolfssl/openssl/aes.h @@ -0,0 +1,73 @@ +/* aes.h + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + + +/* aes.h defines mini des openssl compatibility layer + * + */ + + +#ifndef WOLFSSL_AES_H_ +#define WOLFSSL_AES_H_ + +#include + +#ifndef NO_AES +#ifdef WOLFSSL_AES_DIRECT + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef Aes AES_KEY; + +WOLFSSL_API void wolfSSL_AES_set_encrypt_key + (const unsigned char *, const int bits, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_set_decrypt_key + (const unsigned char *, const int bits, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_encrypt + (const unsigned char* input, unsigned char* output, AES_KEY *); +WOLFSSL_API void wolfSSL_AES_decrypt + (const unsigned char* input, unsigned char* output, AES_KEY *); + +#define AES_set_encrypt_key wolfSSL_AES_set_encrypt_key +#define AES_set_decrypt_key wolfSSL_AES_set_decrypt_key +#define AES_encrypt wolfSSL_AES_encrypt +#define AES_decrypt wolfSSL_AES_decrypt + +#define wolfSSL_AES_set_encrypt_key(key, bits, aes) \ + wc_AesSetKey(aes, key, ((bits)/8), NULL, AES_ENCRYPTION) +#define wolfSSL_AES_set_decrypt_key(key, bits, aes) \ + wc_AesSetKey(aes, key, ((bits)/8), NULL, AES_DECRYPTION) + +#define wolfSSL_AES_encrypt(in, out, aes) wc_AesEncryptDirect(aes, out, in) +#define wolfSSL_AES_decrypt(in, out, aes) wc_AesDecryptDirect(aes, out, in) + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_AES_DIRECT */ +#endif /* NO_AES */ + +#endif /* WOLFSSL_DES_H_ */ From bb400789b835d58a81e6f7ad652b17d9353556b4 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 13 Oct 2016 22:10:50 +0900 Subject: [PATCH 23/86] add EVP_Cipher with EVP_aes_256_ecb() --- src/ssl.c | 162 ++++++++++++++++++++++++++++-- wolfcrypt/src/aes.c | 27 +++++ wolfcrypt/src/des3.c | 19 ++++ wolfcrypt/src/evp.c | 214 ++++++++++++++++++++++++++++++++++++++++ wolfcrypt/test/test.c | 52 +++++++++- wolfssl/openssl/evp.h | 99 +++++++++++++++++-- wolfssl/wolfcrypt/aes.h | 26 ++++- 7 files changed, 583 insertions(+), 16 deletions(-) create mode 100644 wolfcrypt/src/evp.c diff --git a/src/ssl.c b/src/ssl.c index d02cced24..d9e19819b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2488,15 +2488,21 @@ static const char *EVP_AES_256_CBC = "AES-256-CBC"; static const char *EVP_AES_128_CTR = "AES-128-CTR"; static const char *EVP_AES_192_CTR = "AES-192-CTR"; static const char *EVP_AES_256_CTR = "AES-256-CTR"; + + static const char *EVP_AES_128_ECB = "AES-128-ECB"; + static const char *EVP_AES_192_ECB = "AES-192-ECB"; + static const char *EVP_AES_256_ECB = "AES-256-ECB"; #endif static const int EVP_AES_SIZE = 11; #endif #ifndef NO_DES3 static const char *EVP_DES_CBC = "DES-CBC"; +static const char *EVP_DES_ECB = "DES-ECB"; static const int EVP_DES_SIZE = 7; static const char *EVP_DES_EDE3_CBC = "DES-EDE3-CBC"; +static const char *EVP_DES_EDE3_ECB = "DES-EDE3-ECB"; static const int EVP_DES_EDE3_SIZE = 12; #endif @@ -9972,6 +9978,25 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return EVP_AES_256_CTR; } + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); + return EVP_AES_128_ECB; + } + + + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); + return EVP_AES_192_ECB; + } + + + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); + return EVP_AES_256_ECB; + } #endif /* NO_AES */ #ifndef NO_DES3 @@ -9980,13 +10005,25 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); return EVP_DES_CBC; } - - +#ifdef WOLFSSL_DES_ECB + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); + return EVP_DES_ECB; + } +#endif const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void) { WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); return EVP_DES_EDE3_CBC; } +#ifdef WOLFSSL_DES_ECB + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); + return EVP_DES_EDE3_ECB; + } +#endif #endif /* NO_DES3 */ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) @@ -10072,6 +10109,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_128_CBC); ctx->cipherType = AES_128_CBC_TYPE; ctx->keyLen = 16; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -10091,6 +10129,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_192_CBC); ctx->cipherType = AES_192_CBC_TYPE; ctx->keyLen = 24; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -10110,6 +10149,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_256_CBC); ctx->cipherType = AES_256_CBC_TYPE; ctx->keyLen = 32; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -10130,11 +10170,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_128_CTR); ctx->cipherType = AES_128_CTR_TYPE; ctx->keyLen = 16; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); if (ret != 0) return ret; } @@ -10149,11 +10190,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_192_CTR); ctx->cipherType = AES_192_CTR_TYPE; ctx->keyLen = 24; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); if (ret != 0) return ret; } @@ -10168,11 +10210,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_AES_256_CTR); ctx->cipherType = AES_256_CTR_TYPE; ctx->keyLen = 32; + ctx->block_size = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); if (ret != 0) return ret; } @@ -10183,6 +10226,52 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } } #endif /* WOLFSSL_AES_CTR */ + else if (ctx->cipherType == AES_128_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG(EVP_AES_128_ECB); + ctx->cipherType = AES_128_ECB_TYPE; + ctx->keyLen = 16; + ctx->block_size = 16; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + } + if (ret != 0) + return ret; + } + else if (ctx->cipherType == AES_192_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG(EVP_AES_192_ECB); + ctx->cipherType = AES_192_ECB_TYPE; + ctx->keyLen = 24; + ctx->block_size = 16; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + if(ctx->enc) + ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + } + if (ret != 0) + return ret; + } + else if (ctx->cipherType == AES_256_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG(EVP_AES_256_ECB); + ctx->cipherType = AES_256_ECB_TYPE; + ctx->keyLen = 32; + ctx->block_size = 16; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + } + if (ret != 0) + return ret; + } #endif /* NO_AES */ #ifndef NO_DES3 @@ -10191,6 +10280,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG(EVP_DES_CBC); ctx->cipherType = DES_CBC_TYPE; ctx->keyLen = 8; + ctx->block_size = 8; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -10203,12 +10293,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (iv && key == NULL) wc_Des_SetIV(&ctx->cipher.des, iv); } +#ifdef WOLFSSL_DES_ECB + else if (ctx->cipherType == DES_ECB_TYPE || + (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { + WOLFSSL_MSG(EVP_DES_ECB); + ctx->cipherType = DES_ECB_TYPE; + ctx->keyLen = 8; + ctx->block_size = 8; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + } +#endif else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type && XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { WOLFSSL_MSG(EVP_DES_EDE3_CBC); ctx->cipherType = DES_EDE3_CBC_TYPE; ctx->keyLen = 24; + ctx->block_size = 8; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -10224,6 +10332,22 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ret; } } + else if (ctx->cipherType == DES_EDE3_ECB_TYPE || + (type && + XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { + WOLFSSL_MSG(EVP_DES_EDE3_ECB); + ctx->cipherType = DES_EDE3_ECB_TYPE; + ctx->keyLen = 24; + ctx->block_size = 8; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + } #endif /* NO_DES3 */ #ifndef NO_RC4 if (ctx->cipherType == ARC4_TYPE || (type && @@ -10328,6 +10452,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); break; #endif /* HAVE_AES_CBC */ + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + if (ctx->enc) + ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); + break; #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : @@ -10345,13 +10478,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl) else wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); break; - +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + if (ctx->enc) + wc_Des_EbcEncrypt(&ctx->cipher.des, dst, src, len); + else + wc_Des_EbcDecrypt(&ctx->cipher.des, dst, src, len); + break; +#endif case DES_EDE3_CBC_TYPE : if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); else ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); break; +#ifdef WOLFSSL_DES_ECB + case DES_EDE3_ECB_TYPE : + if (ctx->enc) + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + else + ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len); + break; +#endif #endif #ifndef NO_RC4 @@ -10387,6 +10535,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return SSL_SUCCESS; /* success */ } +#include "wolfcrypt/src/evp.c" + /* store for external read of iv, SSL_SUCCESS on success */ int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c1f1f74e8..15ad0252c 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2842,6 +2842,33 @@ int wc_InitAes_h(Aes* aes, void* h) #endif /* AES-CBC block */ #endif /* HAVE_AES_CBC */ +#ifdef HAVE_AES_ECB +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + if((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + while(sz>0){ + wc_AesEncryptDirect(aes, out, in); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + } + return 0; +} +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + if((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + while(sz>0){ + wc_AesDecryptDirect(aes, out, in); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + } + return 0; +} +#endif + /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 4fc510154..1bdb9add2 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -76,6 +76,10 @@ int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) return Des_EcbEncrypt(des, out, in, sz); } +int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz) +{ + return Des3_EcbEncrypt(des, out, in, sz); +} #endif /* WOLFSSL_DES_ECB */ @@ -1626,6 +1630,21 @@ int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) return 0; } +int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks = sz / DES3_BLOCK_SIZE; + printf("wc_Des3_EcbEncrypt(%016x, %016x, %d)\n", + *(unsigned long *)in, *(unsigned long *)out, sz) ; + + while (blocks--) { + Des3ProcessBlock(des, in, out); + + out += DES3_BLOCK_SIZE; + in += DES3_BLOCK_SIZE; + } + return 0; +} + #endif /* WOLFSSL_DES_ECB */ #endif /* End wolfCrypt software implementation */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c new file mode 100644 index 000000000..1169ac98a --- /dev/null +++ b/wolfcrypt/src/evp.c @@ -0,0 +1,214 @@ +/* evp.c + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + unsigned char* key, unsigned char* iv) +{ + return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1); +} + +WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv) +{ + (void) impl; + return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1); +} + +WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + unsigned char* key, unsigned char* iv) +{ + return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); +} + +WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv) +{ + (void) impl; + return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); +} + +WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl) +{ + (void) impl; + return wolfSSL_EVP_DigestInit(ctx, type); +} + + +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + switch(ctx->cipherType){ + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + case AES_128_CBC_TYPE: + case AES_192_CBC_TYPE: + case AES_256_CBC_TYPE: +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + case AES_128_CTR_TYPE: + case AES_192_CTR_TYPE: + case AES_256_CTR_TYPE: +#endif +#if !defined(NO_AES) + case AES_128_ECB_TYPE: + case AES_192_ECB_TYPE: + case AES_256_ECB_TYPE: +#endif +#ifndef NO_DES3 + case DES_CBC_TYPE: + case DES_ECB_TYPE: + case DES_EDE3_CBC_TYPE: + case DES_EDE3_ECB_TYPE: +#endif + return ctx->block_size; + default: + return 0; + } +} + +static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) +{ + if(0)return 0; /* dummy for #ifdef */ + #ifndef NO_DES3 + else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) + return DES_CBC_TYPE; + else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) + return DES_EDE3_CBC_TYPE; + #if !defined(NO_DES3) + else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) + return DES_ECB_TYPE; + else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) + return DES_EDE3_ECB_TYPE; + #endif /* NO_DES3 && HAVE_AES_ECB */ + #endif + + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) + return AES_128_CBC_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) + return AES_192_CBC_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) + return AES_256_CBC_TYPE; + #endif /* !NO_AES && HAVE_AES_CBC */ + #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) + return AES_128_CTR_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) + return AES_192_CTR_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) + return AES_256_CTR_TYPE; + #endif /* !NO_AES && HAVE_AES_CBC */ + #if !defined(NO_AES) && defined(HAVE_AES_ECB) + else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) + return AES_128_ECB_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) + return AES_192_ECB_TYPE; + else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) + return AES_256_ECB_TYPE; + #endif /* !NO_AES && HAVE_AES_CBC */ + else return 0; +} + +WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) +{ + switch(cipherType(cipher)){ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + case AES_128_CBC_TYPE: return 16; + case AES_192_CBC_TYPE: return 24; + case AES_256_CBC_TYPE: return 32; + #endif + #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + case AES_128_CTR_TYPE: return 16; + case AES_192_CTR_TYPE: return 24; + case AES_256_CTR_TYPE: return 32; + #endif + #if !defined(NO_AES) && defined(HAVE_AES_ECB) + case AES_128_ECB_TYPE: return 16; + case AES_192_ECB_TYPE: return 24; + case AES_256_ECB_TYPE: return 32; + #endif + #ifndef NO_DES3 + case DES_CBC_TYPE: return 8; + case DES_EDE3_CBC_TYPE: return 8; + case DES_ECB_TYPE: return 8; + case DES_EDE3_ECB_TYPE: return 8; + #endif + default: + return 0; + } +} + +WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +{ + switch(cipherType(cipher)){ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + case AES_128_CBC_TYPE: + case AES_192_CBC_TYPE: + case AES_256_CBC_TYPE: + return WOLFSSL_EVP_CIPH_CBC_MODE ; + #endif + #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + case AES_128_CTR_TYPE: + case AES_192_CTR_TYPE: + case AES_256_CTR_TYPE: + return WOLFSSL_EVP_CIPH_CTR_MODE ; + #endif + #if !defined(NO_AES) + case AES_128_ECB_TYPE: + case AES_192_ECB_TYPE: + case AES_256_ECB_TYPE: + return WOLFSSL_EVP_CIPH_ECB_MODE ; + #endif + #ifndef NO_DES3 + case DES_CBC_TYPE: + case DES_EDE3_CBC_TYPE: + return WOLFSSL_EVP_CIPH_CBC_MODE ; + case DES_ECB_TYPE: + case DES_EDE3_ECB_TYPE: + return WOLFSSL_EVP_CIPH_ECB_MODE ; + #endif + default: + return 0; + } +} + +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) +{ + return WOLFSSL_CIPHER_mode(cipher); +} + +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) +{ + (void) ctx; + (void) padding; + /* + if(padding)ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; + else ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; + */ + return 0; +} diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6ab16926e..b7c8dee69 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6880,7 +6880,7 @@ int openssl_test(void) #ifndef NO_AES - { /* evp_cipher test */ + { /* evp_cipher test: EVP_aes_128_cbc */ EVP_CIPHER_CTX ctx; @@ -6923,7 +6923,57 @@ int openssl_test(void) return -86; + } /* end evp_cipher test: EVP_aes_128_cbc*/ + +#ifdef HAVE_AES_ECB + { /* evp_cipher test: EVP_aes_128_ecb*/ + EVP_CIPHER_CTX ctx; + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) + return -181; + + if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) + return -182; + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -183; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) + return -184; + + if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) + return -185; + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -186; + } /* end evp_cipher test */ +#endif #endif /* NO_AES */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index e13e60ed1..0da260aee 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -66,12 +66,17 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); @@ -128,14 +133,19 @@ enum { AES_128_CTR_TYPE = 4, AES_192_CTR_TYPE = 5, AES_256_CTR_TYPE = 6, - DES_CBC_TYPE = 7, - DES_EDE3_CBC_TYPE = 8, - ARC4_TYPE = 9, - NULL_CIPHER_TYPE = 10, - EVP_PKEY_RSA = 11, - EVP_PKEY_DSA = 12, - EVP_PKEY_EC = 13, - IDEA_CBC_TYPE = 14, + AES_128_ECB_TYPE = 7, + AES_192_ECB_TYPE = 8, + AES_256_ECB_TYPE = 9, + DES_CBC_TYPE = 10, + DES_ECB_TYPE = 11, + DES_EDE3_CBC_TYPE = 12, + DES_EDE3_ECB_TYPE = 13, + ARC4_TYPE = 14, + NULL_CIPHER_TYPE = 15, + EVP_PKEY_RSA = 16, + EVP_PKEY_DSA = 17, + EVP_PKEY_EC = 18, + IDEA_CBC_TYPE = 19, NID_sha1 = 64, NID_md2 = 3, NID_md5 = 4 @@ -144,6 +154,7 @@ enum { typedef struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ + int block_size; unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; #ifndef NO_AES @@ -154,6 +165,7 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { WOLFSSL_Cipher cipher; } WOLFSSL_EVP_CIPHER_CTX; +typedef int WOLFSSL_ENGINE ; WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); @@ -161,6 +173,9 @@ WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type); +WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type, + WOLFSSL_ENGINE *impl); WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, unsigned long sz); WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, @@ -184,6 +199,38 @@ WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, unsigned char* key, unsigned char* iv, int enc); +WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv, + int enc); +WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + unsigned char* key, unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + unsigned char* key, unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, int enc); +WOLFSSL_API int wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, int enc); +WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); +WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); + WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int keylen); @@ -209,6 +256,24 @@ WOLFSSL_API void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, WOLFSSL_API int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); +WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); + +#define WOLFSSL_EVP_CIPH_MODE 0xF0007 +#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 +#define WOLFSSL_EVP_CIPH_ECB_MODE 0x1 +#define WOLFSSL_EVP_CIPH_CBC_MODE 0x2 +#define WOLFSSL_EVP_CIPH_CFB_MODE 0x3 +#define WOLFSSL_EVP_CIPH_OFB_MODE 0x4 +#define WOLFSSL_EVP_CIPH_CTR_MODE 0x5 +#define WOLFSSL_EVP_CIPH_GCM_MODE 0x6 +#define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 + +#define wolfSSL_EVP_CIPHER_CTX_flags(c) wolfSSL_EVP_CIPHER_flags(WOLFSSL_EVP_CIPHER_CTX_cipher(c)) /* end OpenSSH compat */ @@ -230,11 +295,16 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc #define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc #define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc +#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb +#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb +#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb #define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr #define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr #define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr #define EVP_des_cbc wolfSSL_EVP_des_cbc +#define EVP_des_ecb wolfSSL_EVP_des_ecb #define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc +#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb #define EVP_rc4 wolfSSL_EVP_rc4 #define EVP_idea_cbc wolfSSL_EVP_idea_cbc #define EVP_enc_null wolfSSL_EVP_enc_null @@ -254,6 +324,12 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length #define EVP_CipherInit wolfSSL_EVP_CipherInit +#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex +#define EVP_EncryptInit wolfSSL_EVP_EncryptInit +#define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex +#define EVP_DecryptInit wolfSSL_EVP_DecryptInit +#define EVP_DecryptInit_ex wolfSSL_EVP_DecryptInit_ex + #define EVP_Cipher wolfSSL_EVP_Cipher #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid @@ -262,6 +338,13 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA #define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size +#define EVP_CIPHER_flags wolfSSL_EVP_CIPHER_flags +#define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags +#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags + #ifndef EVP_MAX_MD_SIZE #define EVP_MAX_MD_SIZE 64 /* sha512 */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index b7fb2c776..6057a37f5 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -123,6 +123,31 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); + +#ifdef HAVE_AES_ECB +WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif + +#ifdef HAVE_AES_ECB +WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif + +#ifdef HAVE_AES_ECB +WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER @@ -192,4 +217,3 @@ WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize); #endif /* NO_AES */ #endif /* WOLF_CRYPT_AES_H */ - From aed9b2d3bb08ea8b461bfd8278be82a3c2fb08b9 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 14 Oct 2016 12:10:59 +0900 Subject: [PATCH 24/86] add EVP_CIPHER_CTX_block_size/mode/set_flags/set_padding --- src/ssl.c | 2 + wolfcrypt/src/evp.c | 25 ++++++++++--- wolfcrypt/test/openssl_test_ex.c | 64 ++++++++++++++++++++++++++++++++ wolfssl/openssl/evp.h | 4 +- 4 files changed, 88 insertions(+), 7 deletions(-) create mode 100644 wolfcrypt/test/openssl_test_ex.c diff --git a/src/ssl.c b/src/ssl.c index d9e19819b..cd7034c6d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10452,6 +10452,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); break; #endif /* HAVE_AES_CBC */ +#ifdef HAVE_AES_ECB case AES_128_ECB_TYPE : case AES_192_ECB_TYPE : case AES_256_ECB_TYPE : @@ -10461,6 +10462,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) else ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); break; +#endif #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1169ac98a..9b3d0cc8f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher); + WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, unsigned char* key, unsigned char* iv) @@ -62,6 +64,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { + if(ctx == NULL)return BAD_FUNC_ARG; switch(ctx->cipherType){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) @@ -136,6 +139,7 @@ static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { + if(cipher == NULL)return BAD_FUNC_ARG; switch(cipherType(cipher)){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: return 16; @@ -163,7 +167,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) } } -WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +static unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { switch(cipherType(cipher)){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) @@ -197,18 +201,27 @@ WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) } } +WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +{ + if(cipher == NULL)return BAD_FUNC_ARG; + return WOLFSSL_CIPHER_mode(cipher); +} + +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags = flags; +} + WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) { + if(cipher == NULL)return BAD_FUNC_ARG; return WOLFSSL_CIPHER_mode(cipher); } WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { - (void) ctx; - (void) padding; - /* + if(ctx == NULL)return BAD_FUNC_ARG; if(padding)ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; else ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; - */ - return 0; + return 1; } diff --git a/wolfcrypt/test/openssl_test_ex.c b/wolfcrypt/test/openssl_test_ex.c new file mode 100644 index 000000000..b0039cd66 --- /dev/null +++ b/wolfcrypt/test/openssl_test_ex.c @@ -0,0 +1,64 @@ + +#ifdef OPENSSL_EXTRA + +#define OPENSSL_TEST_ERROR -10000 + +static int openssl_test_ex(void) +{ + + /* Test: AES_encrypt/decrypt/set Key */ + + AES_KEY enc; +#ifdef HAVE_AES_DECRYPT + AES_KEY dec; +#endif + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + int ret = 0; + +#ifdef HAVE_AES_CBC + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + + byte encKey[] = "0123456789abcdef "; /* align */ + byte decKey[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + + printf("openSSL extra test\n") ; + + ret = AES_set_encrypt_key(encKey, sizeof(encKey)*8, &enc); + if (ret != 0) + return OPENSSL_TEST_ERROR-1001; + +#ifdef HAVE_AES_DECRYPT + printf("test AES_decrypt\n"); + ret = AES_set_decrypt_Key(decKey, sizeof(decKey)*8, &dec); + if (ret != 0) + return OPENSSL_TEST_ERROR-1002; +#endif + + AES_encrypt(&enc, cipher, msg); + +#ifdef HAVE_AES_DECRYPT + AES_decrypt(&dec, plain, cipher); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR--60; +#endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR--61; + + return 0; +} diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0da260aee..cfa6475d6 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -155,6 +155,7 @@ enum { typedef struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ int block_size; + unsigned long flags; unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; #ifndef NO_AES @@ -258,7 +259,7 @@ WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); -WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); @@ -272,6 +273,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, i #define WOLFSSL_EVP_CIPH_CTR_MODE 0x5 #define WOLFSSL_EVP_CIPH_GCM_MODE 0x6 #define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 +#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 #define wolfSSL_EVP_CIPHER_CTX_flags(c) wolfSSL_EVP_CIPHER_flags(WOLFSSL_EVP_CIPHER_CTX_cipher(c)) From de91e7df03728f8dc80c53c0a68f46bbf81ef6f4 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 14 Oct 2016 19:39:49 +0900 Subject: [PATCH 25/86] add EVP_Cipher with AES Counter --- src/ssl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index cd7034c6d..e7571d937 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10104,6 +10104,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } #ifndef NO_AES + printf("cipherType=%d\n", ctx->cipherType); if (ctx->cipherType == AES_128_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_128_CBC); @@ -10174,8 +10175,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); + ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION); if (ret != 0) return ret; } @@ -10195,7 +10196,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->enc = enc ? 1 : 0; if (key) { ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); + AES_ENCRYPTION); if (ret != 0) return ret; } @@ -10215,7 +10216,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->enc = enc ? 1 : 0; if (key) { ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION)); + AES_ENCRYPTION); if (ret != 0) return ret; } From 8ed0b83c21636cfe59dd831c2105e1c5b22fcd56 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 14 Oct 2016 19:43:53 +0900 Subject: [PATCH 26/86] Test on EVP_Cipher AES Counter --- wolfcrypt/test/test.c | 204 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 204 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b7c8dee69..1f3054bc6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7031,6 +7031,210 @@ int openssl_test(void) #endif +/* EVP_Cipher with EVP_aes_xxx_ctr() */ +#ifdef WOLFSSL_AES_COUNTER +{ + const byte ctrKey[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + const byte ctrCipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + + byte plainBuff [64]; + byte cipherBuff[64]; + + const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; + + + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + const byte ctr192Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr192Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b + }; + + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + const byte ctr256Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr256Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 + }; + + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return OPENSSL_TEST_ERROR-361; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) + return -3301; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -3302; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + return -3303; + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -3304; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -3305; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -3306; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -3307; + + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -3308; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -3309; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -3310; + if (XMEMCMP(cipherBuff, ctrCipher, 9)) + return -3311; + + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -3312; + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -3313; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -3314; + if (XMEMCMP(cipherBuff, oddCipher, 9)) + return -3315; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -3316; + printf("EVP_Cipher\n"); + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE*4) == 0) + return -3317; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -3318; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + return -3319; + + if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) + return -3320; + if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) + return -3321; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -3322; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE*4) == 0) + return -3323; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -3324; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + return -3325; + + if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) + return -3326; + if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) + return -3327; + +} + +#endif /* HAVE_AES_COUNTER */ + return 0; } From 86014fb0d061e82f8178f9907ef4bf7378fb88fa Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 3 Nov 2016 11:27:05 +0900 Subject: [PATCH 27/86] add BIO_ctrl and other BIO templates --- src/bio.c | 40 +++++++ src/ssl.c | 6 + wolfcrypt/src/evp.c | 191 ++++++++++++++++++++++++++++++- wolfcrypt/test/openssl_test_ex.c | 64 ----------- wolfssl/openssl/evp.h | 23 +++- wolfssl/openssl/ssl.h | 13 ++- wolfssl/ssl.h | 6 +- 7 files changed, 270 insertions(+), 73 deletions(-) create mode 100644 src/bio.c delete mode 100644 wolfcrypt/test/openssl_test_ex.c diff --git a/src/bio.c b/src/bio.c new file mode 100644 index 000000000..a0ae5ac9c --- /dev/null +++ b/src/bio.c @@ -0,0 +1,40 @@ +/* bio.h + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) +{ + (void) b; + return 0; +} + +WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) +{ + (void) bp; + (void) cmd; + (void) larg; + (void) iarg; + return 0; +} + +WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) +{ + return (void *)0; +} diff --git a/src/ssl.c b/src/ssl.c index e7571d937..a24c45465 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10102,6 +10102,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG("no type set"); return 0; /* failure */ } + ctx->bufUsed = 0; + ctx->finUsed = 0; #ifndef NO_AES printf("cipherType=%d\n", ctx->cipherType); @@ -18775,6 +18777,10 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #endif return 0; } + + +#include "src/bio.c" + #endif /* OPENSSL_EXTRA */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 9b3d0cc8f..e499e6e85 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -41,6 +41,7 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, unsigned char* key, unsigned char* iv) { + WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); } @@ -50,6 +51,7 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned char* key, unsigned char* iv) { (void) impl; + WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit"); return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); } @@ -58,13 +60,198 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, WOLFSSL_ENGINE *impl) { (void) impl; + WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex"); return wolfSSL_EVP_DigestInit(ctx, type); } +#define PRINT_BUF(b, sz) { int i; for(i=0; i<(sz); i++){printf("%02x(%c),", (b)[i], (b)[i]); if((i+1)%8==0)printf("\n");}} + +static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) +{ + int fill; + WOLFSSL_ENTER("fillBuff"); + printf("ctx->bufUsed=%d, sz=%d\n",ctx->bufUsed, sz); + if(sz > 0){ + if((sz+ctx->bufUsed) > ctx->block_size){ + fill = ctx->block_size - ctx->bufUsed; + } else { + fill = sz; + } + XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill); + ctx->bufUsed += fill; + printf("Result: ctx->bufUsed=%d\n",ctx->bufUsed); + return fill; + } else return 0; +} + +static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, int inl) +{ + WOLFSSL_ENTER("evpCipherBlock"); + switch(ctx->cipherType){ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + case AES_128_CBC_TYPE: + case AES_192_CBC_TYPE: + case AES_256_CBC_TYPE: + if(ctx->enc) + wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); + else + wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); + break; + #endif + #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + case AES_128_CTR_TYPE: + case AES_192_CTR_TYPE: + case AES_256_CTR_TYPE: + if(ctx->enc) + wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); + else + wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); + break; + #endif + #if !defined(NO_AES) && defined(HAVE_AES_ECB) + case AES_128_ECB_TYPE: + case AES_192_ECB_TYPE: + case AES_256_ECB_TYPE: + if(ctx->enc) + wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); + else + wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); + break; + #endif + #ifndef NO_DES3 + case DES_CBC_TYPE: + if(ctx->enc) + wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); + else + wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); + break; + case DES_EDE3_CBC_TYPE: + if(ctx->enc) + wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); + else + wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); + break; + #if defined(WOLFSSL_DES_ECB) + case DES_ECB_TYPE: + wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + break; + case DES_EDE3_ECB_TYPE: + if(ctx->enc) + wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + else + wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + break; + #endif + #endif + default: + return 0; + } + ctx->finUsed = 1; + XMEMCPY(ctx->fin, (const byte *)&out[inl-ctx->block_size], ctx->block_size); + return 1; +} + +WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + int blocks; + int fill; + + if(ctx == NULL)return BAD_FUNC_ARG; + WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); + *outl = 0; + if(ctx->bufUsed > 0) /* concatinate them if there is anything */ + { + fill = fillBuff(ctx, in, inl); + inl -= fill; + in += fill; + } + if(ctx->bufUsed == ctx->block_size){ + /* the buff is full, flash out */ + if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + return 0; + *outl+= ctx->block_size; + out += ctx->block_size; + ctx->bufUsed = 0; + } + + blocks = inl / ctx->block_size; + if(blocks>0){ + /* process blocks */ + if(evpCipherBlock(ctx, out, ctx->buf, blocks) == 0) + return 0; + inl -= ctx->block_size * blocks; + *outl+= ctx->block_size * blocks; + in += ctx->block_size * blocks; + out += ctx->block_size * blocks; + } + if(inl>0){ + /* put fraction into buff */ + fillBuff(ctx, in, inl); + /* no increase of outl */ + } + return 1; +} + +static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + int i; + WOLFSSL_ENTER("paddBlock"); + for (i = ctx->bufUsed; i < ctx->block_size; i++) + ctx->buf[i] = ctx->block_size - ctx->bufUsed; +} + +static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + int i; + int n; + WOLFSSL_ENTER("checkPad"); + n = ctx->buf[ctx->block_size-1]; + if(n > ctx->block_size)return FALSE; + for (i = n; i < ctx->block_size; i++) + if(ctx->buf[i] != n) + return -1; + return n; +} + +WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl) +{ + int fl ; + if(ctx == NULL)return BAD_FUNC_ARG; + WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); + if(ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING){ + *outl = 0; + return 1; + } + if(ctx->bufUsed > 0){ + if(ctx->enc){ + padBlock(ctx); + printf("Enc: block_size=%d\n", ctx->block_size); + PRINT_BUF(ctx->buf, ctx->block_size); + if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + return 0; + *outl = ctx->block_size; + } else { + if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + return 0; + printf("Dec: block_size=%d\n", ctx->block_size); + PRINT_BUF(ctx->buf, ctx->block_size); + if((fl = checkPad(ctx)) >= 0){ + XMEMCPY(out, ctx->buf, fl); + *outl = fl; + } else return 0; + } + } + return 1; +} WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { - if(ctx == NULL)return BAD_FUNC_ARG; + if(ctx == NULL)return BAD_FUNC_ARG; switch(ctx->cipherType){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) @@ -167,7 +354,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) } } -static unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { switch(cipherType(cipher)){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) diff --git a/wolfcrypt/test/openssl_test_ex.c b/wolfcrypt/test/openssl_test_ex.c deleted file mode 100644 index b0039cd66..000000000 --- a/wolfcrypt/test/openssl_test_ex.c +++ /dev/null @@ -1,64 +0,0 @@ - -#ifdef OPENSSL_EXTRA - -#define OPENSSL_TEST_ERROR -10000 - -static int openssl_test_ex(void) -{ - - /* Test: AES_encrypt/decrypt/set Key */ - - AES_KEY enc; -#ifdef HAVE_AES_DECRYPT - AES_KEY dec; -#endif - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - int ret = 0; - -#ifdef HAVE_AES_CBC - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - - byte encKey[] = "0123456789abcdef "; /* align */ - byte decKey[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - - printf("openSSL extra test\n") ; - - ret = AES_set_encrypt_key(encKey, sizeof(encKey)*8, &enc); - if (ret != 0) - return OPENSSL_TEST_ERROR-1001; - -#ifdef HAVE_AES_DECRYPT - printf("test AES_decrypt\n"); - ret = AES_set_decrypt_Key(decKey, sizeof(decKey)*8, &dec); - if (ret != 0) - return OPENSSL_TEST_ERROR-1002; -#endif - - AES_encrypt(&enc, cipher, msg); - -#ifdef HAVE_AES_DECRYPT - AES_decrypt(&dec, plain, cipher); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR--60; -#endif /* HAVE_AES_DECRYPT */ - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR--61; - - return 0; -} diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index cfa6475d6..cd3b1a16a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -21,7 +21,7 @@ -/* evp.h defines mini evp openssl compatibility layer +/* evp.h defines mini evp openssl compatibility layer * */ @@ -164,6 +164,10 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { unsigned char iv[DES_BLOCK_SIZE]; /* working iv pointer into cipher */ #endif WOLFSSL_Cipher cipher; + byte buf[AES_BLOCK_SIZE]; + int bufUsed; + byte fin[AES_BLOCK_SIZE]; + int finUsed; } WOLFSSL_EVP_CIPHER_CTX; typedef int WOLFSSL_ENGINE ; @@ -219,8 +223,11 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, WOLFSSL_ENGINE *impl, unsigned char* key, unsigned char* iv); +WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl); WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, int enc); + unsigned char *out, int *outl); WOLFSSL_API int wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int enc); WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, @@ -260,6 +267,7 @@ WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); @@ -326,13 +334,22 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length #define EVP_CipherInit wolfSSL_EVP_CipherInit -#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex +#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit #define EVP_EncryptInit wolfSSL_EVP_EncryptInit #define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex #define EVP_DecryptInit wolfSSL_EVP_DecryptInit #define EVP_DecryptInit_ex wolfSSL_EVP_DecryptInit_ex #define EVP_Cipher wolfSSL_EVP_Cipher +#define EVP_CipherUpdate wolfSSL_EVP_CipherUpdate +#define EVP_EncryptUpdate wolfSSL_EVP_CipherUpdate +#define EVP_DecryptUpdate wolfSSL_EVP_CipherUpdate +#define EVP_CipherFinal wolfSSL_EVP_CipherFinal +#define EVP_CipherFinal_ex wolfSSL_EVP_CipherFinal +#define EVP_EncryptFinal wolfSSL_EVP_CipherFinal +#define EVP_EncryptFinal_ex wolfSSL_EVP_CipherFinal +#define EVP_DecryptFinal wolfSSL_EVP_CipherFinal +#define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 22592f7d7..d6fd034f9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -463,16 +463,23 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh -#define BIO_new_file wolfSSL_BIO_new_file - #endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */ +#define BIO_new_file wolfSSL_BIO_new_file +#define BIO_ctrl wolfSSL_BIO_ctrl +#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending +#define BIO_get_mem_ptr(b,pp) wolfSSL_BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +#define BIO_int_ctrl wolfSSL_BIO_int_ctrl +#define BIO_reset(b) (int)wolfSSL_BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +#define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_set_fd(b,fd,c) wolfSSL_BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) + #ifdef HAVE_STUNNEL #include /* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/ -#define SSL_CB_ACCEPT_LOOP 0x2001 +#define SSL_CB_ACCEPT_LOOP 0x2001 #define SSL2_VERSION 0x0002 #define SSL3_VERSION 0x0300 #define TLS1_VERSION 0x0301 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 24fee4e10..678fefb45 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -504,7 +504,11 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); -WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); +WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); +WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); +const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); From 8844554fcadacc772b9c10664be9c39be96a0c37 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 8 Nov 2016 19:59:36 +0900 Subject: [PATCH 28/86] Templates BIO/SSL/SSL_CTX_ctrl --- src/bio.c | 142 ++++++++++++++++++++++++++++++++++- src/ssl.c | 171 +++++++++++++++++++++++++++++++++++++++++- wolfssl/openssl/ssl.h | 72 +++++++++++++++++- wolfssl/ssl.h | 67 +++++++++++++++-- 4 files changed, 440 insertions(+), 12 deletions(-) diff --git a/src/bio.c b/src/bio.c index a0ae5ac9c..72c68b483 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1,4 +1,4 @@ -/* bio.h +/* bio.c * * Copyright (C) 2006-2016 wolfSSL Inc. * @@ -19,22 +19,162 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) +{ + (void)bio; + (void)cmd; + (void)larg; + (void)parg; + + WOLFSSL_ENTER("BIO_ctrl"); + return 1; +} + +/*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) { (void) b; + WOLFSSL_ENTER("BIO_ctrl_pending"); return 0; } +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m) +{ + (void) b; + (void) m; + WOLFSSL_ENTER("BIO_get_mem_ptr"); + return 0; +} + +/*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) { (void) bp; (void) cmd; (void) larg; (void) iarg; + WOLFSSL_ENTER("BIO_int_ctrl"); return 0; } +/*** TBD ***/ WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { + WOLFSSL_ENTER("BIO_s_socket"); return (void *)0; } + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size) +{ + (void) b; + (void) size; + WOLFSSL_ENTER("BIO_set_write_buf_size"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) +{ + (void) b1; + (void) b2; + WOLFSSL_ENTER("BIO_make_bio_pair"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b) +{ + (void) b; + WOLFSSL_ENTER("BIO_ctrl_reset_read_request"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) +{ + (void) bio; + (void) buf; + WOLFSSL_ENTER("BIO_nread0"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) +{ + (void) bio; + (void) buf; + (void) num; + WOLFSSL_ENTER("BIO_nread"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) +{ + (void) bio; + (void) buf; + (void) num; + WOLFSSL_ENTER("BIO_nwrite"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_reset(WOLFSSL_BIO *bio) +{ + (void) bio; + WOLFSSL_ENTER("BIO_reset"); + return 0; +} + +#if 0 +#ifndef NO_FILESYSTEM +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) +{ + (void) bio; + (void) fp; + (void) c; + WOLFSSL_ENTER("BIO_set_fp"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp) +{ + (void) bio; + (void) fp; + WOLFSSL_ENTER("BIO_get_fp"); + return 0; +} +#endif +#endif + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) +{ + (void) bio; + (void) ofs; + WOLFSSL_ENTER("BIO_seek"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) +{ + (void) bio; + (void) name; + WOLFSSL_ENTER("BIO_write_filename"); + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) +{ + (void) bio; + (void) v; + WOLFSSL_ENTER("BIO_set_mem_eof_return"); + return 0; +} diff --git a/src/ssl.c b/src/ssl.c index a24c45465..81d8abbd6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13172,6 +13172,99 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) return 0; } +/*** TBD ***/ +WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op) +{ + (void)s; + (void)op; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s) +{ + (void)s; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s) +{ + (void)s; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s) +{ + (void)s; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh) +{ + (void)s; + (void)dh; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) +{ + (void)s; + (void)type; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) +{ + (void)s; + (void)resp; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) +{ + (void)s; + (void)resp; + (void)len; + return 0; +} long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { @@ -13179,7 +13272,6 @@ long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) return 0; } - long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx) { (void)ctx; @@ -13256,6 +13348,83 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) return 0; } +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + +/*** TBC ***/ +WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + #ifndef NO_DES3 void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d6fd034f9..d306c3d05 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -469,11 +469,77 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_new_file wolfSSL_BIO_new_file #define BIO_ctrl wolfSSL_BIO_ctrl #define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending -#define BIO_get_mem_ptr(b,pp) wolfSSL_BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr #define BIO_int_ctrl wolfSSL_BIO_int_ctrl -#define BIO_reset(b) (int)wolfSSL_BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +#define BIO_reset wolfSSL_BIO_reset #define BIO_s_socket wolfSSL_BIO_s_socket -#define BIO_set_fd(b,fd,c) wolfSSL_BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +#define BIO_set_fd wolfSSL_BBIO_set_fd + +#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size +#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair + +#define BIO_set_fp wolfSSL_BIO_set_fp +#define BIO_get_fp wolfSSL_BIO_get_fp +#define BIO_seek wolfSSL_BIO_seek +#define BIO_write_filename wolfSSL_BIO_write_filename +#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return + +#define SSL_set_options wolfSSL_SSL_set_options +#define SSL_get_options wolfSSL_SSL_get_options +#define SSL_set_tmp_dh wolfSSL_SSL_set_tmp_dh +#define SSL_clear_num_renegotiations wolfSSL_SSL_clear_num_renegotiations +#define SSL_total_renegotiations wolfSSL_SSSL_total_renegotiations +#define SSL_set_tlsext_debug_arg wolfSSL_SSL_set_tlsext_debug_arg +#define SSL_set_tlsext_status_type wolfSSL_SSL_set_tlsext_status_type +#define SSL_set_tlsext_status_exts wolfSSL_SSL_set_tlsext_status_exts +#define SSL_get_tlsext_status_ids wolfSSL_SSL_get_tlsext_status_ids +#define SSL_set_tlsext_status_ids wolfSSL_SSL_set_tlsext_status_ids +#define SSL_get_tlsext_status_ocsp_resp wolfSSL_SSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_resp wolfSSL_SSL_set_tlsext_status_ocsp_resp + +#define SSL_CTX_need_tmp_RSA() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_CTX_set_tmp_rsa() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_CTX_set_tmp_dh() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_CTX_add_extra_chain_cert() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +#define SSL_CTX_get_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +#define SSL_CTX_set_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +#define SSL_CTX_set_tlsext_status_arg() wolfSSL_SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) +#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) + +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 +#define BIO_C_SET_WRITE_BUF_SIZE 136 +#define BIO_C_MAKE_BIO_PAIR 138 + +#define BIO_CTRL_RESET 1 +#define BIO_CTRL_INFO 3 +#define BIO_CTRL_FLUSH 11 +#define BIO_CLOSE 0x01 +#define BIO_FP_WRITE 0x04 + +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 + +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 + +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #ifdef HAVE_STUNNEL #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 678fefb45..fa6f73a1a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -501,13 +501,35 @@ WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,const unsigned char** WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); -WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); -WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); +WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API int wolfSSL_add_all_algorithms(void); -WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); -WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); -WOLFSSL_API int wolfSSL_add_all_algorithms(void); -WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); +WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); + +WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); +WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); +WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); + +WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); +WOLFSSL_API long wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); +WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); +WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); +WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); +WOLFSSL_API long wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +WOLFSSL_API long wolfSSL_BIO_reset(WOLFSSL_BIO *bio); + +#if 0 +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp); +#endif +#endif + +WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); +WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); +WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); +WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m); const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API void wolfSSL_RAND_screen(void); @@ -654,6 +676,32 @@ WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); + +WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); + +WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op); +WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); +WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type); +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); +WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); + #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L @@ -1861,7 +1909,12 @@ WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsign WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ); -/* end lighttpd, mysql, have_stunnel*/ +WOLFSSL_API unsigned long wolfSSL_SSL_CTX_get_options(const WOLFSSL_CTX *ctx); +WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned long op); +WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s); +WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op); + +/* end lighttpd*/ #endif #endif From 464543df2607e0bda99cfa6cd906cab83f694a53 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 8 Nov 2016 15:41:26 -0700 Subject: [PATCH 29/86] COMPAT. LAYER : jenkins warnings and spacing around if statements --- src/bio.c | 2 +- wolfcrypt/src/aes.c | 8 ++-- wolfcrypt/src/evp.c | 78 +++++++++++++++++++++----------------- wolfcrypt/src/include.am | 1 + wolfssl/openssl/include.am | 1 + wolfssl/ssl.h | 3 -- wolfssl/wolfcrypt/aes.h | 18 --------- 7 files changed, 50 insertions(+), 61 deletions(-) diff --git a/src/bio.c b/src/bio.c index 72c68b483..988cd9e82 100644 --- a/src/bio.c +++ b/src/bio.c @@ -63,7 +63,7 @@ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int i WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { WOLFSSL_ENTER("BIO_s_socket"); - return (void *)0; + return NULL; } /*** TBD ***/ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 15ad0252c..d234924ac 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2845,9 +2845,9 @@ int wc_InitAes_h(Aes* aes, void* h) #ifdef HAVE_AES_ECB int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - if((in == NULL) || (out == NULL) || (aes == NULL)) + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - while(sz>0){ + while (sz>0) { wc_AesEncryptDirect(aes, out, in); out += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; @@ -2857,9 +2857,9 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - if((in == NULL) || (out == NULL) || (aes == NULL)) + if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - while(sz>0){ + while (sz>0) { wc_AesDecryptDirect(aes, out, in); out += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index e499e6e85..df1da1de5 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -71,8 +71,8 @@ static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz int fill; WOLFSSL_ENTER("fillBuff"); printf("ctx->bufUsed=%d, sz=%d\n",ctx->bufUsed, sz); - if(sz > 0){ - if((sz+ctx->bufUsed) > ctx->block_size){ + if (sz > 0) { + if ((sz+ctx->bufUsed) > ctx->block_size) { fill = ctx->block_size - ctx->bufUsed; } else { fill = sz; @@ -114,7 +114,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, case AES_128_ECB_TYPE: case AES_192_ECB_TYPE: case AES_256_ECB_TYPE: - if(ctx->enc) + if (ctx->enc) wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); else wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); @@ -122,13 +122,13 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, #endif #ifndef NO_DES3 case DES_CBC_TYPE: - if(ctx->enc) + if (ctx->enc) wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); else wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); break; case DES_EDE3_CBC_TYPE: - if(ctx->enc) + if (ctx->enc) wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); else wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); @@ -138,7 +138,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); break; case DES_EDE3_ECB_TYPE: - if(ctx->enc) + if (ctx->enc) wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); else wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); @@ -160,18 +160,17 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, int blocks; int fill; - if(ctx == NULL)return BAD_FUNC_ARG; + if (ctx == NULL) return BAD_FUNC_ARG; WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); *outl = 0; - if(ctx->bufUsed > 0) /* concatinate them if there is anything */ - { + if (ctx->bufUsed > 0) { /* concatinate them if there is anything */ fill = fillBuff(ctx, in, inl); inl -= fill; in += fill; } - if(ctx->bufUsed == ctx->block_size){ + if (ctx->bufUsed == ctx->block_size) { /* the buff is full, flash out */ - if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; *outl+= ctx->block_size; out += ctx->block_size; @@ -179,20 +178,23 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, } blocks = inl / ctx->block_size; - if(blocks>0){ + if (blocks > 0) { /* process blocks */ - if(evpCipherBlock(ctx, out, ctx->buf, blocks) == 0) + if (evpCipherBlock(ctx, out, ctx->buf, blocks) == 0) return 0; inl -= ctx->block_size * blocks; *outl+= ctx->block_size * blocks; in += ctx->block_size * blocks; out += ctx->block_size * blocks; } - if(inl>0){ + if (inl > 0) { /* put fraction into buff */ fillBuff(ctx, in, inl); /* no increase of outl */ } + + (void)out; /* silence warning in case not read */ + return 1; } @@ -210,9 +212,9 @@ static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx) int n; WOLFSSL_ENTER("checkPad"); n = ctx->buf[ctx->block_size-1]; - if(n > ctx->block_size)return FALSE; + if (n > ctx->block_size) return FALSE; for (i = n; i < ctx->block_size; i++) - if(ctx->buf[i] != n) + if (ctx->buf[i] != n) return -1; return n; } @@ -221,26 +223,27 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int fl ; - if(ctx == NULL)return BAD_FUNC_ARG; + if (ctx == NULL) return BAD_FUNC_ARG; WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); - if(ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING){ + if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { *outl = 0; return 1; } - if(ctx->bufUsed > 0){ - if(ctx->enc){ + if (ctx->bufUsed > 0) { + if (ctx->enc) { padBlock(ctx); printf("Enc: block_size=%d\n", ctx->block_size); PRINT_BUF(ctx->buf, ctx->block_size); - if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; *outl = ctx->block_size; - } else { - if(evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + } + else { + if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; printf("Dec: block_size=%d\n", ctx->block_size); PRINT_BUF(ctx->buf, ctx->block_size); - if((fl = checkPad(ctx)) >= 0){ + if ((fl = checkPad(ctx)) >= 0) { XMEMCPY(out, ctx->buf, fl); *outl = fl; } else return 0; @@ -251,8 +254,8 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { - if(ctx == NULL)return BAD_FUNC_ARG; - switch(ctx->cipherType){ + if (ctx == NULL) return BAD_FUNC_ARG; + switch (ctx->cipherType) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: @@ -283,7 +286,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX * static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) { - if(0)return 0; /* dummy for #ifdef */ + if (0) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) return DES_CBC_TYPE; @@ -326,8 +329,8 @@ static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { - if(cipher == NULL)return BAD_FUNC_ARG; - switch(cipherType(cipher)){ + if (cipher == NULL) return BAD_FUNC_ARG; + switch (cipherType(cipher)) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: return 16; case AES_192_CBC_TYPE: return 24; @@ -356,7 +359,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { - switch(cipherType(cipher)){ + switch (cipherType(cipher)) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: @@ -390,7 +393,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { - if(cipher == NULL)return BAD_FUNC_ARG; + if (cipher == NULL) return BAD_FUNC_ARG; return WOLFSSL_CIPHER_mode(cipher); } @@ -401,14 +404,19 @@ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, i WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) { - if(cipher == NULL)return BAD_FUNC_ARG; + if (cipher == NULL) return BAD_FUNC_ARG; return WOLFSSL_CIPHER_mode(cipher); } WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { - if(ctx == NULL)return BAD_FUNC_ARG; - if(padding)ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; - else ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; + if (ctx == NULL) return BAD_FUNC_ARG; + if (padding) { + ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; + } + else { + ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; + } return 1; } + diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 714d5d434..e4d1985d1 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -2,6 +2,7 @@ # All paths should be given relative to the root EXTRA_DIST += wolfcrypt/src/misc.c +EXTRA_DIST += wolfcrypt/src/evp.c EXTRA_DIST += wolfcrypt/src/asm.c EXTRA_DIST += wolfcrypt/src/aes_asm.asm diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 21d99ef00..d6d743835 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -3,6 +3,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/asn1.h \ + wolfssl/openssl/aes.h\ wolfssl/openssl/bio.h \ wolfssl/openssl/bn.h \ wolfssl/openssl/conf.h \ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index fa6f73a1a..5a453dd60 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -530,7 +530,6 @@ WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m); -const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); @@ -1911,8 +1910,6 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X WOLFSSL_API unsigned long wolfSSL_SSL_CTX_get_options(const WOLFSSL_CTX *ctx); WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned long op); -WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s); -WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op); /* end lighttpd*/ #endif diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 6057a37f5..2b3c4e576 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -123,24 +123,6 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, - const byte* in, word32 sz); -WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, - const byte* in, word32 sz); - -#ifdef HAVE_AES_ECB -WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, - const byte* in, word32 sz); -WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, - const byte* in, word32 sz); -#endif - -#ifdef HAVE_AES_ECB -WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, - const byte* in, word32 sz); -WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, - const byte* in, word32 sz); -#endif #ifdef HAVE_AES_ECB WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, From 8554912d68aee92d2e5d7fb39d007b23b55c0869 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 9 Nov 2016 09:51:04 -0700 Subject: [PATCH 30/86] COMPAT. LAYER : jenkins warnings and build configurations --- src/ssl.c | 2 +- wolfcrypt/src/evp.c | 27 ++++++++++++++++----------- wolfssl/openssl/evp.h | 6 +++--- wolfssl/openssl/ssl.h | 1 - 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 81d8abbd6..35ff62a4f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10106,7 +10106,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->finUsed = 0; #ifndef NO_AES - printf("cipherType=%d\n", ctx->cipherType); + /* printf("cipherType=%d\n", ctx->cipherType); */ if (ctx->cipherType == AES_128_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_128_CBC); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index df1da1de5..5232f83a7 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -64,13 +64,17 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, return wolfSSL_EVP_DigestInit(ctx, type); } +#ifdef DEBUG_WOLFSSL #define PRINT_BUF(b, sz) { int i; for(i=0; i<(sz); i++){printf("%02x(%c),", (b)[i], (b)[i]); if((i+1)%8==0)printf("\n");}} +#else +#define PRINT_BUF(b, sz) +#endif static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) { int fill; WOLFSSL_ENTER("fillBuff"); - printf("ctx->bufUsed=%d, sz=%d\n",ctx->bufUsed, sz); + /* printf("ctx->bufUsed=%d, sz=%d\n",ctx->bufUsed, sz); */ if (sz > 0) { if ((sz+ctx->bufUsed) > ctx->block_size) { fill = ctx->block_size - ctx->bufUsed; @@ -79,7 +83,7 @@ static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz } XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill); ctx->bufUsed += fill; - printf("Result: ctx->bufUsed=%d\n",ctx->bufUsed); + /* printf("Result: ctx->bufUsed=%d\n",ctx->bufUsed); */ return fill; } else return 0; } @@ -89,12 +93,12 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { WOLFSSL_ENTER("evpCipherBlock"); - switch(ctx->cipherType){ + switch (ctx->cipherType) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: case AES_256_CBC_TYPE: - if(ctx->enc) + if (ctx->enc) wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); else wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); @@ -104,7 +108,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, case AES_128_CTR_TYPE: case AES_192_CTR_TYPE: case AES_256_CTR_TYPE: - if(ctx->enc) + if (ctx->enc) wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); else wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); @@ -150,6 +154,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, } ctx->finUsed = 1; XMEMCPY(ctx->fin, (const byte *)&out[inl-ctx->block_size], ctx->block_size); + (void)in; return 1; } @@ -203,7 +208,7 @@ static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx) int i; WOLFSSL_ENTER("paddBlock"); for (i = ctx->bufUsed; i < ctx->block_size; i++) - ctx->buf[i] = ctx->block_size - ctx->bufUsed; + ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed); } static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx) @@ -232,7 +237,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, if (ctx->bufUsed > 0) { if (ctx->enc) { padBlock(ctx); - printf("Enc: block_size=%d\n", ctx->block_size); + /* printf("Enc: block_size=%d\n", ctx->block_size); */ PRINT_BUF(ctx->buf, ctx->block_size); if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; @@ -241,7 +246,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, else { if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; - printf("Dec: block_size=%d\n", ctx->block_size); + /* printf("Dec: block_size=%d\n", ctx->block_size); */ PRINT_BUF(ctx->buf, ctx->block_size); if ((fl = checkPad(ctx)) >= 0) { XMEMCPY(out, ctx->buf, fl); @@ -286,7 +291,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX * static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) { - if (0) return 0; /* dummy for #ifdef */ + if (cipher == NULL) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) return DES_CBC_TYPE; @@ -393,7 +398,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { - if (cipher == NULL) return BAD_FUNC_ARG; + if (cipher == NULL) return 0; return WOLFSSL_CIPHER_mode(cipher); } @@ -404,7 +409,7 @@ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, i WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) { - if (cipher == NULL) return BAD_FUNC_ARG; + if (cipher == NULL) return 0; return WOLFSSL_CIPHER_mode(cipher); } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index cd3b1a16a..b5f85c4a7 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -151,7 +151,7 @@ enum { NID_md5 = 4 }; - +#define WOLFSSL_EVP_BUF_SIZE 16 typedef struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ int block_size; @@ -164,9 +164,9 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { unsigned char iv[DES_BLOCK_SIZE]; /* working iv pointer into cipher */ #endif WOLFSSL_Cipher cipher; - byte buf[AES_BLOCK_SIZE]; + byte buf[WOLFSSL_EVP_BUF_SIZE]; int bufUsed; - byte fin[AES_BLOCK_SIZE]; + byte fin[WOLFSSL_EVP_BUF_SIZE]; int finUsed; } WOLFSSL_EVP_CIPHER_CTX; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d306c3d05..f64caa6bb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -499,7 +499,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_need_tmp_RSA() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) #define SSL_CTX_set_tmp_rsa() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_CTX_set_tmp_dh() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) #define SSL_CTX_add_extra_chain_cert() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) #define SSL_CTX_get_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) #define SSL_CTX_set_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) From 526b602ebd867c30f998125831325fc9bb5d788a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 9 Nov 2016 16:25:12 -0700 Subject: [PATCH 31/86] AESNI support with EVP AES --- wolfcrypt/src/aes.c | 3 +++ wolfcrypt/test/test.c | 8 ++++---- wolfssl/openssl/evp.h | 10 ++++++---- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index d234924ac..cdd8d30fb 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1959,6 +1959,9 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, checkAESNI = 1; } if (haveAESNI) { + #ifdef WOLFSSL_AES_COUNTER + aes->left = 0; + #endif /* WOLFSSL_AES_COUNTER */ aes->use_aesni = 1; if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 1f3054bc6..9deae33f0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7195,7 +7195,7 @@ int openssl_test(void) (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) return -3316; printf("EVP_Cipher\n"); - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE*4) == 0) + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) return -3317; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_192_ctr(), @@ -7203,7 +7203,7 @@ int openssl_test(void) return -3318; XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) return -3319; if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) @@ -7215,7 +7215,7 @@ int openssl_test(void) if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) return -3322; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE*4) == 0) + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, AES_BLOCK_SIZE) == 0) return -3323; EVP_CIPHER_CTX_init(&de); if (EVP_CipherInit(&de, EVP_aes_256_ctr(), @@ -7223,7 +7223,7 @@ int openssl_test(void) return -3324; XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE) == 0) return -3325; if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index b5f85c4a7..90a14c07a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -159,14 +159,16 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; #ifndef NO_AES - unsigned char iv[AES_BLOCK_SIZE]; /* working iv pointer into cipher */ + /* working iv pointer into cipher */ + ALIGN16 unsigned char iv[AES_BLOCK_SIZE]; #elif !defined(NO_DES3) - unsigned char iv[DES_BLOCK_SIZE]; /* working iv pointer into cipher */ + /* working iv pointer into cipher */ + ALIGN16 unsigned char iv[DES_BLOCK_SIZE]; #endif WOLFSSL_Cipher cipher; - byte buf[WOLFSSL_EVP_BUF_SIZE]; + ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE]; int bufUsed; - byte fin[WOLFSSL_EVP_BUF_SIZE]; + ALIGN16 byte fin[WOLFSSL_EVP_BUF_SIZE]; int finUsed; } WOLFSSL_EVP_CIPHER_CTX; From 6520a77fac5b0718f52d14c39d2e304d8fdc6a96 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 10 Nov 2016 16:47:26 -0700 Subject: [PATCH 32/86] DES ECB prototypes --- src/ssl.c | 4 ++-- wolfcrypt/src/des3.c | 18 +++++++++++++----- wolfssl/wolfcrypt/des3.h | 6 ++++++ 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 35ff62a4f..d4491435f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10486,9 +10486,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef WOLFSSL_DES_ECB case DES_ECB_TYPE : if (ctx->enc) - wc_Des_EbcEncrypt(&ctx->cipher.des, dst, src, len); + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); else - wc_Des_EbcDecrypt(&ctx->cipher.des, dst, src, len); + ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len); break; #endif case DES_EDE3_CBC_TYPE : diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 1bdb9add2..005b03f33 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1621,6 +1621,10 @@ int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + while (blocks--) { DesProcessBlock(des, in, out); @@ -1632,15 +1636,19 @@ int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { - word32 blocks = sz / DES3_BLOCK_SIZE; - printf("wc_Des3_EcbEncrypt(%016x, %016x, %d)\n", - *(unsigned long *)in, *(unsigned long *)out, sz) ; + word32 blocks = sz / DES_BLOCK_SIZE; + /* printf("wc_Des3_EcbEncrypt(%016x, %016x, %d)\n", + *(unsigned long *)in, *(unsigned long *)out, sz) ; */ + + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } while (blocks--) { Des3ProcessBlock(des, in, out); - out += DES3_BLOCK_SIZE; - in += DES3_BLOCK_SIZE; + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; } return 0; } diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index db12cc900..409aa81f7 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -94,6 +94,12 @@ WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); +WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out, + const byte* in, word32 sz); + +/* ECB decrypt same process as encrypt but with decrypt key */ +#define wc_Des_EcbDecrypt wc_Des_EcbEncrypt +#define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); From f2f52c3ec9d78ee82c287857651d70fa677ccc17 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 10 Nov 2016 19:34:27 -0700 Subject: [PATCH 33/86] add more compatiblity functions --- examples/server/server.c | 3 + src/internal.c | 4 ++ src/ssl.c | 137 ++++++++++++++++++++++++++++++++++++++- wolfssl/internal.h | 1 + wolfssl/openssl/ssl.h | 13 +++- wolfssl/ssl.h | 17 ++++- 6 files changed, 171 insertions(+), 4 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index d39db8070..f1893e45e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1022,6 +1022,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } showPeer(ssl); + if (SSL_state(ssl) != 0) { + err_sys("SSL in error state"); + } #ifdef HAVE_ALPN if (alpnList != NULL) { diff --git a/src/internal.c b/src/internal.c index efce9c491..f7b60d590 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1402,6 +1402,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) WOLFSSL_MSG("Bad Cert Manager New"); return BAD_CERT_MANAGER_ERROR; } + #ifdef OPENSSL_EXTRA + /* setup WOLFSSL_X509_STORE */ + ctx->x509_store.cm = ctx->cm; + #endif #endif #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) diff --git a/src/ssl.c b/src/ssl.c index d4491435f..1a7d237d3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1948,6 +1948,17 @@ int wolfSSL_shutdown(WOLFSSL* ssl) } +/* get current error state value */ +int wolfSSL_state(WOLFSSL* ssl) +{ + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + return ssl->error; +} + + int wolfSSL_get_error(WOLFSSL* ssl, int ret) { WOLFSSL_ENTER("SSL_get_error"); @@ -2148,7 +2159,6 @@ const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl) return NULL; } - int wolfSSL_GetKeySize(WOLFSSL* ssl) { if (ssl) @@ -5793,6 +5803,47 @@ int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format) return wolfSSL_use_PrivateKey_file(ssl, file, format); } + +/* Copies the master secret over to out buffer. If outSz is 0 returns the size + * of master secret. + * + * ses : a session from completed TLS/SSL handshake + * out : buffer to hold copy of master secret + * outSz : size of out buffer + * returns : number of bytes copied into out buffer on success + * less then or equal to 0 is considered a failure case + */ +int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, + unsigned char* out, int outSz) +{ + int size; + + if (outSz == 0) { + return SECRET_LEN; + } + + if (ses == NULL || out == NULL || outSz < 0) { + return 0; + } + + if (outSz > SECRET_LEN) { + size = SECRET_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ses->masterSecret, size); + return size; +} + + +int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses) +{ + (void)ses; + return SECRET_LEN; +} + #endif /* OPENSSL_EXTRA */ #ifdef HAVE_NTRU @@ -9222,6 +9273,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx) + { + if (ctx == NULL) { + return NULL; + } + + return &(ctx->x509_store); + } + + + void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) + { + if (ctx == NULL || str == NULL) { + return; + } + + /* free cert manager if have one */ + if (ctx->cm != NULL) { + wolfSSL_CertManagerFree(ctx->cm); + } + ctx->cm = str->cm; + ctx->x509_store.cache = str->cache; + } + WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( WOLFSSL_X509_STORE_CTX* ctx) @@ -12477,6 +12552,39 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, #ifndef NO_CERTS +WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509) +{ + WOLFSSL_X509* localX509 = NULL; + const unsigned char* mem = NULL; + int ret; + word32 size; + + WOLFSSL_ENTER("wolfSSL_d2i_X509_bio"); + + if (bio == NULL) { + WOLFSSL_MSG("Bad Function Argument bio is NULL"); + return NULL; + } + + ret = wolfSSL_BIO_get_mem_data(bio, &mem); + if (mem == NULL || ret <= 0) { + WOLFSSL_MSG("Failed to get data from bio struct"); + return NULL; + } + size = ret; + + localX509 = wolfSSL_X509_d2i(NULL, mem, size); + if (localX509 == NULL) { + return NULL; + } + + if (x509 != NULL) { + *x509 = localX509; + } + + return localX509; +} + #if !defined(NO_ASN) && !defined(NO_PWDBASED) WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) @@ -12792,6 +12900,18 @@ void wolfSSL_PKCS12_PBE_add(void) WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add"); } + + +WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) +{ + if (ctx == NULL) { + return NULL; + } + + return ctx->chain; +} + + int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) { int result = SSL_FATAL_ERROR; @@ -12849,6 +12969,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) } +int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) +{ + + WOLFSSL_STUB("wolfSSL_X509_STORE_set_flags"); + + (void)store; + (void)flag; + + return 1; +} + + int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) { (void)store; @@ -12887,6 +13019,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, if (ctx != NULL) { ctx->store = store; ctx->current_cert = x509; + ctx->chain = sk; ctx->domain = NULL; ctx->ex_data = NULL; ctx->userCtx = NULL; @@ -12906,6 +13039,8 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) wolfSSL_X509_STORE_free(ctx->store); if (ctx->current_cert != NULL) wolfSSL_FreeX509(ctx->current_cert); + if (ctx->chain != NULL) + wolfSSL_sk_X509_free(ctx->chain); XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); } } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3859c1534..92d09f570 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2001,6 +2001,7 @@ struct WOLFSSL_CTX { #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) pem_password_cb passwd_cb; void* userdata; + WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ #endif /* OPENSSL_EXTRA */ #ifdef HAVE_STUNNEL void* ex_data[MAX_EX_DATA]; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f64caa6bb..621854e26 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -21,7 +21,7 @@ -/* ssl.h defines wolfssl_openssl compatibility layer +/* ssl.h defines wolfssl_openssl compatibility layer * */ @@ -134,7 +134,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file - + #define SSL_use_certificate_file wolfSSL_use_certificate_file #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file @@ -147,6 +147,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_get_fd wolfSSL_get_fd #define SSL_connect wolfSSL_connect #define SSL_clear wolfSSL_clear +#define SSL_state wolfSSL_state #define SSL_write wolfSSL_write #define SSL_read wolfSSL_read @@ -201,6 +202,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_get_keyblock_size wolfSSL_get_keyblock_size #define SSL_get_keys wolfSSL_get_keys +#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key +#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length #define X509_free wolfSSL_X509_free #define OPENSSL_free wolfSSL_OPENSSL_free @@ -271,6 +274,9 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; # define CRYPTO_WRITE 8 #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert +#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags +#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain #define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error #define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth @@ -316,6 +322,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_load_client_CA_file wolfSSL_load_client_CA_file #define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list +#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store +#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store #define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx #define SSL_get_ex_data wolfSSL_get_ex_data @@ -405,6 +413,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_value wolfSSL_sk_value #define sk_X509_pop wolfSSL_sk_X509_pop #define sk_X509_free wolfSSL_sk_X509_free +#define d2i_X509_bio wolfSSL_d2i_X509_bio #define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data #define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5a453dd60..e2c0c200f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -174,6 +174,7 @@ typedef struct WOLFSSL_BUFFER_INFO { typedef struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* stunnel dereference */ + WOLFSSL_STACK* chain; char* domain; /* subject CN domain name */ void* ex_data; /* external data, for fortress build */ void* userCtx; /* user ctx */ @@ -599,6 +600,10 @@ WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void); WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*); WOLFSSL_API int wolfSSL_X509_STORE_add_cert( WOLFSSL_X509_STORE*, WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( + WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, + unsigned long flag); WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*, int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*); @@ -924,6 +929,7 @@ WOLFSSL_API void wolfSSL_ERR_free_strings(void); WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); WOLFSSL_API void wolfSSL_EVP_cleanup(void); WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); @@ -1799,7 +1805,8 @@ WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name); then will not send keys in the hello extension */ WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag); #endif -#endif + +#endif /* QSH */ /* TLS Extended Master Secret Extension */ WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl); @@ -1871,6 +1878,14 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, + unsigned char* out, int outSz); +WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); + +WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, + WOLFSSL_X509_STORE* str); +WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, int outSz); From f3435eefbdb4e793c280e983977981ef75823af1 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 12:24:31 +0900 Subject: [PATCH 34/86] templates: ASN1_INTEGER_to_BN, BN_mod_exp, CONF_modules_free/unload, DSA_dup_DH --- src/ssl.c | 33 +++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 6 ++++++ wolfssl/ssl.h | 10 +++++++++- 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 1a7d237d3..65de1ab06 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13233,6 +13233,14 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) return 0; } +/*** TBC ***/ +WOLFSSL_API WOLFSSL_BIGNUM *ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, + WOLFSSL_BIGNUM *bn) +{ + (void)ai; + (void)bn; + return 0; +} void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) @@ -13560,6 +13568,12 @@ WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSS return 0; } +/*** TBC ***/ +WOLFSSL_API void wolfSSL_CONF_modules_unload(int all) +{ + (void) all; +} + #ifndef NO_DES3 void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) @@ -14095,6 +14109,17 @@ int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a, return 0; } +/*** TBFD ***/ +WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) +{ + (void) r; + (void) a; + (void) p; + (void) m; + (void) ctx; + return 0; +} const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) { @@ -15130,6 +15155,14 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) dsa = NULL; } } + +/*** TBD ***/ +WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r) +{ + (void) r; + return NULL; +} + #endif /* NO_DSA */ #ifndef NO_RSA diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 621854e26..0d690fa84 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -318,6 +318,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get +#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN #define SSL_load_client_CA_file wolfSSL_load_client_CA_file @@ -428,6 +429,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_SESSION_get_time wolfSSL_SESSION_get_time #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index +/*#if OPENSSL_API_COMPAT < 0x10100000L*/ +# define CONF_modules_free() while(0) continue +/*#endif*/ +#define CONF_modules_unload wolfSSL_CONF_modules_unload + /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e2c0c200f..bc89b29c6 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -59,7 +59,9 @@ #undef OCSP_RESPONSE #endif - +#ifdef OPENSSL_EXTRA + #include +#endif #ifdef __cplusplus extern "C" { @@ -636,7 +638,11 @@ WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, const WOLFSSL_ASN1_INTEGER*); WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, + WOLFSSL_BIGNUM *bn); WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); +#endif WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, STACK_OF(WOLFSSL_X509_NAME)*); @@ -706,6 +712,8 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); +WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); + #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L From 63dcacb43777a9abdd35abb3863e70c495b7b478 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 12:32:30 +0900 Subject: [PATCH 35/86] templates: ENGINE_cleanup, BN_mod_exp --- wolfssl/openssl/bn.h | 5 +++-- wolfssl/openssl/ssl.h | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index c56a3cfca..ba5648a88 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -35,7 +35,8 @@ WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); - +WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void); @@ -109,6 +110,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_bin2bn wolfSSL_BN_bin2bn #define BN_mod wolfSSL_BN_mod +#define BN_mod_exp wolfSSL_BN_mod_exp #define BN_sub wolfSSL_BN_sub #define BN_value_one wolfSSL_BN_value_one @@ -148,4 +150,3 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #endif /* WOLFSSL__H_ */ - diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 0d690fa84..d7e8f51e7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -386,7 +386,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_status wolfSSL_RAND_status #define RAND_bytes wolfSSL_RAND_bytes #define SSLv23_server_method wolfSSLv23_server_method -#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_set_options wolfSSL_CTX_set_options #define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key #define ERR_free_strings wolfSSL_ERR_free_strings @@ -431,6 +431,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; /*#if OPENSSL_API_COMPAT < 0x10100000L*/ # define CONF_modules_free() while(0) continue +# define ENGINE_cleanup() while(0) continue /*#endif*/ #define CONF_modules_unload wolfSSL_CONF_modules_unload @@ -506,7 +507,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_total_renegotiations wolfSSL_SSSL_total_renegotiations #define SSL_set_tlsext_debug_arg wolfSSL_SSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_SSL_set_tlsext_status_type -#define SSL_set_tlsext_status_exts wolfSSL_SSL_set_tlsext_status_exts +#define SSL_set_tlsext_status_exts wolfSSL_SSL_set_tlsext_status_exts #define SSL_get_tlsext_status_ids wolfSSL_SSL_get_tlsext_status_ids #define SSL_set_tlsext_status_ids wolfSSL_SSL_set_tlsext_status_ids #define SSL_get_tlsext_status_ocsp_resp wolfSSL_SSL_get_tlsext_status_ocsp_resp From ee86325ae48ee6867b06c682ba3c4c0fe5575c82 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 13:48:37 +0900 Subject: [PATCH 36/86] template: ERR_peek_last_error_line/print_errors_fp, EVP_add_digest --- src/ssl.c | 5 +++++ wolfcrypt/src/evp.c | 6 ++++++ wolfssl/openssl/evp.h | 3 ++- wolfssl/openssl/ssl.h | 2 ++ wolfssl/ssl.h | 2 ++ 5 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 65de1ab06..2c74057c8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19226,6 +19226,11 @@ void WOLFSSL_ERR_remove_thread_state(void* pid) return; } +/***TBD ***/ +void wolfSSL_ERR_print_errors_fp(XFILE *fp) +{ + (void)fp; +} int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 5232f83a7..390153d50 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -425,3 +425,9 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, return 1; } +/*** TBD ***/ +WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) +{ + (void)digest; + return 0; +} diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 90a14c07a..4c992aa2d 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -273,6 +273,7 @@ WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); +WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); #define WOLFSSL_EVP_CIPH_MODE 0xF0007 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 @@ -365,7 +366,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_set_flags wolfSSL_EVP_CIPHER_CTX_set_flags #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags - +#define EVP_add_digest wolfSSL_EVP_add_digest #ifndef EVP_MAX_MD_SIZE #define EVP_MAX_MD_SIZE 64 /* sha512 */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d7e8f51e7..18b60c873 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -336,6 +336,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback #define ERR_peek_error wolfSSL_ERR_peek_error +#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line +#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp #define ERR_GET_REASON wolfSSL_ERR_GET_REASON #define SSL_alert_type_string wolfSSL_alert_type_string diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bc89b29c6..ae02a4d67 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2034,6 +2034,8 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE *fp); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); From a09a761d078a799fc8a769ed135dc5d80ff9864a Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 17:56:43 +0900 Subject: [PATCH 37/86] stubs: PEM_read_bio_DSAparams/X509_AUX/PrivateKey,SSL_CTX_get_default_passwd_cb/userdata --- src/ssl.c | 57 +++++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 23 ++++++++++------- wolfssl/ssl.h | 12 +++++++-- 3 files changed, 81 insertions(+), 11 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2c74057c8..ac0877758 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11173,6 +11173,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return 0; } + WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) + { + (void) ctx; + return NULL; + } + + WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) + { + (void) ctx; + return NULL; + } + #endif /* OPENSSL_EXTRA */ @@ -16690,6 +16702,25 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, } #endif /* NO_FILESYSTEM */ +/*** TBD ***/ +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, RSA* rsa, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb cb, void* arg) +{ + (void)bio; + (void)rsa; + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; + + WOLFSSL_MSG("wolfSSL_PEM_write_bio_PrivateKey not implemented"); + + return SSL_FAILURE; +} + int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -18924,6 +18955,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } + /*** TBD ***/ + WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + (void)bp; + (void)x; + (void)cb; + (void)u; + WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); + + return NULL; + } + void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { (void)ctx; (void)depth; @@ -19163,6 +19206,20 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_p return NULL; } +/*** TBD ***/ +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) +{ + (void) bp; + (void) x; + (void) cb; + (void) u; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_DSAparams"); + + return NULL; +} + int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { (void)bp; (void)x; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 18b60c873..f2efeb146 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -455,6 +455,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define OBJ_obj2nid wolf_OBJ_obj2nid #define OBJ_sn2nid wolf_OBJ_sn2nid #define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509 +#define PEM_read_bio_X509_AUX PEM_read_bio_WOLFSSL_X509_AUX #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth #define SSL_get_app_data wolfSSL_get_app_data #define SSL_set_app_data wolfSSL_set_app_data @@ -479,6 +480,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define OBJ_nid2ln wolf_OBJ_nid2ln #define OBJ_txt2nid wolf_OBJ_txt2nid #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -515,13 +517,14 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_get_tlsext_status_ocsp_resp wolfSSL_SSL_get_tlsext_status_ocsp_resp #define SSL_set_tlsext_status_ocsp_resp wolfSSL_SSL_set_tlsext_status_ocsp_resp -#define SSL_CTX_need_tmp_RSA() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -#define SSL_CTX_set_tmp_rsa() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -#define SSL_CTX_add_extra_chain_cert() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -#define SSL_CTX_get_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -#define SSL_CTX_set_read_ahead() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -#define SSL_CTX_set_tlsext_status_arg() wolfSSL_SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() wolfSSL_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) +#define SSL_CTX_need_tmp_RSA wolfSSL_SSL_CTX_need_tmp_RSA +#define SSL_CTX_set_tmp_rsa wolfSSL_SSL_CTX_set_tmp_rsa +#define SSL_CTX_add_extra_chain_cert wolfSSL_SSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_SSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_SSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg +#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ + wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 @@ -608,8 +611,10 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get_servername wolfSSL_get_servername #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback -#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_servername_callback -#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg +#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_servername_callback +#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg +#define SSL_CTX_get_default_passwd_cb wolfSSL_SSL_CTX_get_default_passwd_cb +#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_SSL_CTX_get_default_passwd_cb_userdata #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ae02a4d67..45d94e7aa 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1897,7 +1897,8 @@ WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, int outSz); - +WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); /*lighttp compatibility */ @@ -1921,6 +1922,8 @@ WOLFSSL_API const char * wolf_OBJ_nid2sn(int n); WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn); WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX + (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); @@ -1947,6 +1950,8 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char * WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, + WOLFSSL_DSA **x, pem_password_cb *cb, void *u); WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); @@ -2035,7 +2040,10 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE *fp); + +#ifndef NO_FILESYSTEM +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE *fp); +#endif WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); From 3946931320dda03aac24fe247f74816be65f675f Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 20:07:22 +0900 Subject: [PATCH 38/86] stubs: SSL_get_server_random/verify_result/session/set_accept_state --- wolfssl/openssl/pem.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 76a391f54..043854342 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -90,6 +90,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, pem_password_cb cb, void* arg); WOLFSSL_API +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, RSA* rsa, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb cb, void* arg); + +WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); #if !defined(NO_FILESYSTEM) @@ -98,6 +104,7 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); #endif /* NO_FILESYSTEM */ +#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey /* RSA */ #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey #define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey From d8d3cd5269db4605d744f4c21a674fc6919d924b Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 11 Nov 2016 20:28:08 +0900 Subject: [PATCH 39/86] staub: SSL_get_server_random --- src/ssl.c | 38 ++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 4 ++++ wolfssl/ssl.h | 6 ++++++ 3 files changed, 48 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index ac0877758..fe8e51993 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13380,6 +13380,14 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) return 0; } +/*** TBD ***/ +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) +{ + (void)s; + (void)arg; + return 0; +} + /*** TBD ***/ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) { @@ -13421,6 +13429,35 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch return 0; } +WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, + unsigned long outlen) +{ + (void)ssl; + (void)out; + (void)outlen; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl) +{ + (void)ssl; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl) +{ + (void)ssl; + return 0; +} + +/*** TBD ***/ +WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s) +{ + (void)s; +} + long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { (void)ctx; @@ -16703,6 +16740,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, #endif /* NO_FILESYSTEM */ /*** TBD ***/ +WOLFSSL_API int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f2efeb146..3bcac8b76 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -525,6 +525,10 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_get_server_random wolfSSL_SSL_get_server_random + +#define SSL_get_server_random wolfSSL_SSL_get_server_random +#define SSL_get_tlsext_status_exts wolfSSL_SSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 45d94e7aa..dabf447e1 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -713,6 +713,12 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); +WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, + unsigned long outlen); +WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl); +WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s); +WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L From 0d7c25928288efe4fbd2e8b767fab793d7f00552 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 11 Nov 2016 10:11:10 -0700 Subject: [PATCH 40/86] compatibility functions for ssl cert and private key --- src/ssl.c | 65 +++++++++++++++++++++++++++++++++++++++++++ tests/api.c | 44 +++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 6 ++++ wolfssl/ssl.h | 15 ++++++++++ 4 files changed, 130 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index fe8e51993..090bb062a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5684,6 +5684,71 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) #ifdef OPENSSL_EXTRA /* put SSL type in extra for now, not very common */ +#ifndef NO_CERTS +int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) +{ + WOLFSSL_STUB("wolfSSL_use_PrivateKey"); + (void)ssl; + (void)pkey; + return SSL_FAILURE; +} + + +int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, + long derSz) +{ + WOLFSSL_STUB("wolfSSL_use_PrivateKey_ASN1"); + (void)ssl; + (void)pri; + (void)der; + (void)derSz; + return SSL_FAILURE; +} + + +#ifndef NO_RSA +int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa) +{ + WOLFSSL_STUB("wolfSSL_use_RSAPrivateKey"); + (void)ssl; + (void)rsa; + return SSL_FAILURE; +} +#endif + +int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz) +{ + long idx; + + WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1"); + if (der != NULL && ssl != NULL) { + if (ProcessBuffer(NULL, der, derSz, SSL_FILETYPE_ASN1, CERT_TYPE, ssl, + &idx, 0) == SSL_SUCCESS) + return SSL_SUCCESS; + } + + (void)idx; + return SSL_FAILURE; +} + + +int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + long idx; + + WOLFSSL_ENTER("wolfSSL_use_certificate"); + if (x509 != NULL && ssl != NULL && x509->derCert != NULL) { + if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, + SSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0) == SSL_SUCCESS) + return SSL_SUCCESS; + } + + (void)idx; + return SSL_FAILURE; +} +#endif /* NO_CERTS */ + + int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) { WOLFSSL_ENTER("wolfSSL_use_certificate_file"); diff --git a/tests/api.c b/tests/api.c index 26eea6794..bac81c532 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2245,6 +2245,49 @@ static void test_wolfSSL_DES(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } + +static void test_wolfSSL_certs(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* x509; + WOLFSSL* ssl; + WOLFSSL_CTX* ctx; + + printf(testingFmt, "wolfSSL_certs()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + + /* create and use x509 */ + x509 = wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM); + AssertNotNull(x509); + AssertIntEQ(SSL_use_certificate(ssl, x509), SSL_SUCCESS); + + + #if defined(USE_CERT_BUFFERS_2048) + AssertIntEQ(SSL_use_certificate_ASN1(ssl, + (unsigned char*)server_cert_der_2048, + sizeof_server_cert_der_2048), SSL_SUCCESS); + #endif + + /* needs tested after stubs filled out @TODO + SSL_use_PrivateKey + SSL_use_PrivateKey_ASN1 + SSL_use_RSAPrivateKey_ASN1 + */ + + SSL_free(ssl); + SSL_CTX_free(ctx); + wolfSSL_FreeX509(x509); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2291,6 +2334,7 @@ void ApiTest(void) /* compatibility tests */ test_wolfSSL_DES(); + test_wolfSSL_certs(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 3bcac8b76..47dbc85e8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -110,6 +110,12 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode #define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth #define SSL_get_certificate wolfSSL_get_certificate +#define SSL_use_certificate wolfSSL_use_certificate +#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 + +#define SSL_use_PrivateKey wolfSSL_use_PrivateKey +#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 +#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dabf447e1..dd25e3dd7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1892,6 +1892,21 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA + +#ifndef NO_CERTS +WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, + int derSz); +WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); +WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, + unsigned char* der, long derSz); +#ifndef NO_RSA +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa); +#endif +#endif /* NO_CERTS */ + +WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); + WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, unsigned char* out, int outSz); WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); From fed4ed40a9956c7d4fcf1e6353ef13e8588fad8e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 11 Nov 2016 11:15:12 -0700 Subject: [PATCH 41/86] compatibility functions for X509 --- src/ssl.c | 32 +++++++++++++++++++++++++++++++- tests/api.c | 4 +++- wolfssl/openssl/evp.h | 1 - wolfssl/openssl/ssl.h | 6 +++++- wolfssl/ssl.h | 8 +++++++- 5 files changed, 46 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 090bb062a..4fb02383e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5685,6 +5685,30 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) /* put SSL type in extra for now, not very common */ #ifndef NO_CERTS +void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, + int nid, int* c, int* idx) +{ + WOLFSSL_STUB("wolfSSL_X509_get_ext_d2i"); + (void)x509; + (void)nid; + (void)c; + (void)idx; + return NULL; +} + + +int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, + unsigned char* buf, unsigned int* len) +{ + WOLFSSL_STUB("wolfSSL_X509_digest"); + (void)x509; + (void)digest; + (void)buf; + (void)len; + return SSL_FAILURE; +} + + int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) { WOLFSSL_STUB("wolfSSL_use_PrivateKey"); @@ -7051,6 +7075,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ +#ifdef OPENSSL_EXTRA + WOLFSSL_METHOD* wolfSSLv23_method(void) { + WOLFSSL_STUB("SSLv23_method"); + return NULL; + } +#endif /* OPENSSL_EXTRA */ /* client only parts */ #ifndef NO_WOLFSSL_CLIENT @@ -19387,7 +19417,7 @@ void WOLFSSL_ERR_remove_thread_state(void* pid) } /***TBD ***/ -void wolfSSL_ERR_print_errors_fp(XFILE *fp) +void wolfSSL_print_all_errors_fp(XFILE *fp) { (void)fp; } diff --git a/tests/api.c b/tests/api.c index bac81c532..469d67329 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2278,11 +2278,13 @@ static void test_wolfSSL_certs(void) SSL_use_PrivateKey SSL_use_PrivateKey_ASN1 SSL_use_RSAPrivateKey_ASN1 + SSL_X509_digest + SSL_X509_get_ext_d2i */ SSL_free(ssl); SSL_CTX_free(ctx); - wolfSSL_FreeX509(x509); + X509_free(x509); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 4c992aa2d..97aa99709 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -53,7 +53,6 @@ extern "C" { #endif -typedef char WOLFSSL_EVP_MD; typedef char WOLFSSL_EVP_CIPHER; #ifndef NO_MD5 diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 47dbc85e8..7a8c93c8a 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -101,7 +101,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; strncpy(buf, "Not Implemented, SSLv2 only", len) /* @TODO */ -#define ERR_print_errors_fp(file) +#define ERR_print_errors_fp(file) wolfSSL_print_all_errors_fp((file)) /* at the moment only returns ok */ #define SSL_get_verify_result(ctx) X509_V_OK @@ -117,6 +117,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 #define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSLv23_method wolfSSLv23_method #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method #define TLSv1_server_method wolfTLSv1_server_method @@ -211,6 +212,9 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length +#define SSL_X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID +#define SSL_X509_get_ext_d2i wolfSSL_X509_get_ext_d2i +#define SSL_X509_digest wolfSSL_X509_digest #define X509_free wolfSSL_X509_free #define OPENSSL_free wolfSSL_OPENSSL_free diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dd25e3dd7..1481ca3c1 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -118,6 +118,7 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME +typedef char WOLFSSL_EVP_MD; typedef struct WOLFSSL_EVP_PKEY { int type; /* openssh dereference */ int save_type; /* openssh dereference */ @@ -242,6 +243,7 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); #endif +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); @@ -1894,6 +1896,10 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #ifdef OPENSSL_EXTRA #ifndef NO_CERTS +WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, + int nid, int* c, int* idx); +WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, + const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz); @@ -2063,7 +2069,7 @@ WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); #ifndef NO_FILESYSTEM -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE *fp); +WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); #endif WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); From 79472e11a171a1ef9526ee86cfbc26b1c220adb1 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 11 Nov 2016 13:39:36 -0700 Subject: [PATCH 42/86] add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random --- examples/client/client.c | 10 ++--- examples/server/server.c | 33 +++++++++++++++++ rpm/spec.in | 3 ++ src/ssl.c | 80 +++++++++++++++++++++++++++++++++------- tests/api.c | 6 ++- wolfcrypt/src/include.am | 1 + wolfssl/openssl/ssl.h | 3 +- wolfssl/ssl.h | 9 +++-- 8 files changed, 119 insertions(+), 26 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 7d5b43e2a..f2984ca93 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1445,13 +1445,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef OPENSSL_EXTRA { - byte* rnd; - byte* pt; - int size; + byte* rnd; + byte* pt; + size_t size; /* get size of buffer then print */ size = wolfSSL_get_client_random(NULL, NULL, 0); - if (size < 0) { + if (size == 0) { err_sys("error getting client random buffer size"); } @@ -1461,7 +1461,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } size = wolfSSL_get_client_random(ssl, rnd, size); - if (size < 0) { + if (size == 0) { XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); err_sys("error getting client random buffer"); } diff --git a/examples/server/server.c b/examples/server/server.c index f1893e45e..626f96c5e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -882,6 +882,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ssl = SSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL"); + #ifdef OPENSSL_EXTRA + wolfSSL_KeepArrays(ssl); + #endif #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) { @@ -1026,6 +1029,36 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("SSL in error state"); } +#ifdef OPENSSL_EXTRA + { + byte* rnd; + byte* pt; + size_t size; + + /* get size of buffer then print */ + size = wolfSSL_get_server_random(NULL, NULL, 0); + if (size == 0) { + err_sys("error getting server random buffer size"); + } + + rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rnd == NULL) { + err_sys("error creating server random buffer"); + } + + size = wolfSSL_get_client_random(ssl, rnd, size); + if (size == 0) { + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("error getting server random buffer"); + } + + printf("Server Random : "); + for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt); + printf("\n"); + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + #ifdef HAVE_ALPN if (alpnList != NULL) { char *protocol_name = NULL, *list = NULL; diff --git a/rpm/spec.in b/rpm/spec.in index e7871d05b..ae8fc8ad8 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -231,6 +231,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_includedir}/wolfssl/wolfcrypt/wolfevent.h %{_includedir}/wolfssl/error-ssl.h %{_includedir}/wolfssl/ocsp.h +%{_includedir}/wolfssl/openssl/aes.h %{_includedir}/wolfssl/openssl/asn1.h %{_includedir}/wolfssl/openssl/bio.h %{_includedir}/wolfssl/openssl/bn.h @@ -275,6 +276,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Fri Nov 11 2016 Jacob Barthelmeh +- Added header for wolfssl/openssl/aes.h * Fri Oct 28 2016 Jacob Barthelmeh - Added header for pkcs12 * Fri Sep 23 2016 John Safranek diff --git a/src/ssl.c b/src/ssl.c index 4fb02383e..5107bddd9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5685,6 +5685,33 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) /* put SSL type in extra for now, not very common */ #ifndef NO_CERTS +int wolfSSL_check_private_key(const WOLFSSL* ssl) +{ + DecodedCert der; + word32 size; + byte* buff; + int ret; + + if (ssl == NULL) { + return SSL_FAILURE; + } + + size = ssl->buffers.certificate->length; + buff = ssl->buffers.certificate->buffer; + InitDecodedCert(&der, buff, size, ssl->heap); + if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) { + FreeDecodedCert(&der); + return SSL_FAILURE; + } + + size = ssl->buffers.key->length; + buff = ssl->buffers.key->buffer; + ret = wc_CheckPrivateKey(buff, size, &der); + FreeDecodedCert(&der); + return ret; +} + + void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx) { @@ -5808,6 +5835,39 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) +#if !defined(NO_WOLFSSL_SERVER) +size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, + size_t outSz) +{ + size_t size; + + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; + } + + if (ssl == NULL || out == NULL) { + return 0; + } + + if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + return 0; + } + + if (outSz > RAN_LEN) { + size = RAN_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ssl->arrays->serverRandom, size); + return 0; +} +#endif /* !defined(NO_WOLFSSL_SERVER) */ + + #if !defined(NO_WOLFSSL_CLIENT) /* Return the amount of random bytes copied over or error case. * ssl : ssl struct after handshake @@ -5816,22 +5876,23 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) * * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information. */ -int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, int outSz) +size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, + size_t outSz) { - int size; + size_t size; /* return max size of buffer */ if (outSz == 0) { return RAN_LEN; } - if (ssl == NULL || out == NULL || outSz < 0) { - return BAD_FUNC_ARG; + if (ssl == NULL || out == NULL) { + return 0; } if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { WOLFSSL_MSG("Arrays struct not saved after handshake"); - return BAD_FUNC_ARG; + return 0; } if (outSz > RAN_LEN) { @@ -13524,15 +13585,6 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch return 0; } -WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, - unsigned long outlen) -{ - (void)ssl; - (void)out; - (void)outlen; - return 0; -} - /*** TBD ***/ WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl) { diff --git a/tests/api.c b/tests/api.c index 469d67329..6036d6e54 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2261,12 +2261,16 @@ static void test_wolfSSL_certs(void) AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); /* create and use x509 */ - x509 = wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM); + x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ(SSL_use_certificate(ssl, x509), SSL_SUCCESS); + /* with loading in a new cert the check on private key should now fail */ + AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + #if defined(USE_CERT_BUFFERS_2048) AssertIntEQ(SSL_use_certificate_ASN1(ssl, diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index e4d1985d1..81aa797db 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -1,6 +1,7 @@ # vim:ft=automake # All paths should be given relative to the root +EXTRA_DIST += src/bio.c EXTRA_DIST += wolfcrypt/src/misc.c EXTRA_DIST += wolfcrypt/src/evp.c EXTRA_DIST += wolfcrypt/src/asm.c diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 7a8c93c8a..a47d00ec0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -535,9 +535,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg -#define SSL_get_server_random wolfSSL_SSL_get_server_random +#define SSL_get_server_random wolfSSL_get_server_random -#define SSL_get_server_random wolfSSL_SSL_get_server_random #define SSL_get_tlsext_status_exts wolfSSL_SSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1481ca3c1..42ba737a0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -715,8 +715,6 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); -WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, - unsigned long outlen); WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl); WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s); @@ -1896,6 +1894,7 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #ifdef OPENSSL_EXTRA #ifndef NO_CERTS +WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx); WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, @@ -1922,8 +1921,10 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); -WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, - int outSz); +WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, + unsigned char *out, size_t outlen); +WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, + unsigned char* out, size_t outSz); WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); From 5f3fa171cd50acb1ce903a7a6cb027b09990cb82 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 11 Nov 2016 14:41:00 -0700 Subject: [PATCH 43/86] templates wolfSSL_ctrl and wolfSSL_CTX_ctrl --- src/ssl.c | 21 +++++++++++++++++++++ tests/api.c | 17 +++++++++++++++++ wolfssl/openssl/ssl.h | 3 +++ wolfssl/ssl.h | 2 ++ 4 files changed, 43 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 5107bddd9..b0d6eaaff 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5684,6 +5684,27 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) #ifdef OPENSSL_EXTRA /* put SSL type in extra for now, not very common */ +long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) +{ + WOLFSSL_STUB("wolfSSL_ctrl"); + (void)ssl; + (void)cmd; + (void)opt; + (void)pt; + return SSL_FAILURE; +} + + +long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) +{ + WOLFSSL_STUB("wolfSSL_CTX_ctrl"); + (void)ctx; + (void)cmd; + (void)opt; + (void)pt; + return SSL_FAILURE; +} + #ifndef NO_CERTS int wolfSSL_check_private_key(const WOLFSSL* ssl) { diff --git a/tests/api.c b/tests/api.c index 6036d6e54..86db69b24 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2268,8 +2268,10 @@ static void test_wolfSSL_certs(void) AssertNotNull(x509); AssertIntEQ(SSL_use_certificate(ssl, x509), SSL_SUCCESS); + #ifndef HAVE_USER_RSA /* with loading in a new cert the check on private key should now fail */ AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + #endif #if defined(USE_CERT_BUFFERS_2048) @@ -2294,6 +2296,20 @@ static void test_wolfSSL_certs(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } +static void test_wolfSSL_ctrl(void) +{ + #if defined(OPENSSL_EXTRA) + printf(testingFmt, "wolfSSL_crtl()"); + + /* needs tested after stubs filled out @TODO + SSL_ctrl + SSL_CTX_ctrl + */ + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) */ +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2341,6 +2357,7 @@ void ApiTest(void) /* compatibility tests */ test_wolfSSL_DES(); test_wolfSSL_certs(); + test_wolfSSL_ctrl(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a47d00ec0..1776e4f53 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -574,6 +574,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_ctrl wolfSSL_ctrl +#define SSL_CTX_ctrl wolfSSL_CTX_ctrl + #ifdef HAVE_STUNNEL #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 42ba737a0..b90718a12 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1892,6 +1892,8 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA +WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); +WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); #ifndef NO_CERTS WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); From 9d1cb186161eae3439346b6d0a0aeadbc32e8e5b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 16 Nov 2016 13:14:40 -0700 Subject: [PATCH 44/86] add function X509_get_ext_d2i --- src/internal.c | 46 ++++ src/ssl.c | 388 ++++++++++++++++++++++++++++++++- tests/api.c | 90 +++++++- wolfcrypt/src/asn.c | 44 ++++ wolfssl/internal.h | 17 ++ wolfssl/openssl/ssl.h | 27 ++- wolfssl/ssl.h | 6 + wolfssl/wolfcrypt/asn.h | 26 ++- wolfssl/wolfcrypt/asn_public.h | 4 + wolfssl/wolfcrypt/types.h | 3 +- 10 files changed, 637 insertions(+), 14 deletions(-) diff --git a/src/internal.c b/src/internal.c index f7b60d590..5065746ed 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2648,6 +2648,12 @@ void FreeX509(WOLFSSL_X509* x509) #ifdef OPENSSL_EXTRA XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); + if (x509->authInfo != NULL) { + XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + } + if (x509->extKeyUsageSrc != NULL) { + XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); + } #endif /* OPENSSL_EXTRA */ if (x509->altNames) FreeAltNames(x509->altNames, NULL); @@ -6313,6 +6319,23 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->pathLength = dCert->pathLength; x509->keyUsage = dCert->extKeyUsage; + x509->CRLdistSet = dCert->extCRLdistSet; + x509->CRLdistCrit = dCert->extCRLdistCrit; + x509->CRLInfo = dCert->extCrlInfo; + x509->CRLInfoSz = dCert->extCrlInfoSz; + x509->authInfoSet = dCert->extAuthInfoSet; + x509->authInfoCrit = dCert->extAuthInfoCrit; + if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) { + x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->authInfo != NULL) { + XMEMCPY(x509->authInfo, dCert->extAuthInfo, dCert->extAuthInfoSz); + x509->authInfoSz = dCert->extAuthInfoSz; + } + else { + ret = MEMORY_E; + } + } x509->basicConstSet = dCert->extBasicConstSet; x509->basicConstCrit = dCert->extBasicConstCrit; x509->basicConstPlSet = dCert->pathLengthSet; @@ -6346,10 +6369,33 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } x509->keyUsageSet = dCert->extKeyUsageSet; x509->keyUsageCrit = dCert->extKeyUsageCrit; + if (dCert->extExtKeyUsageSrc != NULL && dCert->extExtKeyUsageSz > 0) { + x509->extKeyUsageSrc = (byte*)XMALLOC(dCert->extExtKeyUsageSz, + x509->heap, DYNAMIC_TYPE_X509_EXT); + if (x509->extKeyUsageSrc != NULL) { + XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc, + dCert->extExtKeyUsageSz); + x509->extKeyUsageSz = dCert->extExtKeyUsageSz; + x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit; + x509->extKeyUsageCount = dCert->extExtKeyUsageCount; + } + else { + ret = MEMORY_E; + } + } #ifdef WOLFSSL_SEP x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; #endif /* WOLFSSL_SEP */ + #ifdef WOLFSSL_CERT_EXT + { + int i; + for (i = 0; i < dCert->extCertPoliciesNb && i < MAX_CERTPOL_NB; i++) + XMEMCPY(x509->certPolicies[i], dCert->extCertPolicies[i], + MAX_CERTPOL_SZ); + x509->certPoliciesNb = dCert->extCertPoliciesNb; + } + #endif /* WOLFSSL_CERT_EXT */ #endif /* OPENSSL_EXTRA */ #ifdef HAVE_ECC x509->pkCurveOID = dCert->pkCurveOID; diff --git a/src/ssl.c b/src/ssl.c index b0d6eaaff..9aeede590 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5733,15 +5733,298 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl) } +/* Looks for the extension matching the passed in nid + * + * c : if not null then is set to status value -2 if multiple occurances + * of the extension are found, -1 if not found, 0 if found and not + * critical, and 1 if found and critical. + * nid : Extension OID to be found. + * idx : if NULL return first extension found match, otherwise start search at + * idx location and set idx to the location of extension returned. + * returns NULL or a pointer to an WOLFSSL_STACK holding extension structure + * + * NOTE code for decoding extensions is in asn.c DecodeCertExtensions -- + * use already decoded extension in this function to avoid decoding twice. + * Currently we do not make use of idx since getting pre decoded extensions. + */ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx) { - WOLFSSL_STUB("wolfSSL_X509_get_ext_d2i"); - (void)x509; - (void)nid; - (void)c; + WOLFSSL_STACK* sk = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i"); + + if (x509 == NULL) { + return NULL; + } + + if (c != NULL) { + *c = -1; /* default to not found */ + } + + sk = (STACK_OF(WOLFSSL_ASN1_OBJECT)*)XMALLOC( + sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT)), NULL, DYNAMIC_TYPE_ASN1); + if (sk == NULL) { + return NULL; + } + XMEMSET(sk, 0, sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT))); + + switch (nid) { + case BASIC_CA_OID: + if (x509->basicConstSet) { + obj = wolfSSL_ASN1_OBJECT_new(); + if (c != NULL) { + *c = x509->basicConstCrit; + } + obj->type = BASIC_CA_OID; + } + else { + WOLFSSL_MSG("No Basic Constraint set"); + } + break; + + case ALT_NAMES_OID: + { + DNS_entry* dns; + + if (x509->subjAltNameSet && x509->altNames != NULL) { + /* alt names are DNS_entry structs */ + if (c != NULL) { + if (x509->altNames->next != NULL) { + *c = -2; /* more then one found */ + } + else { + *c = x509->subjAltNameCrit; + } + } + + dns = x509->altNames; + while (dns != NULL) { + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = ALT_NAMES_OID; + obj->obj = (byte*)dns->name; + dns = dns->next; + /* last dns in list add at end of function */ + if (dns != NULL) { + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != + SSL_SUCCESS) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; + } + } + } + } + else { + WOLFSSL_MSG("No Alt Names set"); + } + } + break; + + case CRL_DIST_OID: + if (x509->CRLdistSet && x509->CRLInfo != NULL) { + if (c != NULL) { + *c = x509->CRLdistCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = CRL_DIST_OID; + obj->obj = x509->CRLInfo; + obj->objSz = x509->CRLInfoSz; + } + else { + WOLFSSL_MSG("No CRL dist set"); + } + break; + + case AUTH_INFO_OID: + if (x509->authInfoSet && x509->authInfo != NULL) { + if (c != NULL) { + *c = x509->authInfoCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = AUTH_INFO_OID; + obj->obj = x509->authInfo; + obj->objSz = x509->authInfoSz; + } + else { + WOLFSSL_MSG("No Auth Info set"); + } + break; + + case AUTH_KEY_OID: + if (x509->authKeyIdSet) { + if (c != NULL) { + *c = x509->authKeyIdCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = AUTH_KEY_OID; + obj->obj = x509->authKeyId; + obj->objSz = x509->authKeyIdSz; + } + else { + WOLFSSL_MSG("No Auth Key set"); + } + break; + + case SUBJ_KEY_OID: + if (x509->subjKeyIdSet) { + if (c != NULL) { + *c = x509->subjKeyIdCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = SUBJ_KEY_OID; + obj->obj = x509->subjKeyId; + obj->objSz = x509->subjKeyIdSz; + } + else { + WOLFSSL_MSG("No Subject Key set"); + } + break; + + case CERT_POLICY_OID: + #ifdef WOLFSSL_CERT_EXT + { + int i; + + if (x509->certPoliciesNb > 0) { + if (c != NULL) { + if (x509->certPoliciesNb > 1) { + *c = -2; + } + else { + *c = 0; + } + } + + for (i = 0; i < x509->certPoliciesNb - 1; i++) { + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = CERT_POLICY_OID; + obj->obj = (byte*)(x509->certPolicies[i]); + obj->objSz = MAX_CERTPOL_SZ; + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) + != SSL_SUCCESS) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; + } + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = CERT_POLICY_OID; + obj->obj = (byte*)(x509->certPolicies[i]); + obj->objSz = MAX_CERTPOL_SZ; + } + else { + WOLFSSL_MSG("No Cert Policy set"); + } + } + #else + #ifdef WOLFSSL_SEP + if (x509->certPolicySet) { + if (c != NULL) { + *c = x509->certPolicyCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = CERT_POLICY_OID; + } + else { + WOLFSSL_MSG("No Cert Policy set"); + } + #else + WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT"); + #endif /* WOLFSSL_SEP */ + #endif /* WOLFSSL_CERT_EXT */ + break; + + case KEY_USAGE_OID: + if (x509->keyUsageSet) { + if (c != NULL) { + *c = x509->keyUsageCrit; + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = KEY_USAGE_OID; + obj->obj = (byte*)&(x509->keyUsage); + obj->objSz = sizeof(word16); + } + else { + WOLFSSL_MSG("No Key Usage set"); + } + break; + + case INHIBIT_ANY_OID: + WOLFSSL_MSG("INHIBIT ANY extension not supported"); + break; + + case EXT_KEY_USAGE_OID: + if (x509->extKeyUsageSrc != NULL) { + if (c != NULL) { + if (x509->extKeyUsageCount > 1) { + *c = -2; + } + else { + *c = x509->extKeyUsageCrit; + } + } + obj = wolfSSL_ASN1_OBJECT_new(); + obj->type = EXT_KEY_USAGE_OID; + obj->obj = x509->extKeyUsageSrc; + obj->objSz = x509->extKeyUsageSz; + } + else { + WOLFSSL_MSG("No Extended Key Usage set"); + } + break; + + case NAME_CONS_OID: + WOLFSSL_MSG("Name Constraint OID extension not supported"); + break; + + case PRIV_KEY_USAGE_PERIOD_OID: + WOLFSSL_MSG("Private Key Usage Period extension not supported"); + break; + + case SUBJECT_INFO_ACCESS: + WOLFSSL_MSG("Subject Info Access extension not supported"); + break; + + case POLICY_MAP_OID: + WOLFSSL_MSG("Policy Map extension not supported"); + break; + + case POLICY_CONST_OID: + WOLFSSL_MSG("Policy Constraint extension not supported"); + break; + + case ISSUE_ALT_NAMES_OID: + WOLFSSL_MSG("Issue Alt Names extension not supported"); + break; + + case TLS_FEATURE_OID: + WOLFSSL_MSG("TLS Feature extension not supported"); + break; + + default: + WOLFSSL_MSG("Unsupported/Unknown extension OID"); + } + + if (obj != NULL) { + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != SSL_SUCCESS) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; + } + } + else { /* no ASN1 object found for extension, free stack */ + wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; + } + (void)idx; - return NULL; + + return sk; } @@ -12333,6 +12616,101 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA +/* return 1 on success 0 on fail */ +int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, + WOLFSSL_ASN1_OBJECT* obj) +{ + WOLFSSL_STACK* node; + + if (sk == NULL || obj == NULL) { + return SSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.obj == NULL) { + sk->data.obj = obj; + sk->num += 1; + return SSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_ASN1); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return SSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.obj = sk->data.obj; + node->next = sk->next; + sk->next = node; + sk->data.obj = obj; + sk->num += 1; + + return SSL_SUCCESS; +} + + +WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( + STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_ASN1_OBJECT* obj; + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + obj = sk->data.obj; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.obj = node->data.obj; + sk->next = node->next; + XFREE(node, NULL, DYNAMIC_TYPE_ASN1); + } + else { /* last obj in stack */ + sk->data.obj = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return obj; +} + + +/* free structure for x509 stack */ +void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) +{ + WOLFSSL_STACK* node; + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + wolfSSL_ASN1_OBJECT_free(tmp->data.obj); + XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + wolfSSL_ASN1_OBJECT_free(sk->data.obj); + } + XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); +} + + int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, unsigned int len) { diff --git a/tests/api.c b/tests/api.c index 86db69b24..ff3b72d72 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2253,6 +2253,8 @@ static void test_wolfSSL_certs(void) X509* x509; WOLFSSL* ssl; WOLFSSL_CTX* ctx; + STACK_OF(ASN1_OBJECT)* sk; + int crit; printf(testingFmt, "wolfSSL_certs()"); @@ -2285,12 +2287,94 @@ static void test_wolfSSL_certs(void) SSL_use_PrivateKey_ASN1 SSL_use_RSAPrivateKey_ASN1 SSL_X509_digest - SSL_X509_get_ext_d2i */ - SSL_free(ssl); + /* test and checkout X509 extensions */ + sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL); + AssertNotNull(sk); + AssertIntEQ(crit, 0); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); + AssertNotNull(sk); + AssertIntEQ(crit, -2); /* multiple cases */ + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL); + AssertNotNull(sk); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_private_key_usage_period, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_subject_alt_name, &crit, NULL); + /* AssertNotNull(sk); no alt names set */ + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_issuer_alt_name, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_info_access, &crit, NULL); + /* AssertNotNull(sk); no auth info set */ + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_sinfo_access, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_name_constraints, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_certificate_policies, &crit, NULL); + #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT) + AssertNull(sk); + #else + /* AssertNotNull(sk); no cert policy set */ + #endif + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_policy_mappings, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_policy_constraints, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_inhibit_any_policy, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + sk = X509_get_ext_d2i(x509, NID_tlsfeature, &crit, NULL); + /* AssertNotNull(sk); NID not yet supported */ + AssertIntEQ(crit, -1); + wolfSSL_sk_ASN1_OBJECT_free(sk); + + /* test invalid cases */ + crit = 0; + sk = X509_get_ext_d2i(x509, -1, &crit, NULL); + AssertNull(sk); + AssertIntEQ(crit, -1); + sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); + AssertNull(sk); + + SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); - X509_free(x509); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 665199aeb..7c6cc171f 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1398,6 +1398,38 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, } +WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) +{ + WOLFSSL_ASN1_OBJECT* obj; + + obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, + DYNAMIC_TYPE_ASN1); + if (obj == NULL) { + return NULL; + } + + XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); + return obj; +} + + +void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) +{ + if (obj == NULL) { + return; + } + + if (obj->dynamic == 1) { + if (obj->obj != NULL) { + WOLFSSL_MSG("Freeing ASN1 OBJECT data"); + XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); + } + } + + XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); +} + + #ifndef NO_RSA #ifndef HAVE_USER_RSA #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) @@ -2560,6 +2592,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) #ifdef OPENSSL_EXTRA XMEMSET(&cert->issuerName, 0, sizeof(DecodedName)); XMEMSET(&cert->subjectName, 0, sizeof(DecodedName)); + cert->extCRLdistSet = 0; + cert->extCRLdistCrit = 0; + cert->extAuthInfoSet = 0; + cert->extAuthInfoCrit = 0; cert->extBasicConstSet = 0; cert->extBasicConstCrit = 0; cert->extSubjAltNameSet = 0; @@ -5206,11 +5242,19 @@ static int DecodeCertExtensions(DecodedCert* cert) break; case CRL_DIST_OID: + #ifdef OPENSSL_EXTRA + cert->extCRLdistSet = 1; + cert->extCRLdistCrit = critical; + #endif if (DecodeCrlDist(&input[idx], length, cert) < 0) return ASN_PARSE_E; break; case AUTH_INFO_OID: + #ifdef OPENSSL_EXTRA + cert->extAuthInfoSet = 1; + cert->extAuthInfoCrit = critical; + #endif if (DecodeAuthInfo(&input[idx], length, cert) < 0) return ASN_PARSE_E; break; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 92d09f570..62e6bb58c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2503,6 +2503,7 @@ struct WOLFSSL_STACK { union { WOLFSSL_X509* x509; WOLFSSL_BIO* bio; + WOLFSSL_ASN1_OBJECT* obj; } data; WOLFSSL_STACK* next; }; @@ -2566,9 +2567,21 @@ struct WOLFSSL_X509 { void* heap; /* heap hint */ byte dynamicMemory; /* dynamic memory flag */ byte isCa; +#ifdef WOLFSSL_CERT_EXT + char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; + int certPoliciesNb; +#endif /* WOLFSSL_CERT_EXT */ #ifdef OPENSSL_EXTRA word32 pathLength; word16 keyUsage; + byte CRLdistSet; + byte CRLdistCrit; + byte* CRLInfo; + int CRLInfoSz; + byte authInfoSet; + byte authInfoCrit; + byte* authInfo; + int authInfoSz; byte basicConstSet; byte basicConstCrit; byte basicConstPlSet; @@ -2584,6 +2597,10 @@ struct WOLFSSL_X509 { word32 subjKeyIdSz; byte keyUsageSet; byte keyUsageCrit; + byte extKeyUsageCrit; + byte* extKeyUsageSrc; + word32 extKeyUsageSz; + word32 extKeyUsageCount; #endif /* OPENSSL_EXTRA */ }; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1776e4f53..e6d2a8d28 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -81,6 +81,11 @@ typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; +/* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as + * compatibility layer expands. For now treating them as an ASN1_OBJECT */ +typedef WOLFSSL_ASN1_OBJECT GENERAL_NAME; +typedef WOLFSSL_ASN1_OBJECT BASIC_CONSTRAINTS; + #define ASN1_UTCTIME WOLFSSL_ASN1_TIME typedef WOLFSSL_MD4_CTX MD4_CTX; @@ -213,8 +218,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length #define SSL_X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID -#define SSL_X509_get_ext_d2i wolfSSL_X509_get_ext_d2i -#define SSL_X509_digest wolfSSL_X509_digest +#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i +#define X509_digest wolfSSL_X509_digest #define X509_free wolfSSL_X509_free #define OPENSSL_free wolfSSL_OPENSSL_free @@ -640,6 +645,24 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #endif /* HAVE_STUNNEL */ +/* certificate extension NIDs */ +#define NID_basic_constraints 133 +#define NID_key_usage 129 /* 2.5.29.15 */ +#define NID_ext_key_usage 151 /* 2.5.29.37 */ +#define NID_subject_key_identifier 128 +#define NID_authority_key_identifier 149 +#define NID_private_key_usage_period 130 /* 2.5.29.16 */ +#define NID_subject_alt_name 131 +#define NID_issuer_alt_name 132 +#define NID_info_access 69 +#define NID_sinfo_access 79 /* id-pe 11 */ +#define NID_name_constraints 144 /* 2.5.29.30 */ +#define NID_certificate_policies 146 +#define NID_policy_mappings 147 +#define NID_policy_constraints 150 +#define NID_inhibit_any_policy 168 /* 2.5.29.54 */ +#define NID_tlsfeature 92 /* id-pe 24 */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b90718a12..d9cf756df 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -444,6 +444,12 @@ WOLFSSL_API int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API void wolfSSL_sk_X509_free(STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, + WOLFSSL_ASN1_OBJECT* obj); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( + STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); +WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); + WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL*, int); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index fdb8dc7dc..2499cf42f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -303,14 +303,20 @@ enum Extensions_Sum { BASIC_CA_OID = 133, ALT_NAMES_OID = 131, CRL_DIST_OID = 145, - AUTH_INFO_OID = 69, + AUTH_INFO_OID = 69, /* id-pe 1 */ AUTH_KEY_OID = 149, SUBJ_KEY_OID = 128, CERT_POLICY_OID = 146, KEY_USAGE_OID = 129, /* 2.5.29.15 */ INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ - EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ - NAME_CONS_OID = 144 /* 2.5.29.30 */ + EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ + NAME_CONS_OID = 144, /* 2.5.29.30 */ + PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ + SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */ + POLICY_MAP_OID = 147, + POLICY_CONST_OID = 150, + ISSUE_ALT_NAMES_OID = 132, + TLS_FEATURE_OID = 92 /* id-pe 24 */ }; enum CertificatePolicy_Sum { @@ -475,6 +481,10 @@ struct DecodedCert { byte extExtKeyUsageSet; /* Extended Key Usage */ byte extExtKeyUsage; /* Extended Key usage bitfield */ #ifdef OPENSSL_EXTRA + byte extCRLdistSet; + byte extCRLdistCrit; + byte extAuthInfoSet; + byte extAuthInfoCrit; byte extBasicConstSet; byte extBasicConstCrit; byte extSubjAltNameSet; @@ -554,6 +564,16 @@ struct DecodedCert { #endif /* WOLFSSL_CERT_EXT */ }; + +struct WOLFSSL_ASN1_OBJECT { + void* heap; + byte* obj; + int type; /* oid */ + word32 objSz; + byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ +}; + + extern const char* BEGIN_CERT; extern const char* END_CERT; extern const char* BEGIN_CERT_REQ; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index c9d95459d..f0f9eaf5a 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -159,6 +159,7 @@ typedef struct Cert { } Cert; #endif /* WOLFSSL_CERT_GEN */ +typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; #ifdef WOLFSSL_CERT_GEN @@ -280,6 +281,9 @@ WOLFSSL_API int wc_GetCTC_HashOID(int type); */ WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); +WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index ac20cae99..53687bf7d 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -339,7 +339,8 @@ DYNAMIC_TYPE_SESSION_TICK = 57, DYNAMIC_TYPE_PKCS = 58, DYNAMIC_TYPE_MUTEX = 59, - DYNAMIC_TYPE_PKCS7 = 60 + DYNAMIC_TYPE_PKCS7 = 60, + DYNAMIC_TYPE_ASN1 = 61 }; /* max error buffer string size */ From ff05c8a7a5b199e1898db3fd8ccea6e69afb1174 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 18 Nov 2016 14:58:51 -0700 Subject: [PATCH 45/86] expanding compatibility layer --- certs/dsaparams.pem | 9 + examples/server/server.c | 2 +- src/internal.c | 7 + src/ssl.c | 434 +++++++++++++++++++++++---------- tests/api.c | 119 ++++++++- wolfcrypt/src/asn.c | 2 + wolfssl/openssl/ssl.h | 50 ++-- wolfssl/ssl.h | 64 +++-- wolfssl/wolfcrypt/asn.h | 2 + wolfssl/wolfcrypt/asn_public.h | 1 + 10 files changed, 500 insertions(+), 190 deletions(-) create mode 100644 certs/dsaparams.pem diff --git a/certs/dsaparams.pem b/certs/dsaparams.pem new file mode 100644 index 000000000..973e89682 --- /dev/null +++ b/certs/dsaparams.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDN3iVogFMN5XfW0pA5P5CiPzOUbuhPK2OrMKsVuhHqil2NzLjUodXB +R51ac2piSdEGB2f2L6M5vU4NtNMiI4TskyZaSe58iUhmTejo2FD7pXGfIhjl5gtG +h2buUo9GT7UDzu3jvuW1gdJZ6cCtTdBNJve6UOjJj/4kGT0up1I8bQIVAPtH++yB +IMgc6Uq6BG8Zm5TugmfTAoGBAJuVu4XFWEoynKpEhdZo3D4U9M5to0k46tZhSJJa +QJVJOKrhOSloWEeKSwHhLo5sY29AylA/jAuZ5HJCuLHCJkjxnIPGNy5arhEJ2fOt +H2+trVDjeDLm3o6qv9EAn7MCEhmiFewUGFwOJs75rsx7tdEm/IX+FJO2nX124zWX +Ht7E +-----END DSA PARAMETERS----- diff --git a/examples/server/server.c b/examples/server/server.c index 626f96c5e..13bf57918 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1046,7 +1046,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("error creating server random buffer"); } - size = wolfSSL_get_client_random(ssl, rnd, size); + size = wolfSSL_get_server_random(ssl, rnd, size); if (size == 0) { XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); err_sys("error getting server random buffer"); diff --git a/src/internal.c b/src/internal.c index 5065746ed..b38e6c48c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2593,6 +2593,13 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) /* Initialize wolfSSL X509 type */ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) { + if (x509 == NULL) { + WOLFSSL_MSG("Null parameter passed in!"); + return; + } + + XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); + x509->heap = heap; InitX509Name(&x509->issuer, 0); InitX509Name(&x509->subject, 0); diff --git a/src/ssl.c b/src/ssl.c index 9aeede590..94c661fec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3600,6 +3600,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; + case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break; case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; @@ -6028,46 +6029,113 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, } +/* this function makes the assumption that out buffer is big enough for digest*/ +static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, + unsigned int* outSz, const WOLFSSL_EVP_MD* evp, + WOLFSSL_ENGINE* eng) +{ + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int hashSz; + + if (XSTRLEN(evp) < 3) { + /* do not try comparing strings if size is too small */ + return SSL_FAILURE; + } + + if (XSTRNCMP("SHA", evp, 3) == 0) { + if (XSTRLEN(evp) > 3) { + if (XSTRNCMP("SHA256", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA256; + } + else if (XSTRNCMP("SHA384", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA384; + } + else if (XSTRNCMP("SHA512", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA512; + } + else { + WOLFSSL_MSG("Unknown SHA hash"); + } + } + else { + hash = WC_HASH_TYPE_SHA; + } + } + else if (XSTRNCMP("MD2", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD2; + } + else if (XSTRNCMP("MD4", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD4; + } + else if (XSTRNCMP("MD5", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD5; + } + + hashSz = wc_HashGetDigestSize(hash); + if (hashSz < 0) { + WOLFSSL_LEAVE("wolfSSL_EVP_Digest", hashSz); + return SSL_FAILURE; + } + *outSz = hashSz; + + (void)eng; + if (wc_Hash(hash, in, inSz, out, *outSz) == 0) { + return SSL_SUCCESS; + } + else { + return SSL_FAILURE; + } +} + + int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len) { - WOLFSSL_STUB("wolfSSL_X509_digest"); - (void)x509; - (void)digest; - (void)buf; - (void)len; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_X509_digest"); + + if (x509 == NULL || digest == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf, + len, digest, NULL); } int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) { - WOLFSSL_STUB("wolfSSL_use_PrivateKey"); - (void)ssl; - (void)pkey; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_PrivateKey"); + if (ssl == NULL || pkey == NULL ) { + return SSL_FAILURE; + } + + return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, SSL_FILETYPE_ASN1); } int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz) { - WOLFSSL_STUB("wolfSSL_use_PrivateKey_ASN1"); - (void)ssl; - (void)pri; - (void)der; - (void)derSz; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1"); + if (ssl == NULL || der == NULL ) { + return SSL_FAILURE; + } + + (void)pri; /* type of private key */ + return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1); } #ifndef NO_RSA -int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa) +int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz) { - WOLFSSL_STUB("wolfSSL_use_RSAPrivateKey"); - (void)ssl; - (void)rsa; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1"); + if (ssl == NULL || der == NULL ) { + return SSL_FAILURE; + } + + return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1); } #endif @@ -6167,7 +6235,7 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, } XMEMCPY(out, ssl->arrays->serverRandom, size); - return 0; + return size; } #endif /* !defined(NO_WOLFSSL_SERVER) */ @@ -7442,8 +7510,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA WOLFSSL_METHOD* wolfSSLv23_method(void) { - WOLFSSL_STUB("SSLv23_method"); - return NULL; + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("wolfSSLv23_method"); +#ifndef NO_WOLFSSL_CLIENT + m = wolfSSLv23_client_method(); +#else + m = wolfSSLv23_server_method(); +#endif + m->side = WOLFSSL_NEITHER_END; + + return m; } #endif /* OPENSSL_EXTRA */ @@ -9542,12 +9618,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) { /* cache size fixed at compile time in wolfSSL */ (void)ctx; (void)sz; - return 0; + WOLFSSL_MSG("session cache is set at compile time"); + return SESSIONS_PER_ROW * SESSION_ROWS; } @@ -11617,9 +11695,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) { - /* TODO: maybe? */ (void)ctx; - return (~0); + return SESSIONS_PER_ROW * SESSION_ROWS; } unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, @@ -11633,16 +11710,25 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return 0; } - WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) + WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb( + WOLFSSL_CTX *ctx) { - (void) ctx; - return NULL; + if (ctx == NULL) { + return NULL; + } + + return ctx->passwd_cb; } - WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) + + WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata( + WOLFSSL_CTX *ctx) { - (void) ctx; - return NULL; + if (ctx == NULL) { + return NULL; + } + + return ctx->userdata; } #endif /* OPENSSL_EXTRA */ @@ -13883,7 +13969,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op) +WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op) { (void)s; (void)op; @@ -13891,36 +13977,70 @@ WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op) } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s) +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s) { (void)s; return 0; } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s) +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s) { (void)s; return 0; } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s) +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s) { (void)s; return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh) + +long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) { - (void)s; - (void)dh; - return 0; + int pSz, gSz; + byte *p, *g; + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_set_tmp_dh"); + + if (!ssl || !dh) + return BAD_FUNC_ARG; + + /* Get needed size for p and g */ + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + + if (pSz <= 0 || gSz <= 0) + return SSL_FATAL_ERROR; + + p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH); + if (!p) + return MEMORY_E; + + g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH); + if (!g) { + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + + if (pSz >= 0 && gSz >= 0) /* Conversion successful */ + ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); + + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + + return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } + /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13928,7 +14048,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) +WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { (void)s; (void)type; @@ -13936,7 +14056,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13944,7 +14064,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13952,7 +14072,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13960,7 +14080,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13968,7 +14088,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) +WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) { (void)s; (void)resp; @@ -13976,7 +14096,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) +WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) { (void)s; (void)resp; @@ -13985,25 +14105,12 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl) +WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) { (void)ssl; return 0; } -/*** TBD ***/ -WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl) -{ - (void)ssl; - return 0; -} - -/*** TBD ***/ -WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s) -{ - (void)s; -} - long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { (void)ctx; @@ -14087,88 +14194,61 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API void wolfSSL_CONF_modules_unload(int all) -{ - (void) all; -} - #ifndef NO_DES3 void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) @@ -15751,13 +15831,6 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) } } -/*** TBD ***/ -WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r) -{ - (void) r; - return NULL; -} - #endif /* NO_DSA */ #ifndef NO_RSA @@ -15888,6 +15961,46 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) return SSL_SUCCESS; } + + +WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) +{ + WOLFSSL_DH* dh; + DhKey* key; + + dh = wolfSSL_DH_new(); + if (dh == NULL || dsa == NULL) { + return NULL; + } + key = (DhKey*)dh->internal; + + if (dsa->p != NULL && + SetIndividualInternal(((WOLFSSL_DSA*)dsa)->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa p key error"); + wolfSSL_DH_free(dh); + return NULL; + } + if (dsa->g != NULL && + SetIndividualInternal(((WOLFSSL_DSA*)dsa)->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa g key error"); + wolfSSL_DH_free(dh); + return NULL; + } + + if (SetIndividualExternal(&dh->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa p key error"); + wolfSSL_DH_free(dh); + return NULL; + } + if (SetIndividualExternal(&dh->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa g key error"); + wolfSSL_DH_free(dh); + return NULL; + } + + return dh; +} + #endif /* !NO_RSA && !NO_DSA */ @@ -19466,12 +19579,14 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { - (void)ctx; - (void)pkey; WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); - WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey"); - return 0; + if (ctx == NULL || pkey == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_CTX_use_PrivateKey_buffer(ssl, pkey->pkey->ptr, + pkey->pkey_sz, PRIVATEKEY_TYPE); } @@ -19742,6 +19857,90 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) return 0; } +#ifndef NO_DSA +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) +{ + WOLFSSL_DSA* dsa; + DsaKey* key; + int length; + const unsigned char* buf; + word32 bufSz; + int ret; + word32 idx = 0; + DerBuffer* pDer; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams"); + + ret = wolfSSL_BIO_get_mem_data(bp, &buf); + if (ret <= 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + return NULL; + } + + bufSz = (word32)ret; + + if (cb != NULL || u != NULL) { + /* + * cb is for a call back when encountering encrypted PEM files + * if cb == NULL and u != NULL then u = null terminated password string + */ + WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM"); + } + + if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL, + NULL)) < 0 ) { + WOLFSSL_MSG("Issue converting from PEM to DER"); + return NULL; + } + + if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + return NULL; + } + + dsa = wolfSSL_DSA_new(); + if (dsa == NULL) { + WOLFSSL_MSG("Error creating DSA struct"); + } + + key = (DsaKey*)dsa->internal; + if (key == NULL) { + WOLFSSL_MSG("Error finding DSA key struct"); + } + + if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 || + GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 || + GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) { + WOLFSSL_MSG("dsa key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa p key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa q key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa g key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (x != NULL) { + *x = dsa; + } + + return dsa; +} +#endif /* NO_DSA */ #include "src/bio.c" @@ -19749,7 +19948,7 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) char * wolf_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolf_OBJ_nid2ln"); @@ -19790,19 +19989,6 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_p return NULL; } -/*** TBD ***/ -WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) -{ - (void) bp; - (void) x; - (void) cb; - (void) u; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams"); - WOLFSSL_STUB("wolfSSL_PEM_read_bio_DSAparams"); - - return NULL; -} int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { (void)bp; diff --git a/tests/api.c b/tests/api.c index ff3b72d72..5b14c3a11 100644 --- a/tests/api.c +++ b/tests/api.c @@ -46,6 +46,8 @@ #ifdef OPENSSL_EXTRA #include #include + #include + #include #ifndef NO_DES3 #include #endif @@ -2282,12 +2284,18 @@ static void test_wolfSSL_certs(void) sizeof_server_cert_der_2048), SSL_SUCCESS); #endif - /* needs tested after stubs filled out @TODO - SSL_use_PrivateKey - SSL_use_PrivateKey_ASN1 - SSL_use_RSAPrivateKey_ASN1 - SSL_X509_digest - */ + /************* Get Digest of Certificate ******************/ + { + byte digest[64]; /* max digest size */ + word32 digestSz; + + XMEMSET(digest, 0, sizeof(digest)); + AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha1(), digest, &digestSz), + SSL_SUCCESS); + + AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), + SSL_FAILURE); + } /* test and checkout X509 extensions */ sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL); @@ -2301,8 +2309,7 @@ static void test_wolfSSL_certs(void) wolfSSL_sk_ASN1_OBJECT_free(sk); sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); - AssertNotNull(sk); - AssertIntEQ(crit, -2); /* multiple cases */ + /* AssertNotNull(sk); no extension set */ wolfSSL_sk_ASN1_OBJECT_free(sk); sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL); @@ -2373,6 +2380,7 @@ static void test_wolfSSL_certs(void) sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); AssertNull(sk); + AssertIntEQ(SSL_get_hit(ssl), 0); SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); @@ -2380,6 +2388,99 @@ static void test_wolfSSL_certs(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } + +static void test_wolfSSL_private_keys(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL* ssl; + WOLFSSL_CTX* ctx; + EVP_PKEY* pkey = NULL; + + printf(testingFmt, "wolfSSL_private_keys()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + +#ifdef USE_CERT_BUFFERS_2048 + AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, + (unsigned char*)client_key_der_2048, + sizeof_client_key_der_2048), SSL_SUCCESS); + /* Should missmatch now that a different private key loaded */ + AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + + AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, + (unsigned char*)server_key_der_2048, + sizeof_server_key_der_2048), SSL_SUCCESS); + /* After loading back in DER format of original key, should match */ + AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); +#endif + + /* pkey not set yet, expecting to fail */ + AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), SSL_FAILURE); + + SSL_free(ssl); /* frees x509 also since loaded into ssl */ + SSL_CTX_free(ctx); + + /* test existence of no-op macros in wolfssl/openssl/ssl.h */ + CONF_modules_free(); + ENGINE_cleanup(); + CONF_modules_unload(); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + + +static void test_wolfSSL_tmp_dh(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_DSA) + byte buffer[5300]; + char file[] = "./certs/dsaparams.pem"; + FILE *f; + int bytes; + DSA* dsa; + DH* dh; + BIO* bio; + SSL* ssl; + SSL_CTX* ctx; + + printf(testingFmt, "wolfSSL_tmp_dh()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + f = fopen(file, "rb"); + AssertNotNull(f); + bytes = (int)fread(buffer, 1, sizeof(buffer), f); + fclose(f); + + bio = BIO_new_mem_buf((void*)buffer, bytes); + AssertNotNull(bio); + + dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + AssertNotNull(dsa); + + dh = wolfSSL_DSA_dup_DH(dsa); + AssertNotNull(dh); + + AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); + AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + static void test_wolfSSL_ctrl(void) { #if defined(OPENSSL_EXTRA) @@ -2441,6 +2542,8 @@ void ApiTest(void) /* compatibility tests */ test_wolfSSL_DES(); test_wolfSSL_certs(); + test_wolfSSL_private_keys(); + test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7c6cc171f..5cf74ef93 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5778,6 +5778,8 @@ const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; const char* END_DH_PARAM = "-----END DH PARAMETERS-----"; +const char* BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; +const char* END_DSA_PARAM = "-----END DSA PARAMETERS-----"; const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; const char* END_X509_CRL = "-----END X509 CRL-----"; const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e6d2a8d28..4b577652d 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -447,10 +447,12 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index /*#if OPENSSL_API_COMPAT < 0x10100000L*/ -# define CONF_modules_free() while(0) continue -# define ENGINE_cleanup() while(0) continue +# define CONF_modules_free() +# define ENGINE_cleanup() /*#endif*/ -#define CONF_modules_unload wolfSSL_CONF_modules_unload +#define CONF_modules_unload() + +#define SSL_get_hit wolfSSL_session_reused /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 @@ -497,9 +499,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 -#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */ +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file #define BIO_ctrl wolfSSL_BIO_ctrl @@ -519,30 +521,30 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_write_filename wolfSSL_BIO_write_filename #define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return -#define SSL_set_options wolfSSL_SSL_set_options -#define SSL_get_options wolfSSL_SSL_get_options -#define SSL_set_tmp_dh wolfSSL_SSL_set_tmp_dh -#define SSL_clear_num_renegotiations wolfSSL_SSL_clear_num_renegotiations -#define SSL_total_renegotiations wolfSSL_SSSL_total_renegotiations -#define SSL_set_tlsext_debug_arg wolfSSL_SSL_set_tlsext_debug_arg -#define SSL_set_tlsext_status_type wolfSSL_SSL_set_tlsext_status_type -#define SSL_set_tlsext_status_exts wolfSSL_SSL_set_tlsext_status_exts -#define SSL_get_tlsext_status_ids wolfSSL_SSL_get_tlsext_status_ids -#define SSL_set_tlsext_status_ids wolfSSL_SSL_set_tlsext_status_ids -#define SSL_get_tlsext_status_ocsp_resp wolfSSL_SSL_get_tlsext_status_ocsp_resp -#define SSL_set_tlsext_status_ocsp_resp wolfSSL_SSL_set_tlsext_status_ocsp_resp +#define SSL_set_options wolfSSL_set_options +#define SSL_get_options wolfSSL_get_options +#define SSL_set_tmp_dh wolfSSL_set_tmp_dh +#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations +#define SSL_total_renegotiations wolfSSL_total_renegotiations +#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg +#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type +#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts +#define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids +#define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids +#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp -#define SSL_CTX_need_tmp_RSA wolfSSL_SSL_CTX_need_tmp_RSA -#define SSL_CTX_set_tmp_rsa wolfSSL_SSL_CTX_set_tmp_rsa -#define SSL_CTX_add_extra_chain_cert wolfSSL_SSL_CTX_add_extra_chain_cert -#define SSL_CTX_get_read_ahead wolfSSL_SSL_CTX_get_read_ahead -#define SSL_CTX_set_read_ahead wolfSSL_SSL_CTX_set_read_ahead -#define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg +#define SSL_CTX_need_tmp_RSA wolfSSL_CTX_need_tmp_RSA +#define SSL_CTX_set_tmp_rsa wolfSSL_CTX_set_tmp_rsa +#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ - wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg + wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg #define SSL_get_server_random wolfSSL_get_server_random -#define SSL_get_tlsext_status_exts wolfSSL_SSL_get_tlsext_status_exts +#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d9cf756df..bd8a02f1c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -692,39 +692,35 @@ WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); + +WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); - -WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op); -WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); +WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); +WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); +WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); +WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); -WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl); -WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s); -WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl); +WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L @@ -957,7 +953,6 @@ WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); -WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, @@ -1367,6 +1362,7 @@ WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char enum { WOLFSSL_SERVER_END = 0, WOLFSSL_CLIENT_END = 1, + WOLFSSL_NEITHER_END = 3, WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_STREAM_TYPE = 3, WOLFSSL_AEAD_TYPE = 4, @@ -1914,7 +1910,8 @@ WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz); #ifndef NO_RSA -WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa); +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, + long derSz); #endif #endif /* NO_CERTS */ @@ -1933,8 +1930,8 @@ WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); -WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); +WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); /*lighttp compatibility */ @@ -1978,7 +1975,8 @@ WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned #endif #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API char * wolf_OBJ_nid2ln(int n); WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 2499cf42f..1eb4b6d90 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -578,6 +578,8 @@ extern const char* BEGIN_CERT; extern const char* END_CERT; extern const char* BEGIN_CERT_REQ; extern const char* END_CERT_REQ; +extern const char* BEGIN_DSA_PARAM; +extern const char* END_DSA_PARAM; extern const char* BEGIN_DH_PARAM; extern const char* END_DH_PARAM; extern const char* BEGIN_X509_CRL; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f0f9eaf5a..7bd3265f0 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -41,6 +41,7 @@ enum CertType { CERT_TYPE = 0, PRIVATEKEY_TYPE, DH_PARAM_TYPE, + DSA_PARAM_TYPE, CRL_TYPE, CA_TYPE, ECC_PRIVATEKEY_TYPE, From 7e91838d4ac56fb44cae9325813fb366a796f126 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 18 Nov 2016 17:42:37 -0700 Subject: [PATCH 46/86] memory management and add to compatibility layer --- src/ssl.c | 111 +++++++++++++++++++++++++++--------------- tests/api.c | 64 +++++++++++++++++------- wolfssl/internal.h | 3 ++ wolfssl/openssl/evp.h | 4 +- wolfssl/ssl.h | 9 ++-- 5 files changed, 128 insertions(+), 63 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 94c661fec..0cbfa8f31 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9625,7 +9625,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) (void)ctx; (void)sz; WOLFSSL_MSG("session cache is set at compile time"); - return SESSIONS_PER_ROW * SESSION_ROWS; + #ifndef NO_SESSION_CACHE + return SESSIONS_PER_ROW * SESSION_ROWS; + #else + return 0; + #endif } @@ -9767,6 +9771,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) + { + (void)ctx; + WOLFSSL_ENTER("wolfSSL_CTX_get_options"); + WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); + + return 0; + } + + long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { /* goahead calls with 0, do nothing */ @@ -11696,7 +11710,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) { (void)ctx; - return SESSIONS_PER_ROW * SESSION_ROWS; + #ifndef NO_SESSION_CACHE + return SESSIONS_PER_ROW * SESSION_ROWS; + #else + return 0; + #endif } unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, @@ -13968,18 +13986,24 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op) + +/* wolfSSL options are set through API calls and macros. + * return 0 for no options set */ +unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) { - (void)s; + (void)ssl; (void)op; + WOLFSSL_MSG("Set options in wolfSSL through API and macros"); return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s) + +/* wolfSSL options are set through API calls and macros. + * return 0 for no options set */ +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL* ssl) { - (void)s; + (void)ssl; + WOLFSSL_MSG("Set options in wolfSSL through API and macros"); return 0; } @@ -13998,6 +14022,7 @@ WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s) } +#ifndef NO_DH long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) { int pSz, gSz; @@ -14022,7 +14047,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH); if (!g) { - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(p, ssl->heap, DYNAMIC_TYPE_DH); return MEMORY_E; } @@ -14032,20 +14057,25 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (pSz >= 0 && gSz >= 0) /* Conversion successful */ ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); - XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(p, ssl->heap, DYNAMIC_TYPE_DH); + XFREE(g, ssl->heap, DYNAMIC_TYPE_DH); return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } +#endif /* !NO_DH */ -/*** TBD ***/ -WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) +#ifdef HAVE_PK_CALLBACKS +long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) { - (void)s; - (void)arg; - return 0; + if (ssl == NULL) { + return SSL_FAILURE; + } + + ssl->loggingCtx = arg; + return SSL_SUCCESS; } +#endif /* HAVE_PK_CALLBACKS */ /*** TBD ***/ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) @@ -15963,6 +15993,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) } +#if !defined(NO_DSA) && !defined(NO_DH) WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) { WOLFSSL_DH* dh; @@ -16000,6 +16031,7 @@ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) return dh; } +#endif /* !defined(NO_DSA) && !defined(NO_DH) */ #endif /* !NO_RSA && !NO_DSA */ @@ -19578,18 +19610,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } - int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); - - if (ctx == NULL || pkey == NULL) { - return SSL_FAILURE; - } - - return wolfSSL_CTX_use_PrivateKey_buffer(ssl, pkey->pkey->ptr, - pkey->pkey_sz, PRIVATEKEY_TYPE); - } - - int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { (void)b; (void)name; @@ -19767,6 +19787,20 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA + +int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); + + if (ctx == NULL || pkey == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_CTX_use_PrivateKey_buffer(ctx, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, PRIVATEKEY_TYPE); +} + void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); @@ -19895,41 +19929,51 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) { WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + FreeDer(&pDer); return NULL; } dsa = wolfSSL_DSA_new(); if (dsa == NULL) { + FreeDer(&pDer); WOLFSSL_MSG("Error creating DSA struct"); + return NULL; } key = (DsaKey*)dsa->internal; if (key == NULL) { + FreeDer(&pDer); + wolfSSL_DSA_free(dsa); WOLFSSL_MSG("Error finding DSA key struct"); + return NULL; } if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 || GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 || GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) { WOLFSSL_MSG("dsa key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) { WOLFSSL_MSG("dsa p key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) { WOLFSSL_MSG("dsa q key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) { WOLFSSL_MSG("dsa g key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } @@ -19938,6 +19982,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe *x = dsa; } + FreeDer(&pDer); return dsa; } #endif /* NO_DSA */ @@ -20323,16 +20368,6 @@ STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) } -long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) -{ - (void)ctx; - WOLFSSL_ENTER("wolfSSL_CTX_get_options"); - WOLFSSL_STUB("wolfSSL_CTX_get_options"); - - return 0; -} - - WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); diff --git a/tests/api.c b/tests/api.c index 5b14c3a11..96eac1eb5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2267,6 +2267,10 @@ static void test_wolfSSL_certs(void) AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + #ifdef HAVE_PK_CALLBACKS + AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), SSL_SUCCESS); + #endif /* HAVE_PK_CALLBACKS */ + /* create and use x509 */ x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); AssertNotNull(x509); @@ -2284,6 +2288,7 @@ static void test_wolfSSL_certs(void) sizeof_server_cert_der_2048), SSL_SUCCESS); #endif + #if !defined(NO_SHA) && !defined(NO_SHA256) /************* Get Digest of Certificate ******************/ { byte digest[64]; /* max digest size */ @@ -2292,59 +2297,73 @@ static void test_wolfSSL_certs(void) XMEMSET(digest, 0, sizeof(digest)); AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha1(), digest, &digestSz), SSL_SUCCESS); + AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha256(), digest, &digestSz), + SSL_SUCCESS); AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), SSL_FAILURE); } + #endif /* !NO_SHA && !NO_SHA256*/ /* test and checkout X509 extensions */ - sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints, + &crit, NULL); AssertNotNull(sk); AssertIntEQ(crit, 0); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_key_usage, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, + &crit, NULL); /* AssertNotNull(sk); no extension set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_authority_key_identifier, &crit, NULL); AssertNotNull(sk); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_private_key_usage_period, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_private_key_usage_period, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_subject_alt_name, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, + &crit, NULL); /* AssertNotNull(sk); no alt names set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_issuer_alt_name, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_info_access, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit, + NULL); /* AssertNotNull(sk); no auth info set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_sinfo_access, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_name_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_certificate_policies, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_certificate_policies, &crit, NULL); #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT) AssertNull(sk); #else @@ -2352,36 +2371,42 @@ static void test_wolfSSL_certs(void) #endif wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_policy_mappings, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_policy_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_inhibit_any_policy, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_tlsfeature, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit, + NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); /* test invalid cases */ crit = 0; - sk = X509_get_ext_d2i(x509, -1, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL); AssertNull(sk); AssertIntEQ(crit, -1); - sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature, + NULL, NULL); AssertNull(sk); AssertIntEQ(SSL_get_hit(ssl), 0); - SSL_free(ssl); /* frees x509 also since loaded into ssl */ + X509_free(x509); + SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); @@ -2474,6 +2499,9 @@ static void test_wolfSSL_tmp_dh(void) AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); + BIO_free(bio); + DSA_free(dsa); + DH_free(dh); SSL_free(ssl); SSL_CTX_free(ctx); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 62e6bb58c..8f7b4c02a 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2750,6 +2750,9 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ +#ifdef HAVE_PK_CALLBACKS + void* loggingCtx; /* logging callback argument */ +#endif #endif #ifndef NO_RSA RsaKey* peerRsaKey; diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 97aa99709..5120b6939 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -47,7 +47,9 @@ #include #include #include - +#ifdef HAVE_IDEA + #include +#endif #ifdef __cplusplus extern "C" { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bd8a02f1c..0277e761b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1932,6 +1932,7 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); /*lighttp compatibility */ @@ -1947,7 +1948,6 @@ struct WOLFSSL_X509_NAME_ENTRY { #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ @@ -1967,9 +1967,6 @@ WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsign WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ); -WOLFSSL_API unsigned long wolfSSL_SSL_CTX_get_options(const WOLFSSL_CTX *ctx); -WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned long op); - /* end lighttpd*/ #endif #endif @@ -1987,6 +1984,8 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u); WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); + #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ @@ -2044,8 +2043,6 @@ WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); -WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); - WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); From 781c7d00552d631f8114fbefe2cc4346a0f62c0b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 21 Nov 2016 10:52:22 -0700 Subject: [PATCH 47/86] check for user RSA --- tests/api.c | 5 +++++ wolfssl/openssl/ssl.h | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 96eac1eb5..6173a7a92 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2424,6 +2424,9 @@ static void test_wolfSSL_private_keys(void) printf(testingFmt, "wolfSSL_private_keys()"); + OpenSSL_add_all_digests(); + OpenSSL_add_all_algorithms(); + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); @@ -2435,8 +2438,10 @@ static void test_wolfSSL_private_keys(void) AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), SSL_SUCCESS); +#ifndef HAVE_USER_RSA /* Should missmatch now that a different private key loaded */ AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS); +#endif AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, (unsigned char*)server_key_der_2048, diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 4b577652d..9467d53bf 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -257,9 +257,10 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define BIO_f_base64 wolfSSL_BIO_f_base64 #define BIO_set_flags wolfSSL_BIO_set_flags +#define OpenSSL_add_all_digests() #define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms #define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms -#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms +#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms #define RAND_screen wolfSSL_RAND_screen #define RAND_file_name wolfSSL_RAND_file_name From 869529642d4bef1a849cb3a9b12e9023681beb39 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 22 Nov 2016 10:37:44 +0900 Subject: [PATCH 48/86] Add #define EVP_DigestInit_ex --- wolfssl/openssl/evp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 5120b6939..1de39e318 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -327,6 +327,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init #define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup #define EVP_DigestInit wolfSSL_EVP_DigestInit +#define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex #define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate #define EVP_DigestFinal wolfSSL_EVP_DigestFinal #define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex From 4baf494ddd5d2d25732951f56a76f1b66f701c32 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 26 Nov 2016 17:56:40 +0900 Subject: [PATCH 49/86] add EVP_CipherUpdate/Final --- src/ssl.c | 3 +- wolfcrypt/src/evp.c | 77 +++++++++++++++++++++--------------- wolfcrypt/test/test.c | 92 +++++++++++++++++++++++++++++++++++++++++-- wolfssl/openssl/evp.h | 4 +- 4 files changed, 138 insertions(+), 38 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 0cbfa8f31..3d5136e89 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10730,7 +10730,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return 0; /* failure */ } ctx->bufUsed = 0; - ctx->finUsed = 0; + ctx->lastUsed = 0; + ctx->flags = 0; #ifndef NO_AES /* printf("cipherType=%d\n", ctx->cipherType); */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 390153d50..d41d1e9c4 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -64,7 +64,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, return wolfSSL_EVP_DigestInit(ctx, type); } -#ifdef DEBUG_WOLFSSL +#ifdef DEBUG_WOLFSSL_EVP #define PRINT_BUF(b, sz) { int i; for(i=0; i<(sz); i++){printf("%02x(%c),", (b)[i], (b)[i]); if((i+1)%8==0)printf("\n");}} #else #define PRINT_BUF(b, sz) @@ -73,8 +73,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) { int fill; - WOLFSSL_ENTER("fillBuff"); - /* printf("ctx->bufUsed=%d, sz=%d\n",ctx->bufUsed, sz); */ + if (sz > 0) { if ((sz+ctx->bufUsed) > ctx->block_size) { fill = ctx->block_size - ctx->bufUsed; @@ -83,7 +82,6 @@ static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz } XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill); ctx->bufUsed += fill; - /* printf("Result: ctx->bufUsed=%d\n",ctx->bufUsed); */ return fill; } else return 0; } @@ -92,7 +90,6 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, int inl) { - WOLFSSL_ENTER("evpCipherBlock"); switch (ctx->cipherType) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: @@ -152,8 +149,6 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, default: return 0; } - ctx->finUsed = 1; - XMEMCPY(ctx->fin, (const byte *)&out[inl-ctx->block_size], ctx->block_size); (void)in; return 1; } @@ -173,12 +168,25 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, inl -= fill; in += fill; } - if (ctx->bufUsed == ctx->block_size) { - /* the buff is full, flash out */ - if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) - return 0; + if((ctx->enc == 0)&& (ctx->lastUsed == 1)){ + PRINT_BUF(ctx->lastBlock, ctx->block_size); + XMEMCPY(out, ctx->lastBlock, ctx->block_size); *outl+= ctx->block_size; out += ctx->block_size; + } + if ((ctx->bufUsed == ctx->block_size) || (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING)){ + /* the buff is full, flash out */ + PRINT_BUF(ctx->buf, ctx->block_size); + if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) + return 0; + PRINT_BUF(out, ctx->block_size); + if(ctx->enc == 0){ + ctx->lastUsed = 1; + XMEMCPY(ctx->lastBlock, out, ctx->block_size); + } else { + *outl+= ctx->block_size; + out += ctx->block_size; + } ctx->bufUsed = 0; } @@ -187,10 +195,17 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, /* process blocks */ if (evpCipherBlock(ctx, out, ctx->buf, blocks) == 0) return 0; + PRINT_BUF(ctx->buf, ctx->block_size); + PRINT_BUF(out, ctx->block_size); inl -= ctx->block_size * blocks; - *outl+= ctx->block_size * blocks; in += ctx->block_size * blocks; - out += ctx->block_size * blocks; + if(ctx->enc == 0){ + ctx->lastUsed = 1; + XMEMCPY(ctx->lastBlock, &out[ctx->block_size * (blocks-1)], ctx->block_size); + *outl+= ctx->block_size * (blocks-1); + } else { + *outl+= ctx->block_size * blocks; + } } if (inl > 0) { /* put fraction into buff */ @@ -206,22 +221,22 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx) { int i; - WOLFSSL_ENTER("paddBlock"); for (i = ctx->bufUsed; i < ctx->block_size; i++) ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed); } -static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx) +static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff) { int i; int n; - WOLFSSL_ENTER("checkPad"); - n = ctx->buf[ctx->block_size-1]; + n = buff[ctx->block_size-1]; + if (n > ctx->block_size) return FALSE; - for (i = n; i < ctx->block_size; i++) - if (ctx->buf[i] != n) - return -1; - return n; + for (i = 0; i < n; i++){ + if (buff[ctx->block_size-i-1] != n) + return FALSE; + } + return ctx->block_size - n; } WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, @@ -234,24 +249,22 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, *outl = 0; return 1; } - if (ctx->bufUsed > 0) { - if (ctx->enc) { + if (ctx->enc) { + if (ctx->bufUsed > 0) { padBlock(ctx); - /* printf("Enc: block_size=%d\n", ctx->block_size); */ PRINT_BUF(ctx->buf, ctx->block_size); if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) return 0; + PRINT_BUF(out, ctx->block_size); *outl = ctx->block_size; } - else { - if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) - return 0; - /* printf("Dec: block_size=%d\n", ctx->block_size); */ - PRINT_BUF(ctx->buf, ctx->block_size); - if ((fl = checkPad(ctx)) >= 0) { - XMEMCPY(out, ctx->buf, fl); + } else { + if (ctx->lastUsed){ + PRINT_BUF(ctx->lastBlock, ctx->block_size); + if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { + XMEMCPY(out, ctx->lastBlock, fl); *outl = fl; - } else return 0; + } else return 0; } } return 1; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9deae33f0..c0d79b45a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6982,6 +6982,7 @@ int openssl_test(void) #ifdef WOLFSSL_AES_DIRECT /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ +{ /* Test: AES_encrypt/decrypt/set Key */ AES_KEY enc; @@ -7028,6 +7029,7 @@ int openssl_test(void) if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) return OPENSSL_TEST_ERROR-61; +} #endif @@ -7194,7 +7196,6 @@ int openssl_test(void) if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) return -3316; - printf("EVP_Cipher\n"); if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, AES_BLOCK_SIZE) == 0) return -3317; EVP_CIPHER_CTX_init(&de); @@ -7230,11 +7231,96 @@ int openssl_test(void) return -3326; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) return -3327; - } - #endif /* HAVE_AES_COUNTER */ +{ + /* EVP_CipherUpdate test */ + + + const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; + int outlen ; + int total = 0; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -3401; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) + return -3402; + if(outlen != 0) + return -3403; + total += outlen; + + if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) + return -3404; + if(outlen != 16) + return -3405; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -3406; + if(outlen != 16) + return -3407; + total += outlen; + if(total != 32) + return 3408; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -3420; + + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + return -3421; + if(outlen != 0) + return -3422; + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) + return -3423; + if(outlen != 0) + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) + return -3423; + if(outlen != 16) + return -3424; + total += outlen; + + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -3425; + if(outlen != 2) + return -3426; + total += outlen; + + if(total != 18) + return 3427; + + if (XMEMCMP(plain, cbcPlain, 18)) + return -3428; + + } + return 0; } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 1de39e318..282a49b81 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -169,8 +169,8 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { WOLFSSL_Cipher cipher; ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE]; int bufUsed; - ALIGN16 byte fin[WOLFSSL_EVP_BUF_SIZE]; - int finUsed; + ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE]; + int lastUsed; } WOLFSSL_EVP_CIPHER_CTX; typedef int WOLFSSL_ENGINE ; From 570486b90c694759709b1d6076f2922902a374ea Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 27 Nov 2016 09:05:09 +0900 Subject: [PATCH 50/86] add SL_CTX_need/set_tmp_RSA --- src/ssl.c | 16 +--------------- wolfssl/openssl/ssl.h | 10 ++++++---- 2 files changed, 7 insertions(+), 19 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3d5136e89..911966588 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13906,7 +13906,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) } /*** TBC ***/ -WOLFSSL_API WOLFSSL_BIGNUM *ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) { (void)ai; @@ -14224,20 +14224,6 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) return 0; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - /*** TBC ***/ WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) { diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 9467d53bf..186cd434a 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -448,8 +448,12 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index /*#if OPENSSL_API_COMPAT < 0x10100000L*/ -# define CONF_modules_free() -# define ENGINE_cleanup() +#define CONF_modules_free() +#define ENGINE_cleanup() +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl,rsa) 1 /*#endif*/ #define CONF_modules_unload() @@ -535,8 +539,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp #define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp -#define SSL_CTX_need_tmp_RSA wolfSSL_CTX_need_tmp_RSA -#define SSL_CTX_set_tmp_rsa wolfSSL_CTX_set_tmp_rsa #define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert #define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead #define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead From 778680116e686802891672fad4aa495fb520da24 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 28 Nov 2016 10:13:30 +0900 Subject: [PATCH 51/86] HMAC_cleanup, MD5xxx for bsd --- wolfssl/openssl/md5.h | 9 +++++++-- wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 2 -- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h index bdcda5b98..2e8620825 100644 --- a/wolfssl/openssl/md5.h +++ b/wolfssl/openssl/md5.h @@ -32,11 +32,16 @@ typedef WOLFSSL_MD5_CTX MD5_CTX; #define MD5_Update wolfSSL_MD5_Update #define MD5_Final wolfSSL_MD5_Final +#ifdef OPENSSL_EXTRA_BSD + #define MD5Init wolfSSL_MD5_Init + #define MD5Update wolfSSL_MD5_Update + #define MD5Final wolfSSL_MD5_Final +#endif + #ifdef __cplusplus - } /* extern "C" */ + } /* extern "C" */ #endif #endif /* NO_MD5 */ #endif /* WOLFSSL_MD5_H_ */ - diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 186cd434a..a8ecfebc6 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -450,6 +450,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() #define ENGINE_cleanup() +#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup #define SSL_CTX_need_tmp_RSA(ctx) 0 #define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 #define SSL_need_tmp_RSA(ssl) 0 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0277e761b..1b759da67 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -693,8 +693,6 @@ WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); From 1704a8d6839a93a9515a5941780b5e148bb53ce4 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 28 Nov 2016 15:17:13 -0700 Subject: [PATCH 52/86] expand compatibility layer with write bio function --- src/ssl.c | 112 +++++++++++++++++++++++++++++++++++++++--- tests/api.c | 45 ++++++++++++++++- wolfcrypt/src/asn.c | 14 ++++++ wolfcrypt/src/evp.c | 2 + wolfcrypt/test/test.c | 2 + wolfssl/openssl/evp.h | 2 +- wolfssl/openssl/pem.h | 5 +- wolfssl/ssl.h | 5 +- 8 files changed, 173 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 911966588..96deacdd2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5685,6 +5685,42 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) #ifdef OPENSSL_EXTRA /* put SSL type in extra for now, not very common */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz) +{ + WOLFSSL_EVP_PKEY* local; + + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); + + if (in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + local = wolfSSL_PKEY_new(); + if (local == NULL) { + return NULL; + } + + local->type = type; + local->pkey_sz = inSz; + local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + if (local->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(local); + local = NULL; + } + else { + XMEMCPY(local->pkey.ptr, *in, inSz); + } + + if (out != NULL) { + *out = local; + } + + return local; +} + + long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) { WOLFSSL_STUB("wolfSSL_ctrl"); @@ -13803,6 +13839,20 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) } +WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new() +{ + WOLFSSL_EVP_PKEY* pkey; + + pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey != NULL) { + XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + } + + return pkey; +} + + void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) { if (key != NULL) { @@ -17417,26 +17467,72 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, } #endif /* NO_FILESYSTEM */ -/*** TBD ***/ -WOLFSSL_API -int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, RSA* rsa, - const EVP_CIPHER* cipher, +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb cb, void* arg) { - (void)bio; - (void)rsa; + byte* keyDer; + int pemSz; + int type; + int ret; + (void)cipher; (void)passwd; (void)len; (void)cb; (void)arg; - WOLFSSL_MSG("wolfSSL_PEM_write_bio_PrivateKey not implemented"); + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); - return SSL_FAILURE; + if (bio == NULL || key == NULL) { + return SSL_FAILURE; + } + + keyDer = (byte*)key->pkey.ptr; + + switch (key->type) { + case EVP_PKEY_RSA: + type = PRIVATEKEY_TYPE; + break; + +#ifndef NO_DSA + case EVP_PKEY_DSA: + type = DSA_PRIVATEKEY_TYPE; + break; +#endif + + case EVP_PKEY_EC: + type = ECC_PRIVATEKEY_TYPE; + break; + + default: + WOLFSSL_MSG("Unknown Key type!"); + type = PRIVATEKEY_TYPE; + } + + pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type); + if (pemSz < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz); + return SSL_FAILURE; + } + if (bio->mem != NULL) { + XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); + } + bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); + bio->memLen = pemSz; + + ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen, + NULL, type); + if (ret < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); + return SSL_FAILURE; + } + + return SSL_SUCCESS; } + int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, diff --git a/tests/api.c b/tests/api.c index 6173a7a92..6068aad91 100644 --- a/tests/api.c +++ b/tests/api.c @@ -48,6 +48,7 @@ #include #include #include + #include #ifndef NO_DES3 #include #endif @@ -2435,6 +2436,9 @@ static void test_wolfSSL_private_keys(void) AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); #ifdef USE_CERT_BUFFERS_2048 + { + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), SSL_SUCCESS); @@ -2444,15 +2448,23 @@ static void test_wolfSSL_private_keys(void) #endif AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, - (unsigned char*)server_key_der_2048, + (unsigned char*)server_key, sizeof_server_key_der_2048), SSL_SUCCESS); /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); -#endif /* pkey not set yet, expecting to fail */ AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), SSL_FAILURE); + /* set PKEY and test again */ + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), SSL_SUCCESS); + } +#endif + + + EVP_PKEY_free(pkey); SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); @@ -2466,6 +2478,34 @@ static void test_wolfSSL_private_keys(void) } +static void test_wolfSSL_PEM_PrivateKey(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) && \ + defined(USE_CERT_BUFFERS_2048) + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + EVP_PKEY* pkey = NULL; + BIO* bio; + + printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + AssertNotNull(bio); + + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + + BIO_free(bio); + EVP_PKEY_free(pkey); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + + static void test_wolfSSL_tmp_dh(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -2576,6 +2616,7 @@ void ApiTest(void) test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_private_keys(); + test_wolfSSL_PEM_PrivateKey(); test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5cf74ef93..765f42c73 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5908,6 +5908,20 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, headerLen = (int)XSTRLEN(header); footerLen = (int)XSTRLEN(footer); + /* if null output and 0 size passed in then return size needed */ + if (!output && outSz == 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + outLen = 0; + if ((err = Base64_Encode(der, derSz, NULL, (word32*)&outLen)) + != LENGTH_ONLY_E) { + return err; + } + return headerLen + footerLen + outLen; + } + if (!der || !output) { #ifdef WOLFSSL_SMALL_STACK XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index d41d1e9c4..86ac26ab6 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -150,6 +150,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, return 0; } (void)in; + (void)inl; + (void)out; return 1; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c0d79b45a..ae1754240 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6980,6 +6980,7 @@ int openssl_test(void) #define OPENSSL_TEST_ERROR (-10000) +#ifndef NO_AES #ifdef WOLFSSL_AES_DIRECT /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ { @@ -7320,6 +7321,7 @@ int openssl_test(void) return -3428; } +#endif /* ifndef NO_AES */ return 0; } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 282a49b81..3148d63b5 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -145,7 +145,7 @@ enum { NULL_CIPHER_TYPE = 15, EVP_PKEY_RSA = 16, EVP_PKEY_DSA = 17, - EVP_PKEY_EC = 18, + EVP_PKEY_EC = 18, IDEA_CBC_TYPE = 19, NID_sha1 = 64, NID_md2 = 3, diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 043854342..9f0ec25bb 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -13,6 +13,7 @@ extern "C" { #endif +#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey /* RSA */ WOLFSSL_API @@ -90,8 +91,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, pem_password_cb cb, void* arg); WOLFSSL_API -int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, RSA* rsa, - const EVP_CIPHER* cipher, +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb cb, void* arg); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1b759da67..0fcdb4828 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -124,7 +124,7 @@ typedef struct WOLFSSL_EVP_PKEY { int save_type; /* openssh dereference */ int pkey_sz; union { - char* ptr; + char* ptr; /* der format of key / or raw for NTRU */ } pkey; #ifdef HAVE_ECC int pkey_curve; @@ -631,6 +631,9 @@ WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKE WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX*, int); WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, + WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); From 280f5cb54207ae5003b578c42a6d1b063a96d524 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 29 Nov 2016 11:18:14 +0900 Subject: [PATCH 53/86] fix int long type mismatch --- src/ssl.c | 2 +- tests/api.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 96deacdd2..5071055a3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5703,7 +5703,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } local->type = type; - local->pkey_sz = inSz; + local->pkey_sz = (int)inSz; local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); diff --git a/tests/api.c b/tests/api.c index 6068aad91..51e797ab9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2541,8 +2541,8 @@ static void test_wolfSSL_tmp_dh(void) dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); - AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); - AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); + AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); + AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); BIO_free(bio); DSA_free(dsa); From 1d0fc83d4039c606c76fffa384a884689b83f86e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 29 Nov 2016 10:32:25 -0700 Subject: [PATCH 54/86] function to add X509 to cert chain --- src/ssl.c | 193 ++++++++++++++++++++++++++++++++------------------ tests/api.c | 29 ++++++++ wolfssl/ssl.h | 2 +- 3 files changed, 153 insertions(+), 71 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5071055a3..46fdfca67 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14274,13 +14274,64 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) return 0; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) + +long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) { - (void)ctx; - return 0; + byte* chain; + long chainSz = 0; + int derSz; + const byte* der; + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert"); + + if (ctx == NULL || x509 == NULL) { + WOLFSSL_MSG("Bad Argument"); + return SSL_FAILURE; + } + + der = wolfSSL_X509_get_der(x509, &derSz); + if (der == NULL || derSz <= 0) { + WOLFSSL_MSG("Error getting X509 DER"); + return SSL_FAILURE; + } + + /* adding cert to existing chain */ + if (ctx->certChain != NULL && ctx->certChain->length > 0) { + chainSz += ctx->certChain->length; + } + chainSz += derSz; + + chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (chain == NULL) { + WOLFSSL_MSG("Memory Error"); + return SSL_FAILURE; + } + + if (ctx->certChain != NULL && ctx->certChain->length > 0) { + XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length); + XMEMCPY(chain + ctx->certChain->length, der, derSz); + } + else { + XMEMCPY(chain, der, derSz); + } + + ret = ProcessBuffer(ctx, chain, chainSz, SSL_FILETYPE_ASN1, CERT_TYPE, + NULL, NULL, 1); + if (ret != SSL_SUCCESS) { + WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret); + XFREE(chain, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } + + /* on success WOLFSSL_X509 memory is responsibility of ctx */ + wolfSSL_X509_free(x509); + XFREE(chain, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return SSL_SUCCESS; } + /*** TBC ***/ WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) { @@ -17319,6 +17370,74 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, } #endif /* defined(WOLFSSL_KEY_GEN) */ +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + +int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb cb, void* arg) +{ + byte* keyDer; + int pemSz; + int type; + int ret; + + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); + + if (bio == NULL || key == NULL) { + return SSL_FAILURE; + } + + keyDer = (byte*)key->pkey.ptr; + + switch (key->type) { + case EVP_PKEY_RSA: + type = PRIVATEKEY_TYPE; + break; + +#ifndef NO_DSA + case EVP_PKEY_DSA: + type = DSA_PRIVATEKEY_TYPE; + break; +#endif + + case EVP_PKEY_EC: + type = ECC_PRIVATEKEY_TYPE; + break; + + default: + WOLFSSL_MSG("Unknown Key type!"); + type = PRIVATEKEY_TYPE; + } + + pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type); + if (pemSz < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz); + return SSL_FAILURE; + } + if (bio->mem != NULL) { + XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); + } + bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); + bio->memLen = pemSz; + + ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen, + NULL, type); + if (ret < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); + return SSL_FAILURE; + } + + return SSL_SUCCESS; +} +#endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */ + #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) /* return code compliant with OpenSSL : @@ -17467,72 +17586,6 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, } #endif /* NO_FILESYSTEM */ -int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, - const WOLFSSL_EVP_CIPHER* cipher, - unsigned char* passwd, int len, - pem_password_cb cb, void* arg) -{ - byte* keyDer; - int pemSz; - int type; - int ret; - - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); - - if (bio == NULL || key == NULL) { - return SSL_FAILURE; - } - - keyDer = (byte*)key->pkey.ptr; - - switch (key->type) { - case EVP_PKEY_RSA: - type = PRIVATEKEY_TYPE; - break; - -#ifndef NO_DSA - case EVP_PKEY_DSA: - type = DSA_PRIVATEKEY_TYPE; - break; -#endif - - case EVP_PKEY_EC: - type = ECC_PRIVATEKEY_TYPE; - break; - - default: - WOLFSSL_MSG("Unknown Key type!"); - type = PRIVATEKEY_TYPE; - } - - pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type); - if (pemSz < 0) { - WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz); - return SSL_FAILURE; - } - if (bio->mem != NULL) { - XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); - } - bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); - bio->memLen = pemSz; - - ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen, - NULL, type); - if (ret < 0) { - WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); - return SSL_FAILURE; - } - - return SSL_SUCCESS; -} - - int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, diff --git a/tests/api.c b/tests/api.c index 51e797ab9..f8ffe1dba 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2568,6 +2568,34 @@ static void test_wolfSSL_ctrl(void) #endif /* defined(OPENSSL_EXTRA) */ } + +static void test_wolfSSL_CTX_add_extra_chain_cert(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) + char caFile[] = "./certs/client-ca.pem"; + char clientFile[] = "./certs/client-cert.pem"; + SSL_CTX* ctx; + X509* x509; + + printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + + x509 = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); + AssertNotNull(x509); + AssertIntEQ((int)wolfSSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + + x509 = wolfSSL_X509_load_certificate_file(clientFile, SSL_FILETYPE_PEM); + AssertNotNull(x509); + AssertIntEQ((int)wolfSSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + + SSL_CTX_free(ctx); + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) */ +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2619,6 +2647,7 @@ void ApiTest(void) test_wolfSSL_PEM_PrivateKey(); test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); + test_wolfSSL_CTX_add_extra_chain_cert(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0fcdb4828..ecfda40b3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -696,7 +696,7 @@ WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); From e741a240893d0017fbb1f96dd1aea9619210fa38 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 30 Nov 2016 13:26:24 -0700 Subject: [PATCH 55/86] add get last error and line function, fix ASN1 object redeclaration --- src/ssl.c | 55 +++++++++++++++++++++ tests/api.c | 87 ++++++++++++++++++++++++++++++++-- wolfcrypt/src/asn.c | 32 ------------- wolfcrypt/src/logging.c | 27 +++++++++++ wolfssl/ssl.h | 5 +- wolfssl/wolfcrypt/asn_public.h | 9 ---- wolfssl/wolfcrypt/logging.h | 11 +++++ 7 files changed, 178 insertions(+), 48 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 46fdfca67..139b4cb54 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12824,6 +12824,38 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( } +WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) +{ + WOLFSSL_ASN1_OBJECT* obj; + + obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, + DYNAMIC_TYPE_ASN1); + if (obj == NULL) { + return NULL; + } + + XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); + return obj; +} + + +void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) +{ + if (obj == NULL) { + return; + } + + if (obj->dynamic == 1) { + if (obj->obj != NULL) { + WOLFSSL_MSG("Freeing ASN1 OBJECT data"); + XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); + } + } + + XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); +} + + /* free structure for x509 stack */ void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { @@ -19924,6 +19956,29 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA +/* wolfSSL uses negative values for error states. This function returns an + * unsigned type so the value returned is the absolute value of the error. + */ +unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) +{ + WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); + + (void)line; + (void)file; +#if defined(DEBUG_WOLFSSL) + if (line != NULL) { + *line = (int)wc_last_error_line; + } + if (file != NULL) { + *file = (char*)wc_last_error_file; + } + return wc_last_error; +#else + return NOT_COMPILED_IN; +#endif +} + + int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); diff --git a/tests/api.c b/tests/api.c index f8ffe1dba..bfa9c9f41 100644 --- a/tests/api.c +++ b/tests/api.c @@ -636,7 +636,13 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) #endif ((func_args*)args)->return_code = TEST_FAIL; - method = wolfSSLv23_server_method(); + if (((func_args*)args)->callbacks != NULL && + ((func_args*)args)->callbacks->method != NULL) { + method = ((func_args*)args)->callbacks->method(); + } + else { + method = wolfSSLv23_server_method(); + } ctx = wolfSSL_CTX_new(method); #if defined(USE_WINDOWS_API) @@ -779,7 +785,13 @@ static void test_client_nofail(void* args) #endif ((func_args*)args)->return_code = TEST_FAIL; - method = wolfSSLv23_client_method(); + if (((func_args*)args)->callbacks != NULL && + ((func_args*)args)->callbacks->method != NULL) { + method = ((func_args*)args)->callbacks->method(); + } + else { + method = wolfSSLv23_client_method(); + } ctx = wolfSSL_CTX_new(method); #ifdef OPENSSL_EXTRA @@ -1145,6 +1157,8 @@ static void test_wolfSSL_read_write(void) func_args server_args; THREAD_TYPE serverThread; + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif @@ -1190,6 +1204,8 @@ static void test_wolfSSL_dtls_export(void) InitTcpReady(&ready); /* set using dtls */ + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfDTLSv1_2_server_method; @@ -1233,6 +1249,9 @@ static void test_wolfSSL_client_server(callback_functions* client_callbacks, func_args server_args; THREAD_TYPE serverThread; + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + StartTCP(); client_args.callbacks = client_callbacks; @@ -2572,11 +2591,11 @@ static void test_wolfSSL_ctrl(void) static void test_wolfSSL_CTX_add_extra_chain_cert(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; - X509* x509; + X509* x509 = NULL; printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()"); @@ -2593,7 +2612,64 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void) SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) */ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ +} + + +static void test_wolfSSL_ERR_peek_last_error_line(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions client_cb; + callback_functions server_cb; + int line = 0; + const char* file = NULL; + + printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()"); + + /* create a failed connection and inspect the error */ +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + + StartTCP(); + InitTcpReady(&ready); + + client_cb.method = wolfTLSv1_1_client_method; + server_cb.method = wolfTLSv1_2_server_method; + + server_args.signal = &ready; + server_args.callbacks = &server_cb; + client_args.signal = &ready; + client_args.callbacks = &client_cb; + + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args); + join_thread(serverThread); + + FreeTcpReady(&ready); + + /* check that error code was stored */ + AssertIntNE(wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); + wolfSSL_ERR_peek_last_error_line(NULL, &line); + AssertIntNE(line, 0); + wolfSSL_ERR_peek_last_error_line(&file, NULL); + AssertNotNull(file); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } /*----------------------------------------------------------------------------* @@ -2648,6 +2724,7 @@ void ApiTest(void) test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); test_wolfSSL_CTX_add_extra_chain_cert(); + test_wolfSSL_ERR_peek_last_error_line(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 765f42c73..41fd3b57a 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1398,38 +1398,6 @@ int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, } -WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) -{ - WOLFSSL_ASN1_OBJECT* obj; - - obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, - DYNAMIC_TYPE_ASN1); - if (obj == NULL) { - return NULL; - } - - XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); - return obj; -} - - -void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) -{ - if (obj == NULL) { - return; - } - - if (obj->dynamic == 1) { - if (obj->obj != NULL) { - WOLFSSL_MSG("Freeing ASN1 OBJECT data"); - XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); - } - } - - XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); -} - - #ifndef NO_RSA #ifndef HAVE_USER_RSA #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 9a4fac5f4..2c7e5be04 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -43,6 +43,11 @@ #ifdef DEBUG_WOLFSSL + #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + volatile char wc_last_error_file[80]; + volatile unsigned long wc_last_error_line; + volatile unsigned long wc_last_error; + #endif /* Set these to default values initially. */ static wolfSSL_Logging_cb log_function = 0; @@ -198,11 +203,33 @@ void WOLFSSL_LEAVE(const char* msg, int ret) } +/* + * When using OPENSSL_EXTRA or DEBUG_WOLFSSL_VERBOSE macro then WOLFSSL_ERROR is + * mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function + * name where WOLFSSL_ERROR is called at. + */ +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) +void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line, + const char* file, void* usrCtx) +#else void WOLFSSL_ERROR(int error) +#endif { if (loggingEnabled) { char buffer[80]; sprintf(buffer, "wolfSSL error occurred, error = %d", error); + #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + (void)usrCtx; /* a user ctx for future flexibility */ + (void)func; + if (error < 0) error = error - (2*error); /* get absolute value */ + wc_last_error = (unsigned long)error; + wc_last_error_line = (unsigned long)line; + XMEMSET((char*)wc_last_error_file, 0, sizeof(file)); + if (XSTRLEN(file) < sizeof(file)) { + XSTRNCPY((char*)wc_last_error_file, file, XSTRLEN(file)); + } + sprintf(buffer, "%s line:%d file:%s", buffer, line, file); + #endif wolfssl_log(ERROR_LOG , buffer); } } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ecfda40b3..f81a3a004 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -443,7 +443,8 @@ WOLFSSL_API int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API void wolfSSL_sk_X509_free(STACK_OF(WOLFSSL_X509_NAME)* sk); - +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); +WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( @@ -1895,6 +1896,7 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); @@ -2071,7 +2073,6 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); -WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); #ifndef NO_FILESYSTEM WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 7bd3265f0..576d2d28f 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -158,12 +158,6 @@ typedef struct Cert { #endif void* heap; /* heap hint */ } Cert; -#endif /* WOLFSSL_CERT_GEN */ - -typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; - -#ifdef WOLFSSL_CERT_GEN - /* Initialize and Set Certificate defaults: @@ -282,9 +276,6 @@ WOLFSSL_API int wc_GetCTC_HashOID(int type); */ WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); -WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); -WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 29bf0abea..a69bde5c7 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -55,7 +55,18 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #define WOLFSSL_STUB(m) \ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + /* make these variables global and declare them in logging.c */ + extern volatile char wc_last_error_file[80]; + extern volatile unsigned long wc_last_error_line; + extern volatile unsigned long wc_last_error; + + void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, + const char* file, void* ctx); + #define WOLFSSL_ERROR(x) WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__,NULL) +#else void WOLFSSL_ERROR(int); +#endif void WOLFSSL_MSG(const char* msg); void WOLFSSL_BUFFER(byte* buffer, word32 length); From 2daeecdb900cb3692f9f3f74ae59ecbe530efb0c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 1 Dec 2016 14:07:50 -0700 Subject: [PATCH 56/86] BIO s_socket and BN mod exp --- certs/include.am | 3 +- src/bio.c | 21 ++++----- src/internal.c | 12 +++++- src/ssl.c | 82 +++++++++++++++++++++++------------ tests/api.c | 96 +++++++++++++++++++++++++++++++++++++++-- wolfcrypt/src/logging.c | 6 ++- wolfssl/internal.h | 1 + wolfssl/openssl/ssl.h | 16 ++++--- wolfssl/ssl.h | 14 +++--- wolfssl/test.h | 1 + 10 files changed, 194 insertions(+), 58 deletions(-) diff --git a/certs/include.am b/certs/include.am index eedd53aa2..b7fad51e5 100644 --- a/certs/include.am +++ b/certs/include.am @@ -31,7 +31,8 @@ EXTRA_DIST += \ certs/server-revoked-cert.pem \ certs/server-revoked-key.pem \ certs/wolfssl-website-ca.pem \ - certs/test-servercert.p12 + certs/test-servercert.p12 \ + certs/dsaparams.pem EXTRA_DIST += \ certs/ca-key.der \ certs/ca-cert.der \ diff --git a/src/bio.c b/src/bio.c index 988cd9e82..5210f40ce 100644 --- a/src/bio.c +++ b/src/bio.c @@ -39,13 +39,17 @@ WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m) + +long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { - (void) b; - (void) m; WOLFSSL_ENTER("BIO_get_mem_ptr"); - return 0; + + if (bio == NULL || ptr == NULL) { + return SSL_FAILURE; + } + + *ptr = (WOLFSSL_BUF_MEM*)(bio->mem); + return SSL_SUCCESS; } /*** TBD ***/ @@ -59,13 +63,6 @@ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int i return 0; } -/*** TBD ***/ -WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) -{ - WOLFSSL_ENTER("BIO_s_socket"); - return NULL; -} - /*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size) { diff --git a/src/internal.c b/src/internal.c index b38e6c48c..287e683ff 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6462,8 +6462,12 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, while (listSz) { word32 certSz; - if (totalCerts >= MAX_CHAIN_DEPTH) + if (totalCerts >= MAX_CHAIN_DEPTH) { + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; + #endif return MAX_CHAIN_ERROR; + } if ((*inOutIdx - begin) + OPAQUE24_LEN > size) return BUFFER_ERROR; @@ -6684,6 +6688,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ret == 0) { WOLFSSL_MSG("Verified Peer's cert"); + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_OK; + #endif fatal = 0; } else if (ret == ASN_PARSE_E) { @@ -6821,6 +6828,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif ssl->error = ret; + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; + #endif return ret; } ssl->options.havePeerCert = 1; diff --git a/src/ssl.c b/src/ssl.c index 139b4cb54..8d9b77c3d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9945,6 +9945,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) + { + static WOLFSSL_BIO_METHOD meth; + + WOLFSSL_ENTER("BIO_s_socket"); + meth.type = BIO_SOCKET; + + return &meth; + } + + WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF) { WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0, @@ -13711,13 +13722,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) { + int ret = SSL_SUCCESS; - WOLFSSL_STUB("wolfSSL_X509_STORE_set_flags"); + WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags"); + + if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) { + ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag); + } (void)store; (void)flag; - return 1; + return ret; } @@ -14217,13 +14233,13 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) + +unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) { - (void)ssl; - return 0; + return ssl->peerVerifyRet; } + long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { (void)ctx; @@ -14934,16 +14950,28 @@ int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a, return 0; } -/*** TBFD ***/ -WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + +/* r = (a^p) % m */ +int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) { - (void) r; - (void) a; - (void) p; - (void) m; + int ret; + + WOLFSSL_ENTER("wolfSSL_BN_mod_exp"); + (void) ctx; - return 0; + if (r == NULL || a == NULL || p == NULL || m == NULL) { + WOLFSSL_MSG("Bad Argument"); + return SSL_FAILURE; + } + + if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal, + (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { + return SSL_SUCCESS; + } + + WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret); + return SSL_FAILURE; } const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) @@ -19795,9 +19823,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } #ifdef HAVE_ECC - const char * wolf_OBJ_nid2sn(int n) { + const char * wolfSSL_OBJ_nid2sn(int n) { int i; - WOLFSSL_ENTER("wolf_OBJ_nid2sn"); + WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); /* find based on NID and return name */ for (i = 0; i < ecc_sets[i].size; i++) { @@ -19808,17 +19836,17 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { + int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { (void)o; - WOLFSSL_ENTER("wolf_OBJ_obj2nid"); - WOLFSSL_STUB("wolf_OBJ_obj2nid"); + WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); + WOLFSSL_STUB("wolfSSL_OBJ_obj2nid"); return 0; } - int wolf_OBJ_sn2nid(const char *sn) { + int wolfSSL_OBJ_sn2nid(const char *sn) { int i; - WOLFSSL_ENTER("wolf_OBJ_osn2nid"); + WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid"); /* find based on name and return NID */ for (i = 0; i < ecc_sets[i].size; i++) { @@ -19831,25 +19859,25 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif /* HAVE_ECC */ - WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)bp; (void)x; (void)cb; (void)u; - WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); return NULL; } /*** TBD ***/ - WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)bp; (void)x; (void)cb; (void)u; - WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); return NULL; } @@ -19974,7 +20002,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) } return wc_last_error; #else - return NOT_COMPILED_IN; + return (unsigned long)(0 - NOT_COMPILED_IN); #endif } diff --git a/tests/api.c b/tests/api.c index bfa9c9f41..de22ba030 100644 --- a/tests/api.c +++ b/tests/api.c @@ -48,6 +48,7 @@ #include #include #include + #include #include #ifndef NO_DES3 #include @@ -2414,7 +2415,7 @@ static void test_wolfSSL_certs(void) /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - + /* test invalid cases */ crit = 0; sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL); @@ -2576,13 +2577,26 @@ static void test_wolfSSL_tmp_dh(void) static void test_wolfSSL_ctrl(void) { #if defined(OPENSSL_EXTRA) + byte buffer[5300]; + BIO* bio; + int bytes; + BUF_MEM* ptr = NULL; + printf(testingFmt, "wolfSSL_crtl()"); + bytes = sizeof(buffer); + bio = BIO_new_mem_buf((void*)buffer, bytes); + AssertNotNull(bio); + AssertNotNull(BIO_s_socket()); + + AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), SSL_SUCCESS); + /* needs tested after stubs filled out @TODO SSL_ctrl SSL_CTX_ctrl */ + BIO_free(bio); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) */ } @@ -2657,7 +2671,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) FreeTcpReady(&ready); /* check that error code was stored */ - AssertIntNE(wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); + AssertIntNE((int)wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); wolfSSL_ERR_peek_last_error_line(NULL, &line); AssertIntNE(line, 0); wolfSSL_ERR_peek_last_error_line(&file, NULL); @@ -2669,7 +2683,81 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ +} + + +static void test_wolfSSL_X509_STORE_set_flags(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) + + X509_STORE* store; + X509* x509; + + printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()"); + AssertNotNull((store = wolfSSL_X509_STORE_new())); + AssertNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM))); + AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + +#ifdef HAVE_CRL + AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), SSL_SUCCESS); +#else + AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + NOT_COMPILED_IN); +#endif + + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) */ +} + + +static void test_wolfSSL_BN(void) +{ + #if defined(OPENSSL_EXTRA) + BIGNUM* a; + BIGNUM* b; + BIGNUM* c; + BIGNUM* d; + unsigned char value[1]; + + printf(testingFmt, "wolfSSL_BN()"); + + AssertNotNull(a = BN_new()); + AssertNotNull(b = BN_new()); + AssertNotNull(c = BN_new()); + AssertNotNull(d = BN_new()); + + value[0] = 0x03; + AssertNotNull(BN_bin2bn(value, sizeof(value), a)); + + value[0] = 0x02; + AssertNotNull(BN_bin2bn(value, sizeof(value), b)); + + value[0] = 0x05; + AssertNotNull(BN_bin2bn(value, sizeof(value), c)); + + /* a^b mod c = */ + AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), SSL_FAILURE); + AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), SSL_SUCCESS); + + /* check result 3^2 mod 5 */ + value[0] = 0; + AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS); + AssertIntEQ((int)(value[0] & 0x04), 4); + + BN_free(a); + BN_free(b); + BN_free(c); + BN_clear_free(d); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) */ } /*----------------------------------------------------------------------------* @@ -2725,6 +2813,8 @@ void ApiTest(void) test_wolfSSL_ctrl(); test_wolfSSL_CTX_add_extra_chain_cert(); test_wolfSSL_ERR_peek_last_error_line(); + test_wolfSSL_X509_STORE_set_flags(); + test_wolfSSL_BN(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 2c7e5be04..9307413b5 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -217,7 +217,6 @@ void WOLFSSL_ERROR(int error) { if (loggingEnabled) { char buffer[80]; - sprintf(buffer, "wolfSSL error occurred, error = %d", error); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) (void)usrCtx; /* a user ctx for future flexibility */ (void)func; @@ -228,7 +227,10 @@ void WOLFSSL_ERROR(int error) if (XSTRLEN(file) < sizeof(file)) { XSTRNCPY((char*)wc_last_error_file, file, XSTRLEN(file)); } - sprintf(buffer, "%s line:%d file:%s", buffer, line, file); + sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s", + error, line, file); + #else + sprintf(buffer, "wolfSSL error occurred, error = %d", error); #endif wolfssl_log(ERROR_LOG , buffer); } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8f7b4c02a..9c35e020c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2750,6 +2750,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ + unsigned long peerVerifyRet; #ifdef HAVE_PK_CALLBACKS void* loggingCtx; /* logging callback argument */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a8ecfebc6..41da77db8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -80,6 +80,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; +typedef WOLFSSL_BUF_MEM BUF_MEM; /* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as * compatibility layer expands. For now treating them as an ASN1_OBJECT */ @@ -109,7 +110,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ERR_print_errors_fp(file) wolfSSL_print_all_errors_fp((file)) /* at the moment only returns ok */ -#define SSL_get_verify_result(ctx) X509_V_OK +#define SSL_get_verify_result wolfSSL_get_verify_result #define SSL_get_verify_mode wolfSSL_SSL_get_mode #define SSL_get_verify_depth wolfSSL_get_verify_depth #define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode @@ -474,11 +475,11 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename #define BIO_s_file wolfSSL_BIO_s_file -#define OBJ_nid2sn wolf_OBJ_nid2sn -#define OBJ_obj2nid wolf_OBJ_obj2nid -#define OBJ_sn2nid wolf_OBJ_sn2nid -#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509 -#define PEM_read_bio_X509_AUX PEM_read_bio_WOLFSSL_X509_AUX +#define OBJ_nid2sn wolfSSL_OBJ_nid2sn +#define OBJ_obj2nid wolfSSL_OBJ_obj2nid +#define OBJ_sn2nid wolfSSL_OBJ_sn2nid +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth #define SSL_get_app_data wolfSSL_get_app_data #define SSL_set_app_data wolfSSL_set_app_data @@ -588,6 +589,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_ctrl wolfSSL_ctrl #define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK +#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL + #ifdef HAVE_STUNNEL #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f81a3a004..0950aeef7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -115,6 +115,7 @@ typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; typedef struct WOLFSSL_DH WOLFSSL_DH; typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; +typedef unsigned char* WOLFSSL_BUF_MEM; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME @@ -541,7 +542,7 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp); WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); -WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m); +WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); @@ -751,6 +752,7 @@ enum { WOLFSSL_OCSP_CHECKALL = 4, WOLFSSL_CRL_CHECKALL = 1, + WOLFSSL_CRL_CHECK = 27, ASN1_GENERALIZEDTIME = 4, @@ -1954,11 +1956,11 @@ WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ -WOLFSSL_API const char * wolf_OBJ_nid2sn(int n); -WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); -WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn); -WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX +WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); +WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); +WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); diff --git a/wolfssl/test.h b/wolfssl/test.h index e0a3c1a0e..4fad067c1 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -524,6 +524,7 @@ static INLINE void showPeer(WOLFSSL* ssl) #endif #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); + printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); #endif /* SHOW_CERTS */ printf("SSL version is %s\n", wolfSSL_get_version(ssl)); From 64a3333870215d740d5234db22b9223388f88830 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 2 Dec 2016 11:22:53 -0700 Subject: [PATCH 57/86] adjust wolfSSL_set_options and test case --- src/internal.c | 26 ++++++++++++++++ src/ssl.c | 77 ++++++++++++++++++++++++++++++++++++++-------- tests/api.c | 41 ++++++++++++++++++++++-- wolfssl/internal.h | 3 ++ wolfssl/ssl.h | 63 ++++++++++++++++++++----------------- 5 files changed, 168 insertions(+), 42 deletions(-) diff --git a/src/internal.c b/src/internal.c index 287e683ff..53d2be619 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5328,6 +5328,32 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif +#ifdef OPENSSL_EXTRA + /* case where specific protocols are turned off */ + if (!ssl->options.dtls && ssl->options.mask > 0) { + if (rh->pvMinor == SSLv3_MINOR && + (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + WOLFSSL_MSG("Option set to not allow SSLv3"); + return VERSION_ERROR; + } + if (rh->pvMinor == TLSv1_MINOR && + (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + WOLFSSL_MSG("Option set to not allow TLSv1"); + return VERSION_ERROR; + } + if (rh->pvMinor == TLSv1_1_MINOR && + (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + WOLFSSL_MSG("Option set to not allow TLSv1.1"); + return VERSION_ERROR; + } + if (rh->pvMinor == TLSv1_2_MINOR && + (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + WOLFSSL_MSG("Option set to not allow TLSv1.2"); + return VERSION_ERROR; + } + } +#endif /* OPENSSL_EXTRA */ + /* catch version mismatch */ if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){ if (ssl->options.side == WOLFSSL_SERVER_END && diff --git a/src/ssl.c b/src/ssl.c index 8d9b77c3d..20f3fc257 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14086,24 +14086,77 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) } -/* wolfSSL options are set through API calls and macros. - * return 0 for no options set */ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) { - (void)ssl; - (void)op; - WOLFSSL_MSG("Set options in wolfSSL through API and macros"); - return 0; + WOLFSSL_ENTER("wolfSSL_set_options"); + + if (ssl == NULL) { + return 0; + } + + /* if SSL_OP_ALL then turn all bug workarounds one */ + if ((op & SSL_OP_ALL) == SSL_OP_ALL) { + WOLFSSL_MSG("\tSSL_OP_ALL"); + + op |= SSL_OP_MICROSOFT_SESS_ID_BUG; + op |= SSL_OP_NETSCAPE_CHALLENGE_BUG; + op |= SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; + op |= SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; + op |= SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; + op |= SSL_OP_MSIE_SSLV2_RSA_PADDING; + op |= SSL_OP_SSLEAY_080_CLIENT_DH_BUG; + op |= SSL_OP_TLS_D5_BUG; + op |= SSL_OP_TLS_BLOCK_PADDING_BUG; + op |= SSL_OP_TLS_ROLLBACK_BUG; + op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + } + + + /* by default cookie exchange is on with DTLS */ + if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { + WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); + } + + if ((op & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) { + WOLFSSL_MSG("\tSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); + } + + if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); + } + + if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); + } + + if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); + } + + if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); + } + + if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + #ifdef HAVE_LIBZ + WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); + ssl->options.usingCompression = 0; + #else + WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); + #endif + } + + ssl->options.mask |= op; + + return ssl->options.mask; } -/* wolfSSL options are set through API calls and macros. - * return 0 for no options set */ -WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL* ssl) +unsigned long wolfSSL_get_options(const WOLFSSL* ssl) { - (void)ssl; - WOLFSSL_MSG("Set options in wolfSSL through API and macros"); - return 0; + WOLFSSL_ENTER("wolfSSL_get_options"); + + return ssl->options.mask; } /*** TBD ***/ diff --git a/tests/api.c b/tests/api.c index de22ba030..a7ef652c6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2690,7 +2690,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) static void test_wolfSSL_X509_STORE_set_flags(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE* store; X509* x509; @@ -2713,7 +2713,7 @@ static void test_wolfSSL_X509_STORE_set_flags(void) printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) */ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } @@ -2760,6 +2760,42 @@ static void test_wolfSSL_BN(void) #endif /* defined(OPENSSL_EXTRA) */ } + +static void test_wolfSSL_set_options(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + SSL* ssl; + SSL_CTX* ctx; + + printf(testingFmt, "wolfSSL_set_options()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); + AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1); + + AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE | + SSL_OP_NO_SSLv2)), 0); + AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) & + SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); + AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) & + SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); + AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ +} + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2815,6 +2851,7 @@ void ApiTest(void) test_wolfSSL_ERR_peek_last_error_line(); test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_BN(); + test_wolfSSL_set_options(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9c35e020c..e4be17b18 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2379,6 +2379,9 @@ typedef struct Options { wc_psk_server_callback server_psk_cb; word16 havePSK:1; /* psk key set by user */ #endif /* NO_PSK */ +#ifdef OPENSSL_EXTRA + unsigned long mask; /* store SSL_OP_ flags */ +#endif /* on/off or small bit flags, optimize layout */ word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0950aeef7..6823d4587 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -728,6 +728,41 @@ WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L +/* seperated out from other enums because of size */ +enum { + /* bit flags (ie 0001 vs 0010) : each is 2 times previous value */ + SSL_OP_MICROSOFT_SESS_ID_BUG = 1, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 4, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 8, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 16, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 32, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 64, + SSL_OP_TLS_D5_BUG = 128, + SSL_OP_TLS_BLOCK_PADDING_BUG = 256, + SSL_OP_TLS_ROLLBACK_BUG = 512, + SSL_OP_ALL = 1024, + SSL_OP_EPHEMERAL_RSA = 2048, + SSL_OP_NO_SSLv3 = 4096, + SSL_OP_NO_TLSv1 = 8192, + SSL_OP_PKCS1_CHECK_1 = 16384, + SSL_OP_PKCS1_CHECK_2 = 32768, + SSL_OP_NETSCAPE_CA_DN_BUG = 65536, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 131072, + SSL_OP_SINGLE_DH_USE = 262144, + SSL_OP_NO_TICKET = 524288, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 1048576, + SSL_OP_NO_QUERY_MTU = 2097152, + SSL_OP_COOKIE_EXCHANGE = 4194304, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 8388608, + SSL_OP_SINGLE_ECDH_USE = 16777216, + SSL_OP_CIPHER_SERVER_PREFERENCE = 33554432, + SSL_OP_NO_TLSv1_1 = 67108864, + SSL_OP_NO_TLSv1_2 = 134217728, + SSL_OP_NO_COMPRESSION = 268435456, +}; + + enum { OCSP_NOCERTS = 1, OCSP_NOINTERN = 2, @@ -755,34 +790,6 @@ enum { WOLFSSL_CRL_CHECK = 27, ASN1_GENERALIZEDTIME = 4, - - SSL_OP_MICROSOFT_SESS_ID_BUG = 1, - SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, - SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, - SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, - SSL_OP_TLS_D5_BUG = 8, - SSL_OP_TLS_BLOCK_PADDING_BUG = 9, - SSL_OP_TLS_ROLLBACK_BUG = 10, - SSL_OP_ALL = 11, - SSL_OP_EPHEMERAL_RSA = 12, - SSL_OP_NO_SSLv3 = 13, - SSL_OP_NO_TLSv1 = 14, - SSL_OP_PKCS1_CHECK_1 = 15, - SSL_OP_PKCS1_CHECK_2 = 16, - SSL_OP_NETSCAPE_CA_DN_BUG = 17, - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, - SSL_OP_SINGLE_DH_USE = 19, - SSL_OP_NO_TICKET = 20, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, - SSL_OP_NO_QUERY_MTU = 22, - SSL_OP_COOKIE_EXCHANGE = 23, - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, - SSL_OP_SINGLE_ECDH_USE = 25, - SSL_OP_CIPHER_SERVER_PREFERENCE = 26, - SSL_MAX_SSL_SESSION_ID_LENGTH = 32, EVP_R_BAD_DECRYPT = 2, From 0c742654dc6a685882026ee2c3ee127da2641480 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 3 Dec 2016 10:00:52 +0900 Subject: [PATCH 58/86] EVP_add_digest --- wolfcrypt/src/evp.c | 2 +- wolfssl/openssl/ssl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 86ac26ab6..cc02ce32d 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -440,9 +440,9 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, return 1; } -/*** TBD ***/ WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) { (void)digest; + /* nothing to do */ return 0; } diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 41da77db8..df5848748 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -457,7 +457,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_need_tmp_RSA(ssl) 0 #define SSL_set_tmp_rsa(ssl,rsa) 1 /*#endif*/ -#define CONF_modules_unload() +#define CONF_modules_unload(a) #define SSL_get_hit wolfSSL_session_reused From 2ef85e3d4d1b5fdbabea4f380043d1e127a20de1 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 4 Dec 2016 10:00:42 +0900 Subject: [PATCH 59/86] EVP_CIPHER_CTX_new/free, EVP_get_digestbyname --- src/ssl.c | 48 +++++++++++++++++++++++++++++++----- wolfcrypt/src/evp.c | 57 +++++++++++++++++++++++++++++++++++++++++-- wolfssl/openssl/evp.h | 15 +++++++++++- 3 files changed, 111 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 20f3fc257..84a259fc0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10538,12 +10538,48 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* WOLFSSL_SHA512 */ +const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) +{ + static const char *md_tbl[] = { + #ifndef NO_MD5 + "MD5", + #endif /* NO_MD5 */ + + #ifndef NO_SHA + "SHA", + #endif /* NO_SHA */ + + #ifdef WOLFSSL_SHA224 + "SHA224", + #endif /* WOLFSSL_SHA224 */ + + "SHA256", + + #ifdef WOLFSSL_SHA384 + "SHA384", + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + "SHA512", + #endif /* WOLFSSL_SHA512 */ + + NULL + } ; + + const char **tbl ; + + for( tbl = md_tbl; *tbl != NULL; tbl++) + if(XSTRNCMP(name, *tbl, XSTRLEN(*tbl)+1) == 0) { + return (EVP_MD *)*tbl; + } + return NULL; +} #ifndef NO_MD5 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { - static const char* type = "MD5"; + const char* type = EVP_get_digestbyname("MD5"); WOLFSSL_ENTER("EVP_md5"); return type; } @@ -10554,7 +10590,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifndef NO_SHA const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { - static const char* type = "SHA"; + const char* type = EVP_get_digestbyname("SHA"); WOLFSSL_ENTER("EVP_sha1"); return type; } @@ -10564,7 +10600,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { - static const char* type = "SHA224"; + const char* type = EVP_get_digestbyname("SHA224"); WOLFSSL_ENTER("EVP_sha224"); return type; } @@ -10574,7 +10610,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { - static const char* type = "SHA256"; + const char* type = EVP_get_digestbyname("SHA256"); WOLFSSL_ENTER("EVP_sha256"); return type; } @@ -10583,7 +10619,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { - static const char* type = "SHA384"; + const char* type = EVP_get_digestbyname("SHA384"); WOLFSSL_ENTER("EVP_sha384"); return type; } @@ -10594,7 +10630,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { - static const char* type = "SHA512"; + const char* type = EVP_get_digestbyname("SHA512"); WOLFSSL_ENTER("EVP_sha512"); return type; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index cc02ce32d..69de520a5 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -19,7 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher); +static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, @@ -55,6 +55,59 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); } +WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) +{ + WOLFSSL_EVP_CIPHER_CTX *ctx=XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ctx) + wolfSSL_EVP_CIPHER_CTX_init(ctx); + return ctx; +} + +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + if (ctx) { + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +} + +WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl) +{ + if (ctx->enc) + return wolfSSL_EVP_CipherFinal(ctx, out, outl); + else + return 0; +} + +WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl) +{ + if (ctx->enc) + return wolfSSL_EVP_CipherFinal(ctx, out, outl); + else + return 0; +} + +WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl) +{ + if (ctx->enc) + return 0; + else + return wolfSSL_EVP_CipherFinal(ctx, out, outl); +} + +WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl) +{ + if (ctx->enc) + return 0; + else + return wolfSSL_EVP_CipherFinal(ctx, out, outl); +} + + WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE *impl) @@ -304,7 +357,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX * } } -static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) +static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 3148d63b5..0c7edd21a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -179,6 +179,9 @@ WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); +WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name); + WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, @@ -242,6 +245,8 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void); +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int keylen); @@ -250,7 +255,7 @@ WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned int len); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); - +WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); @@ -333,6 +338,9 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex #define EVP_BytesToKey wolfSSL_EVP_BytesToKey +#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname +#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname + #define EVP_CIPHER_CTX_init wolfSSL_EVP_CIPHER_CTX_init #define EVP_CIPHER_CTX_cleanup wolfSSL_EVP_CIPHER_CTX_cleanup #define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length @@ -356,7 +364,12 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_DecryptFinal wolfSSL_EVP_CipherFinal #define EVP_DecryptFinal_ex wolfSSL_EVP_CipherFinal +#define EVP_CIPHER_CTX_free wolfSSL_EVP_CIPHER_CTX_free +#define EVP_CIPHER_CTX_new wolfSSL_EVP_CIPHER_CTX_new + #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid +#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname +#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname #define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA From a774f266137db3d958c9296f582d45083f166a5d Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 4 Dec 2016 15:35:31 +0900 Subject: [PATCH 60/86] add EVP_get_cipherbyname --- src/ssl.c | 111 ++++++++++++++++++++++++++++++++++------ wolfcrypt/src/wc_port.c | 4 ++ wolfssl/openssl/evp.h | 3 +- 3 files changed, 101 insertions(+), 17 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 84a259fc0..65af8c321 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2490,37 +2490,116 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) -#ifndef NO_AES -static const char *EVP_AES_128_CBC = "AES-128-CBC"; -static const char *EVP_AES_192_CBC = "AES-192-CBC"; -static const char *EVP_AES_256_CBC = "AES-256-CBC"; -#if defined(OPENSSL_EXTRA) - static const char *EVP_AES_128_CTR = "AES-128-CTR"; - static const char *EVP_AES_192_CTR = "AES-192-CTR"; - static const char *EVP_AES_256_CTR = "AES-256-CTR"; +static struct cipher{ + unsigned char type; + const char *name; +} cipher_tbl[] = { - static const char *EVP_AES_128_ECB = "AES-128-ECB"; - static const char *EVP_AES_192_ECB = "AES-192-ECB"; - static const char *EVP_AES_256_ECB = "AES-256-ECB"; +#ifndef NO_AES + {AES_128_CBC_TYPE, "AES-128-CBC"}, + {AES_192_CBC_TYPE, "AES-192-CBC"}, + {AES_256_CBC_TYPE, "AES-256-CBC"}, +#if defined(OPENSSL_EXTRA) + {AES_128_CTR_TYPE, "AES-128-CTR"}, + {AES_192_CTR_TYPE, "AES-192-CTR"}, + {AES_256_CTR_TYPE, "AES-256-CTR"}, + + {AES_128_ECB_TYPE, "AES-128-ECB"}, + {AES_192_ECB_TYPE, "AES-192-ECB"}, + {AES_256_ECB_TYPE, "AES-256-ECB"}, +#endif + +#endif + +#ifndef NO_DES3 + {DES_CBC_TYPE, "DES-CBC"}, + {DES_ECB_TYPE, "DES-ECB"}, + + {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC"}, + {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB"}, +#endif + +#ifdef HAVE_IDEA + {IDEA_CBC_TYPE, "IDEA-CBC"}, +#endif + { 0, NULL} +} ; + +const WOLFSSL_EVP_MD *wolfSSL_EVP_get_cipherbyname(const char *name) +{ + + const struct cipher *ent ; + WOLFSSL_ENTER("EVP_get_cipherbyname"); + for( ent = cipher_tbl; ent->name != NULL; ent++) + if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { + return (WOLFSSL_EVP_CIPHER *)ent->name; + } + return NULL; +} + + +#ifndef NO_AES +static char *EVP_AES_128_CBC; +static char *EVP_AES_192_CBC; +static char *EVP_AES_256_CBC; +#if defined(OPENSSL_EXTRA) + static char *EVP_AES_128_CTR; + static char *EVP_AES_192_CTR; + static char *EVP_AES_256_CTR; + + static char *EVP_AES_128_ECB; + static char *EVP_AES_192_ECB; + static char *EVP_AES_256_ECB; #endif static const int EVP_AES_SIZE = 11; #endif #ifndef NO_DES3 -static const char *EVP_DES_CBC = "DES-CBC"; -static const char *EVP_DES_ECB = "DES-ECB"; +static char *EVP_DES_CBC; +static char *EVP_DES_ECB; static const int EVP_DES_SIZE = 7; -static const char *EVP_DES_EDE3_CBC = "DES-EDE3-CBC"; -static const char *EVP_DES_EDE3_ECB = "DES-EDE3-ECB"; +static char *EVP_DES_EDE3_CBC; +static char *EVP_DES_EDE3_ECB; static const int EVP_DES_EDE3_SIZE = 12; #endif #ifdef HAVE_IDEA -static const char *EVP_IDEA_CBC = "IDEA-CBC"; +static char *EVP_IDEA_CBC; static const int EVP_IDEA_SIZE = 8; #endif +void wolfSSL_EVP_init(void) +{ +#ifndef NO_AES + EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); + EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); + EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); + +#if defined(OPENSSL_EXTRA) + EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); + EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); + EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); + + EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); + EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); + EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); +#endif +#endif + +#ifndef NO_DES3 + EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC"); + EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB"); + + EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC"); + EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB"); +#endif + +#ifdef HAVE_IDEA + EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC"); +#endif +} + /* our KeyPemToDer password callback, password in userData */ static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 669298cb6..2afb5645f 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -89,6 +89,10 @@ int wolfCrypt_Init(void) WOLFSSL_MSG("Using ARM hardware acceleration"); #endif + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + wolfSSL_EVP_init(); + #endif + initRefCount = 1; } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0c7edd21a..f731dce56 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -175,6 +175,7 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { typedef int WOLFSSL_ENGINE ; +WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); @@ -255,7 +256,7 @@ WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned int len); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); -WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); + WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); From c57803a4a539b074b149923f5989a68bb1150168 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sun, 4 Dec 2016 16:10:04 +0900 Subject: [PATCH 61/86] add test EVP_CIPHER_CTX_new/free --- wolfcrypt/src/evp.c | 21 ++++++++++++++++----- wolfcrypt/test/test.c | 29 ++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 69de520a5..8887b969f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -58,14 +58,17 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) { WOLFSSL_EVP_CIPHER_CTX *ctx=XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ctx) + if (ctx){ + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new"); wolfSSL_EVP_CIPHER_CTX_init(ctx); + } return ctx; } WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) { if (ctx) { + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free"); wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -74,8 +77,10 @@ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc) + if (ctx->enc){ + WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); + } else return 0; } @@ -83,8 +88,10 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc) + if (ctx->enc){ + WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); + } else return 0; } @@ -94,8 +101,10 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, { if (ctx->enc) return 0; - else + else{ + WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); + } } WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, @@ -103,8 +112,10 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, { if (ctx->enc) return 0; - else + else{ + WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); + } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ae1754240..d7c6fb4ce 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7143,11 +7143,13 @@ int openssl_test(void) EVP_CIPHER_CTX en; EVP_CIPHER_CTX de; + EVP_CIPHER_CTX *p_en; + EVP_CIPHER_CTX *p_de; EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return OPENSSL_TEST_ERROR-361; + return -3300; if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) return -3301; EVP_CIPHER_CTX_init(&de); @@ -7163,6 +7165,31 @@ int openssl_test(void) if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) return -3305; + p_en = wolfSSL_EVP_CIPHER_CTX_new(); + if(p_en == NULL)return -3390; + p_de = wolfSSL_EVP_CIPHER_CTX_new(); + if(p_de == NULL)return -3391; + + if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -3392; + if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, AES_BLOCK_SIZE*4) == 0) + return -3393; + if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -3394; + + if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, AES_BLOCK_SIZE*4) == 0) + return -3395; + + wolfSSL_EVP_CIPHER_CTX_free(p_en); + wolfSSL_EVP_CIPHER_CTX_free(p_de); + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -3396; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -3397; + EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_128_ctr(), (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) From b377125ad17765a673d1b469941b7351607bdbd6 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 5 Dec 2016 10:35:19 +0900 Subject: [PATCH 62/86] add alias to EVP_get_cipher/digestbyname --- src/ssl.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 65af8c321..a970c84fc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2528,12 +2528,43 @@ static struct cipher{ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_cipherbyname(const char *name) { + static const struct alias { + const char *name; + const char *alias; + } alias_tbl[] = + { + {"DES-CBC", "DES"}, + {"DES-CBC", "des"}, + {"DES-EDE3-CBC", "DES3"}, + {"DES-EDE3-CBC", "des3"}, + {"DES-EDE3-ECB", "des-ede3-ecb"}, + {"IDEA-CBC", "IDEA"}, + {"IDEA-CBC", "idea"}, + {"AES-128-CBC", "AES128"}, + {"AES-128-CBC", "aes128"}, + {"AES-192-CBC", "AES192"}, + {"AES-192-CBC", "aes192"}, + {"AES-256-CBC", "AES256"}, + {"AES-256-CBC", "aes256"}, + { NULL, NULL} + }; + const struct cipher *ent ; + const struct alias *al ; + WOLFSSL_ENTER("EVP_get_cipherbyname"); + + for( al = alias_tbl; al->name != NULL; al++) + if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { + name = al->name; + break; + } + for( ent = cipher_tbl; ent->name != NULL; ent++) if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { return (WOLFSSL_EVP_CIPHER *)ent->name; } + return NULL; } @@ -10645,8 +10676,25 @@ const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) NULL } ; + static const struct alias { + const char *name; + const char *alias; + } alias_tbl[] = + { + {"MD5", "ssl3-md5"}, + {"SHA1", "ssl3-sha1"}, + { NULL, NULL} + }; + + const struct alias *al ; const char **tbl ; + for( al = alias_tbl; al->name != NULL; al++) + if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { + name = al->name; + break; + } + for( tbl = md_tbl; *tbl != NULL; tbl++) if(XSTRNCMP(name, *tbl, XSTRLEN(*tbl)+1) == 0) { return (EVP_MD *)*tbl; From 80efc366df32d5f70c5a2b57f8efdc713f6d7de5 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 5 Dec 2016 10:40:02 +0900 Subject: [PATCH 63/86] add wolfSSL_EVP_MD_CTX_new/free --- src/ssl.c | 19 +++++++++++++++++++ wolfssl/openssl/evp.h | 6 ++++++ 2 files changed, 25 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index a970c84fc..70dd22174 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10764,6 +10764,25 @@ const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) #endif /* WOLFSSL_SHA512 */ + WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) + { + WOLFSSL_EVP_MD_CTX* ctx; + WOLFSSL_ENTER("EVP_MD_CTX_new"); + ctx=XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ctx){ + wolfSSL_EVP_MD_CTX_init(ctx); + } + return ctx; + } + + WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx) + { + if (ctx) { + WOLFSSL_ENTER("EVP_MD_CTX_free"); + wolfSSL_EVP_MD_CTX_cleanup(ctx); + XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + } void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index f731dce56..c8b969347 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -177,6 +177,9 @@ typedef int WOLFSSL_ENGINE ; WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); + +WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void); +WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); @@ -330,6 +333,9 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_enc_null wolfSSL_EVP_enc_null #define EVP_MD_size wolfSSL_EVP_MD_size +#define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new +#define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new +#define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free #define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init #define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup #define EVP_DigestInit wolfSSL_EVP_DigestInit From 2b3438e11b98e8979c10ee9840db35654c980220 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 5 Dec 2016 09:06:23 -0700 Subject: [PATCH 64/86] pem x509 read from bio and bio set fd --- src/ssl.c | 107 +++++++++++++++++++++++++++++------------- tests/api.c | 41 ++++++++++++++-- wolfssl/openssl/ssl.h | 10 ++-- wolfssl/ssl.h | 13 ++--- 4 files changed, 122 insertions(+), 49 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 70dd22174..92c5176e2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10099,7 +10099,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { - WOLFSSL_ENTER("BIO_set_ssl"); + WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); b->ssl = ssl; b->close = (byte)closeF; /* add to ssl for bio free if SSL_free called before/instead of free_all? */ @@ -10108,6 +10108,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF) + { + WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); + b->fd = fd; + b->close = (byte)closeF; + + return SSL_SUCCESS; + } + + WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method) { WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0, @@ -20021,6 +20031,60 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/ + + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, + pem_password_cb *cb, void *u) { + WOLFSSL_X509* x509 = NULL; + const unsigned char* pem = NULL; + int pemSz; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + + if (bp == NULL) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG); + return NULL; + } + + pemSz = wolfSSL_BIO_get_mem_data(bp, &pem); + if (pemSz <= 0 || pem == NULL) { + WOLFSSL_MSG("Issue getting WOLFSSL_BIO mem"); + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", pemSz); + return NULL; + } + + x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz, + SSL_FILETYPE_PEM); + + if (x != NULL) { + *x = x509; + } + + (void)cb; + (void)u; + + return x509; + } + + + /* + * bp : bio to read X509 from + * x : x509 to write to + * cb : password call back for reading PEM + * u : password + * _AUX is for working with a trusted X509 certificate + */ + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + + /* AUX info is; trusted/rejected uses, friendly name, private key id, + * and potentially a stack of "other" info. wolfSSL does not store + * friendly name or private key id yet in WOLFSSL_X509 for human + * readibility and does not support extra trusted/rejected uses for + * root CA. */ + return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); + } + #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) @@ -20094,29 +20158,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif /* HAVE_ECC */ - WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { - (void)bp; - (void)x; - (void)cb; - (void)u; - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); - WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); - - return NULL; - } - - /*** TBD ***/ - WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { - (void)bp; - (void)x; - (void)cb; - (void)u; - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); - WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); - - return NULL; - } - void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { (void)ctx; (void)depth; @@ -20448,18 +20489,18 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) -char * wolf_OBJ_nid2ln(int n) { +char * wolfSSL_OBJ_nid2ln(int n) { (void)n; - WOLFSSL_ENTER("wolf_OBJ_nid2ln"); - WOLFSSL_STUB("wolf_OBJ_nid2ln"); + WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); + WOLFSSL_STUB("wolfSSL_OBJ_nid2ln"); return NULL; } -int wolf_OBJ_txt2nid(const char* s) { +int wolfSSL_OBJ_txt2nid(const char* s) { (void)s; - WOLFSSL_ENTER("wolf_OBJ_txt2nid"); - WOLFSSL_STUB("wolf_OBJ_txt2nid"); + WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); + WOLFSSL_STUB("wolfSSL_OBJ_txt2nid"); return 0; } @@ -20489,11 +20530,11 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_p } -int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { +int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { (void)bp; (void)x; - WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509"); + WOLFSSL_STUB("wolfSSL_PEM_write_bio_X509"); return 0; } diff --git a/tests/api.c b/tests/api.c index a7ef652c6..d651f9983 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2617,11 +2617,11 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void) x509 = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); AssertNotNull(x509); - AssertIntEQ((int)wolfSSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); x509 = wolfSSL_X509_load_certificate_file(clientFile, SSL_FILETYPE_PEM); AssertNotNull(x509); - AssertIntEQ((int)wolfSSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); SSL_CTX_free(ctx); printf(resultFmt, passed); @@ -2671,10 +2671,10 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) FreeTcpReady(&ready); /* check that error code was stored */ - AssertIntNE((int)wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); - wolfSSL_ERR_peek_last_error_line(NULL, &line); + AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0); + ERR_peek_last_error_line(NULL, &line); AssertIntNE(line, 0); - wolfSSL_ERR_peek_last_error_line(&file, NULL); + ERR_peek_last_error_line(&file, NULL); AssertNotNull(file); #ifdef WOLFSSL_TIRTOS @@ -2796,6 +2796,36 @@ static void test_wolfSSL_set_options(void) } +static void test_wolfSSL_PEM_read_bio(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + byte buffer[5300]; + FILE *f; + int bytes; + X509* x509; + BIO* bio = NULL; + + printf(testingFmt, "wolfSSL_PEM_read_bio()"); + + AssertNotNull(f = fopen(cliCert, "rb")); + bytes = (int)fread(buffer, 1, sizeof(buffer), f); + fclose(f); + + AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); + AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_NOCLOSE), 1); + + BIO_free(bio); + X509_free(x509); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ +} + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2852,6 +2882,7 @@ void ApiTest(void) test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_BN(); test_wolfSSL_set_options(); + test_wolfSSL_PEM_read_bio(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index df5848748..2fcf6cee7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -447,6 +447,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() @@ -478,8 +480,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define OBJ_nid2sn wolfSSL_OBJ_nid2sn #define OBJ_obj2nid wolfSSL_OBJ_obj2nid #define OBJ_sn2nid wolfSSL_OBJ_sn2nid -#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 -#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth #define SSL_get_app_data wolfSSL_get_app_data #define SSL_set_app_data wolfSSL_set_app_data @@ -501,8 +501,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) -#define OBJ_nid2ln wolf_OBJ_nid2ln -#define OBJ_txt2nid wolf_OBJ_txt2nid +#define OBJ_nid2ln wolfSSL_OBJ_nid2ln +#define OBJ_txt2nid wolfSSL_OBJ_txt2nid #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 @@ -517,7 +517,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_int_ctrl wolfSSL_BIO_int_ctrl #define BIO_reset wolfSSL_BIO_reset #define BIO_s_socket wolfSSL_BIO_s_socket -#define BIO_set_fd wolfSSL_BBIO_set_fd +#define BIO_set_fd wolfSSL_BIO_set_fd #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6823d4587..23438c677 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -515,6 +515,7 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); +WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); @@ -1945,6 +1946,9 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX + (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); /*lighttp compatibility */ @@ -1966,9 +1970,6 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX - (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); @@ -1987,15 +1988,15 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(OPENSSL_EXTRA) -WOLFSSL_API char * wolf_OBJ_nid2ln(int n); -WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); +WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u); -WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); From 5a2794fe9c69ea45d115e12405820bcde328830e Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 6 Dec 2016 21:02:39 +0900 Subject: [PATCH 65/86] add EVP_MD_CTX_md, EVP_MD_type --- src/ssl.c | 61 +- tmp.options.h | 146 +++ tmp.status | 2403 +++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/evp.h | 8 +- wolfssl/openssl/ssl.h | 3 +- 5 files changed, 2604 insertions(+), 17 deletions(-) create mode 100644 tmp.options.h create mode 100755 tmp.status diff --git a/src/ssl.c b/src/ssl.c index 92c5176e2..9d09cc085 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2525,7 +2525,7 @@ static struct cipher{ { 0, NULL} } ; -const WOLFSSL_EVP_MD *wolfSSL_EVP_get_cipherbyname(const char *name) +const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) { static const struct alias { @@ -10658,34 +10658,37 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* WOLFSSL_SHA512 */ -const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) -{ - static const char *md_tbl[] = { + static struct s_ent{ + const unsigned char macType; + const char *name; + } md_tbl[] = { #ifndef NO_MD5 - "MD5", + {MD5, "MD5"}, #endif /* NO_MD5 */ #ifndef NO_SHA - "SHA", + {SHA, "SHA"}, #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - "SHA224", + {SHA224, "SHA224"}, #endif /* WOLFSSL_SHA224 */ - "SHA256", + {SHA256, "SHA256"}, #ifdef WOLFSSL_SHA384 - "SHA384", + {SHA384, "SHA384"}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - "SHA512", + {SHA512, "SHA512"}, #endif /* WOLFSSL_SHA512 */ - NULL + {0, NULL} } ; +const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) +{ static const struct alias { const char *name; const char *alias; @@ -10697,7 +10700,7 @@ const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) }; const struct alias *al ; - const char **tbl ; + const struct s_ent *ent ; for( al = alias_tbl; al->name != NULL; al++) if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { @@ -10705,13 +10708,34 @@ const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) break; } - for( tbl = md_tbl; *tbl != NULL; tbl++) - if(XSTRNCMP(name, *tbl, XSTRLEN(*tbl)+1) == 0) { - return (EVP_MD *)*tbl; + for( ent = md_tbl; ent->name != NULL; ent++) + if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { + return (EVP_MD *)ent->name; } return NULL; } +static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) +{ + const struct s_ent *ent ; + for( ent = md_tbl; ent->macType != 0; ent++) + if(type == ent->macType) { + return (WOLFSSL_EVP_MD *)ent->name; + } + return 0; +} + +int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) +{ + const struct s_ent *ent ; + for( ent = md_tbl; ent->name != NULL; ent++) + if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { + return ent->macType; + } + return 0; +} + + #ifndef NO_MD5 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) @@ -10801,6 +10825,13 @@ const EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) /* do nothing */ } + const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) + { + if (!ctx) + return NULL; + return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); + } + #ifndef NO_AES const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) diff --git a/tmp.options.h b/tmp.options.h new file mode 100644 index 000000000..2ea3689f7 --- /dev/null +++ b/tmp.options.h @@ -0,0 +1,146 @@ +/* wolfssl options.h + * generated from configure options + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + */ + +#ifndef WOLFSSL_OPTIONS_H +#define WOLFSSL_OPTIONS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +#undef WOLFSSL_AES_COUNTER +#define WOLFSSL_AES_COUNTER + +#undef HAVE_AESGCM +#define HAVE_AESGCM + +#undef WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_DIRECT + +#undef HAVE_AES_CCM +#define HAVE_AES_CCM + +#undef HAVE_AES_ECB +#define HAVE_AES_ECB + +#undef SHAVE_AES_DECRYPT +#define SHAVE_AES_DECRYPT + +#undef OPENSSL_EXTRA +#define OPENSSL_EXTRA + +#ifndef WOLFSSL_OPTIONS_IGNORE_SYS +#undef _POSIX_THREADS +#define _POSIX_THREADS +#endif + +#undef DEBUG_WOLFSSL +#define DEBUG_WOLFSSL + +#undef HAVE_THREAD_LS +#define HAVE_THREAD_LS + +#ifndef WOLFSSL_OPTIONS_IGNORE_SYS +#undef _THREAD_SAFE +#define _THREAD_SAFE +#endif + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + +#undef HAVE_AESGCM +#define HAVE_AESGCM + +#undef WOLFSSL_SHA512 +#define WOLFSSL_SHA512 + +#undef WOLFSSL_SHA384 +#define WOLFSSL_SHA384 + +#undef NO_DSA +#define NO_DSA + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_ECC256 +#define TFM_ECC256 + +#undef ECC_SHAMIR +#define ECC_SHAMIR + +#undef WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE64_ENCODE + +#undef NO_RC4 +#define NO_RC4 + +#undef NO_HC128 +#define NO_HC128 + +#undef NO_RABBIT +#define NO_RABBIT + +#undef WOLFSSL_SHA224 +#define WOLFSSL_SHA224 + +#undef HAVE_POLY1305 +#define HAVE_POLY1305 + +#undef HAVE_ONE_TIME_AUTH +#define HAVE_ONE_TIME_AUTH + +#undef HAVE_CHACHA +#define HAVE_CHACHA + +#undef HAVE_HASHDRBG +#define HAVE_HASHDRBG + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SUPPORTED_CURVES +#define HAVE_SUPPORTED_CURVES + +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef USE_FAST_MATH +#define USE_FAST_MATH + +#undef WOLFSSL_X86_64_BUILD +#define WOLFSSL_X86_64_BUILD + +#undef NO_DES3 +#define NO_DES3 + +#undef HAVE___UINT128_T +#define HAVE___UINT128_T + + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_OPTIONS_H */ + diff --git a/tmp.status b/tmp.status new file mode 100755 index 000000000..8ac72b512 --- /dev/null +++ b/tmp.status @@ -0,0 +1,2403 @@ +#! /bin/sh +# Generated by configure. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by wolfssl $as_me 3.9.10, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +# Files that config.status was made for. +config_files=" stamp-h Makefile wolfssl/version.h wolfssl/options.h support/wolfssl.pc rpm/spec" +config_headers=" config.h:config.in" +config_commands=" depfiles libtool" + +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to . +wolfssl home page: ." + +ac_cs_config="'--enable-debug' '--enable-opensslextra' 'CFLAGS=-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT'" +ac_cs_version="\ +wolfssl config.status 3.9.10 +configured by ./configure, generated by GNU Autoconf 2.69, + with options \"$ac_cs_config\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='/Users/kojo/wolfSSL/openSSL/wolfssl' +srcdir='.' +INSTALL='/usr/bin/install -c' +MKDIR_P='build-aux/install-sh -c -d' +AWK='awk' +test -n "$AWK" || AWK=awk +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +if $ac_cs_recheck; then + set X /bin/sh './configure' '--enable-debug' '--enable-opensslextra' 'CFLAGS=-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT' $ac_configure_extra_args --no-create --no-recursion + shift + $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6 + CONFIG_SHELL='/bin/sh' + export CONFIG_SHELL + exec "$@" +fi + +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +# +# INIT-COMMANDS +# +AMDEP_TRUE="" ac_aux_dir="build-aux" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' +double_quote_subst='s/\(["`\\]\)/\\\1/g' +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' +macro_version='2.4.6' +macro_revision='2.4.6' +enable_static='no' +enable_shared='yes' +pic_mode='default' +enable_fast_install='needless' +shared_archive_member_spec='' +SHELL='/bin/sh' +ECHO='printf %s\n' +PATH_SEPARATOR=':' +host_alias='' +host='x86_64-apple-darwin15.6.0' +host_os='darwin15.6.0' +build_alias='' +build='x86_64-apple-darwin15.6.0' +build_os='darwin15.6.0' +SED='/usr/bin/sed' +Xsed='/usr/bin/sed -e 1s/^X//' +GREP='/usr/bin/grep' +EGREP='/usr/bin/grep -E' +FGREP='/usr/bin/grep -F' +LD='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld' +NM='/usr/bin/nm -B' +LN_S='ln -s' +max_cmd_len='196608' +ac_objext='o' +exeext='' +lt_unset='unset' +lt_SP2NL='tr \040 \012' +lt_NL2SP='tr \015\012 \040\040' +lt_cv_to_host_file_cmd='func_convert_file_noop' +lt_cv_to_tool_file_cmd='func_convert_file_noop' +reload_flag=' -r' +reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' +OBJDUMP='false' +deplibs_check_method='pass_all' +file_magic_cmd='$MAGIC_CMD' +file_magic_glob='' +want_nocaseglob='no' +DLLTOOL='false' +sharedlib_from_linklib_cmd='printf %s\n' +AR='ar' +AR_FLAGS='cru' +archiver_list_spec='' +STRIP='strip' +RANLIB='ranlib' +old_postinstall_cmds='chmod 644 $oldlib~$RANLIB $tool_oldlib' +old_postuninstall_cmds='' +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs~$RANLIB $tool_oldlib' +lock_old_archive_extraction='yes' +CC='gcc' +CFLAGS='-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT -Werror -g -ggdb -O0 -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv ' +compiler='g++' +GCC='yes' +lt_cv_sys_global_symbol_pipe='sed -n -e '\''s/^.*[ ]\([BCDEGRST][BCDEGRST]*\)[ ][ ]*_\([_A-Za-z][_A-Za-z0-9]*\)$/\1 _\2 \2/p'\'' | sed '\''/ __gnu_lto/d'\''' +lt_cv_sys_global_symbol_to_cdecl='sed -n -e '\''s/^T .* \(.*\)$/extern int \1();/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/extern char \1;/p'\''' +lt_cv_sys_global_symbol_to_import='' +lt_cv_sys_global_symbol_to_c_name_address='sed -n -e '\''s/^: \(.*\) .*$/ {"\1", (void *) 0},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/ {"\1", (void *) \&\1},/p'\''' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='sed -n -e '\''s/^: \(.*\) .*$/ {"\1", (void *) 0},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(lib.*\)$/ {"\1", (void *) \&\1},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/ {"lib\1", (void *) \&\1},/p'\''' +lt_cv_nm_interface='BSD nm' +nm_file_list_spec='' +lt_sysroot='' +lt_cv_truncate_bin='/bin/dd bs=4096 count=1' +objdir='.libs' +MAGIC_CMD='file' +lt_prog_compiler_no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions' +lt_prog_compiler_pic=' -fno-common -DPIC' +lt_prog_compiler_wl='-Wl,' +lt_prog_compiler_static='' +lt_cv_prog_compiler_c_o='yes' +need_locks='no' +MANIFEST_TOOL=':' +DSYMUTIL='dsymutil' +NMEDIT='nmedit' +LIPO='lipo' +OTOOL='otool' +OTOOL64=':' +libext='a' +shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +extract_expsyms_cmds='' +archive_cmds_need_lc='no' +enable_shared_with_static_runtimes='no' +export_dynamic_flag_spec='' +whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' +compiler_needs_object='no' +old_archive_from_new_cmds='' +old_archive_from_expsyms_cmds='' +archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module' +archive_expsym_cmds='sed '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' +module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags' +module_expsym_cmds='sed -e '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' +with_gnu_ld='no' +allow_undefined_flag='$wl-undefined ${wl}dynamic_lookup' +no_undefined_flag='' +hardcode_libdir_flag_spec='' +hardcode_libdir_separator='' +hardcode_direct='no' +hardcode_direct_absolute='no' +hardcode_minus_L='no' +hardcode_shlibpath_var='unsupported' +hardcode_automatic='yes' +inherit_rpath='no' +link_all_deplibs='yes' +always_export_symbols='no' +export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' +exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' +include_expsyms='' +prelink_cmds='' +postlink_cmds='' +file_list_spec='' +variables_saved_for_relink='PATH DYLD_LIBRARY_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH' +need_lib_prefix='no' +need_version='no' +version_type='darwin' +runpath_var='' +shlibpath_var='DYLD_LIBRARY_PATH' +shlibpath_overrides_runpath='yes' +libname_spec='lib$name' +library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' +soname_spec='$libname$release$major$shared_ext' +install_override_mode='' +postinstall_cmds='' +postuninstall_cmds='' +finish_cmds='' +finish_eval='' +hardcode_into_libs='no' +sys_lib_search_path_spec='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0 /usr/local/lib' +configure_time_dlsearch_path='/usr/local/lib /lib /usr/lib' +configure_time_lt_sys_library_path='' +hardcode_action='immediate' +enable_dlopen='unknown' +enable_dlopen_self='unknown' +enable_dlopen_self_static='unknown' +old_striplib='strip -S' +striplib='strip -x' +compiler_lib_search_dirs='' +predep_objects='' +postdep_objects='' +predeps='' +postdeps='' +compiler_lib_search_path='' +LD_CXX='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld' +reload_flag_CXX=' -r' +reload_cmds_CXX='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' +old_archive_cmds_CXX='$AR $AR_FLAGS $oldlib$oldobjs~$RANLIB $tool_oldlib' +compiler_CXX='g++' +GCC_CXX='yes' +lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' +lt_prog_compiler_pic_CXX=' -fno-common -DPIC' +lt_prog_compiler_wl_CXX='-Wl,' +lt_prog_compiler_static_CXX='' +lt_cv_prog_compiler_c_o_CXX='yes' +archive_cmds_need_lc_CXX='no' +enable_shared_with_static_runtimes_CXX='no' +export_dynamic_flag_spec_CXX='' +whole_archive_flag_spec_CXX='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' +compiler_needs_object_CXX='no' +old_archive_from_new_cmds_CXX='' +old_archive_from_expsyms_cmds_CXX='' +archive_cmds_CXX='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module' +archive_expsym_cmds_CXX='sed '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' +module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags' +module_expsym_cmds_CXX='sed -e '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' +with_gnu_ld_CXX='no' +allow_undefined_flag_CXX='$wl-undefined ${wl}dynamic_lookup' +no_undefined_flag_CXX='' +hardcode_libdir_flag_spec_CXX='' +hardcode_libdir_separator_CXX='' +hardcode_direct_CXX='no' +hardcode_direct_absolute_CXX='no' +hardcode_minus_L_CXX='no' +hardcode_shlibpath_var_CXX='unsupported' +hardcode_automatic_CXX='yes' +inherit_rpath_CXX='no' +link_all_deplibs_CXX='yes' +always_export_symbols_CXX='no' +export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' +exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' +include_expsyms_CXX='' +prelink_cmds_CXX='' +postlink_cmds_CXX='' +file_list_spec_CXX='' +hardcode_action_CXX='immediate' +compiler_lib_search_dirs_CXX='' +predep_objects_CXX='' +postdep_objects_CXX='' +predeps_CXX='' +postdeps_CXX='' +compiler_lib_search_path_CXX='' + +LTCC='gcc' +LTCFLAGS='-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT' +compiler='gcc' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL ECHO PATH_SEPARATOR SED GREP EGREP FGREP LD NM LN_S lt_SP2NL lt_NL2SP reload_flag OBJDUMP deplibs_check_method file_magic_cmd file_magic_glob want_nocaseglob DLLTOOL sharedlib_from_linklib_cmd AR AR_FLAGS archiver_list_spec STRIP RANLIB CC CFLAGS compiler lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl lt_cv_sys_global_symbol_to_import lt_cv_sys_global_symbol_to_c_name_address lt_cv_sys_global_symbol_to_c_name_address_lib_prefix lt_cv_nm_interface nm_file_list_spec lt_cv_truncate_bin lt_prog_compiler_no_builtin_flag lt_prog_compiler_pic lt_prog_compiler_wl lt_prog_compiler_static lt_cv_prog_compiler_c_o need_locks MANIFEST_TOOL DSYMUTIL NMEDIT LIPO OTOOL OTOOL64 shrext_cmds export_dynamic_flag_spec whole_archive_flag_spec compiler_needs_object with_gnu_ld allow_undefined_flag no_undefined_flag hardcode_libdir_flag_spec hardcode_libdir_separator exclude_expsyms include_expsyms file_list_spec variables_saved_for_relink libname_spec library_names_spec soname_spec install_override_mode finish_eval old_striplib striplib compiler_lib_search_dirs predep_objects postdep_objects predeps postdeps compiler_lib_search_path LD_CXX reload_flag_CXX compiler_CXX lt_prog_compiler_no_builtin_flag_CXX lt_prog_compiler_pic_CXX lt_prog_compiler_wl_CXX lt_prog_compiler_static_CXX lt_cv_prog_compiler_c_o_CXX export_dynamic_flag_spec_CXX whole_archive_flag_spec_CXX compiler_needs_object_CXX with_gnu_ld_CXX allow_undefined_flag_CXX no_undefined_flag_CXX hardcode_libdir_flag_spec_CXX hardcode_libdir_separator_CXX exclude_expsyms_CXX include_expsyms_CXX file_list_spec_CXX compiler_lib_search_dirs_CXX predep_objects_CXX postdep_objects_CXX predeps_CXX postdeps_CXX compiler_lib_search_path_CXX; do + case `eval \\$ECHO \\""\\$$var"\\"` in + *[\\\`\"\$]*) + eval "lt_$var=\\\"\`\$ECHO \"\$$var\" | \$SED \"\$sed_quote_subst\"\`\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_$var=\\\"\$$var\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds old_postinstall_cmds old_postuninstall_cmds old_archive_cmds extract_expsyms_cmds old_archive_from_new_cmds old_archive_from_expsyms_cmds archive_cmds archive_expsym_cmds module_cmds module_expsym_cmds export_symbols_cmds prelink_cmds postlink_cmds postinstall_cmds postuninstall_cmds finish_cmds sys_lib_search_path_spec configure_time_dlsearch_path configure_time_lt_sys_library_path reload_cmds_CXX old_archive_cmds_CXX old_archive_from_new_cmds_CXX old_archive_from_expsyms_cmds_CXX archive_cmds_CXX archive_expsym_cmds_CXX module_cmds_CXX module_expsym_cmds_CXX export_symbols_cmds_CXX prelink_cmds_CXX postlink_cmds_CXX; do + case `eval \\$ECHO \\""\\$$var"\\"` in + *[\\\`\"\$]*) + eval "lt_$var=\\\"\`\$ECHO \"\$$var\" | \$SED -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_$var=\\\"\$$var\\\"" + ;; + esac +done + +ac_aux_dir='build-aux' + +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='wolfssl' + VERSION='3.9.10' + RM='rm -f' + ofile='libtool' + + + + + + + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h:config.in" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "stamp-h") CONFIG_FILES="$CONFIG_FILES stamp-h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "wolfssl/version.h") CONFIG_FILES="$CONFIG_FILES wolfssl/version.h" ;; + "wolfssl/options.h") CONFIG_FILES="$CONFIG_FILES wolfssl/options.h" ;; + "support/wolfssl.pc") CONFIG_FILES="$CONFIG_FILES support/wolfssl.pc" ;; + "rpm/spec") CONFIG_FILES="$CONFIG_FILES rpm/spec" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +cat >>"$ac_tmp/subs1.awk" <<\_ACAWK && +S["am__EXEEXT_FALSE"]="" +S["am__EXEEXT_TRUE"]="#" +S["LTLIBOBJS"]="" +S["LIBOBJS"]="" +S["INC_AMINCLUDE"]="include $(top_builddir)/aminclude.am" +S["AMINCLUDE"]="aminclude.am" +S["GENERIC_CONFIG"]="wolfssl-config" +S["LIB_STATIC_ADD"]="" +S["LIB_ADD"]="" +S["AM_CCASFLAGS"]="" +S["AM_LDFLAGS"]="" +S["AM_CFLAGS"]="-DOPENSSL_EXTRA -D_POSIX_THREADS -g -DDEBUG -DDEBUG_WOLFSSL -DHAVE_THREAD_LS -D_THREAD_SAFE -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA"\ +"_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 "\ +"-DNO_RABBIT -DWOLFSSL_SHA224 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE"\ +"_EXTENDED_MASTER -DNO_PSK -DNO_MD4 -DUSE_FAST_MATH -DWOLFSSL_X86_64_BUILD -DNO_DES3 -Wall -Wno-unused -DHAVE___UINT128_T" +S["AM_CPPFLAGS"]=" -fvisibility=hidden" +S["HEX_VERSION"]="0x03009010" +S["IS_VCS_CHECKOUT_FALSE"]="#" +S["IS_VCS_CHECKOUT_TRUE"]="" +S["BUILD_PKCS7_FALSE"]="" +S["BUILD_PKCS7_TRUE"]="#" +S["BUILD_DES3_FALSE"]="" +S["BUILD_DES3_TRUE"]="#" +S["BUILD_TRUST_PEER_CERT_FALSE"]="" +S["BUILD_TRUST_PEER_CERT_TRUE"]="#" +S["BUILD_PSK_FALSE"]="" +S["BUILD_PSK_TRUE"]="#" +S["BUILD_WOLFEVENT_FALSE"]="" +S["BUILD_WOLFEVENT_TRUE"]="#" +S["BUILD_ASYNCCRYPT_FALSE"]="" +S["BUILD_ASYNCCRYPT_TRUE"]="#" +S["BUILD_MCAPI_FALSE"]="" +S["BUILD_MCAPI_TRUE"]="#" +S["BUILD_FAST_RSA_FALSE"]="" +S["BUILD_FAST_RSA_TRUE"]="#" +S["IPPLINK"]="" +S["IPPHEADERS"]="" +S["IPPLIBS"]="" +S["BUILD_CAVIUM_FALSE"]="" +S["BUILD_CAVIUM_TRUE"]="#" +S["BUILD_LIBZ_FALSE"]="" +S["BUILD_LIBZ_TRUE"]="#" +S["BUILD_WOLFCRYPT_TESTS_FALSE"]="#" +S["BUILD_WOLFCRYPT_TESTS_TRUE"]="" +S["BUILD_TESTS_FALSE"]="#" +S["BUILD_TESTS_TRUE"]="" +S["BUILD_EXAMPLE_CLIENTS_FALSE"]="#" +S["BUILD_EXAMPLE_CLIENTS_TRUE"]="" +S["BUILD_EXAMPLE_SERVERS_FALSE"]="#" +S["BUILD_EXAMPLE_SERVERS_TRUE"]="" +S["BUILD_SLOWMATH_FALSE"]="" +S["BUILD_SLOWMATH_TRUE"]="#" +S["BUILD_FASTMATH_FALSE"]="#" +S["BUILD_FASTMATH_TRUE"]="" +S["BUILD_CRYPTONLY_FALSE"]="" +S["BUILD_CRYPTONLY_TRUE"]="#" +S["BUILD_PWDBASED_FALSE"]="#" +S["BUILD_PWDBASED_TRUE"]="" +S["BUILD_MD4_FALSE"]="" +S["BUILD_MD4_TRUE"]="#" +S["USE_VALGRIND_FALSE"]="" +S["USE_VALGRIND_TRUE"]="#" +S["HAVE_VALGRIND"]="" +S["BUILD_SRP_FALSE"]="" +S["BUILD_SRP_TRUE"]="#" +S["BUILD_WNR_FALSE"]="" +S["BUILD_WNR_TRUE"]="#" +S["BUILD_NTRU_FALSE"]="" +S["BUILD_NTRU_TRUE"]="#" +S["BUILD_USER_CRYPTO_FALSE"]="" +S["BUILD_USER_CRYPTO_TRUE"]="#" +S["BUILD_USER_RSA_FALSE"]="" +S["BUILD_USER_RSA_TRUE"]="#" +S["BUILD_CRL_MONITOR_FALSE"]="" +S["BUILD_CRL_MONITOR_TRUE"]="#" +S["BUILD_CRL_FALSE"]="" +S["BUILD_CRL_TRUE"]="#" +S["BUILD_OCSP_STAPLING_V2_FALSE"]="" +S["BUILD_OCSP_STAPLING_V2_TRUE"]="#" +S["BUILD_OCSP_STAPLING_FALSE"]="" +S["BUILD_OCSP_STAPLING_TRUE"]="#" +S["HAVE_OPENSSL_CMD"]="" +S["BUILD_OCSP_FALSE"]="" +S["BUILD_OCSP_TRUE"]="#" +S["BUILD_INLINE_FALSE"]="#" +S["BUILD_INLINE_TRUE"]="" +S["BUILD_CHACHA_FALSE"]="#" +S["BUILD_CHACHA_TRUE"]="" +S["BUILD_POLY1305_FALSE"]="#" +S["BUILD_POLY1305_TRUE"]="" +S["BUILD_SHA224_FALSE"]="#" +S["BUILD_SHA224_TRUE"]="" +S["BUILD_FIPS_FALSE"]="" +S["BUILD_FIPS_TRUE"]="#" +S["BUILD_RABBIT_FALSE"]="" +S["BUILD_RABBIT_TRUE"]="#" +S["BUILD_HC128_FALSE"]="" +S["BUILD_HC128_TRUE"]="#" +S["BUILD_CMAC_FALSE"]="" +S["BUILD_CMAC_TRUE"]="#" +S["BUILD_SHA_FALSE"]="#" +S["BUILD_SHA_TRUE"]="" +S["BUILD_MD5_FALSE"]="#" +S["BUILD_MD5_TRUE"]="" +S["BUILD_RC4_FALSE"]="" +S["BUILD_RC4_TRUE"]="#" +S["BUILD_IDEA_FALSE"]="" +S["BUILD_IDEA_TRUE"]="#" +S["BUILD_CODING_FALSE"]="#" +S["BUILD_CODING_TRUE"]="" +S["BUILD_AES_FALSE"]="#" +S["BUILD_AES_TRUE"]="" +S["BUILD_ASN_FALSE"]="#" +S["BUILD_ASN_TRUE"]="" +S["BUILD_DH_FALSE"]="#" +S["BUILD_DH_TRUE"]="" +S["BUILD_RSA_FALSE"]="#" +S["BUILD_RSA_TRUE"]="" +S["BUILD_MEMORY_FALSE"]="#" +S["BUILD_MEMORY_TRUE"]="" +S["BUILD_GEMATH_FALSE"]="" +S["BUILD_GEMATH_TRUE"]="#" +S["BUILD_FEMATH_FALSE"]="" +S["BUILD_FEMATH_TRUE"]="#" +S["BUILD_CURVED25519_SMALL_FALSE"]="" +S["BUILD_CURVED25519_SMALL_TRUE"]="#" +S["BUILD_ED25519_FALSE"]="" +S["BUILD_ED25519_TRUE"]="#" +S["BUILD_CURVE25519_FALSE"]="" +S["BUILD_CURVE25519_TRUE"]="#" +S["BUILD_ECC_FALSE"]="#" +S["BUILD_ECC_TRUE"]="" +S["BUILD_DSA_FALSE"]="" +S["BUILD_DSA_TRUE"]="#" +S["BUILD_SHA512_FALSE"]="#" +S["BUILD_SHA512_TRUE"]="" +S["BUILD_BLAKE2_FALSE"]="" +S["BUILD_BLAKE2_TRUE"]="#" +S["BUILD_RIPEMD_FALSE"]="" +S["BUILD_RIPEMD_TRUE"]="#" +S["BUILD_MD2_FALSE"]="" +S["BUILD_MD2_TRUE"]="#" +S["BUILD_CAMELLIA_FALSE"]="" +S["BUILD_CAMELLIA_TRUE"]="#" +S["BUILD_AESNI_FALSE"]="" +S["BUILD_AESNI_TRUE"]="#" +S["BUILD_ARMASM_FALSE"]="" +S["BUILD_ARMASM_TRUE"]="#" +S["BUILD_AESCCM_FALSE"]="" +S["BUILD_AESCCM_TRUE"]="#" +S["BUILD_AESGCM_FALSE"]="#" +S["BUILD_AESGCM_TRUE"]="" +S["BUILD_SNIFFTEST_FALSE"]="" +S["BUILD_SNIFFTEST_TRUE"]="#" +S["BUILD_SNIFFER_FALSE"]="" +S["BUILD_SNIFFER_TRUE"]="#" +S["BUILD_LEANTLS_FALSE"]="" +S["BUILD_LEANTLS_TRUE"]="#" +S["BUILD_LEANPSK_FALSE"]="" +S["BUILD_LEANPSK_TRUE"]="#" +S["BUILD_IPV6_FALSE"]="" +S["BUILD_IPV6_TRUE"]="#" +S["BUILD_SCTP_FALSE"]="" +S["BUILD_SCTP_TRUE"]="#" +S["BUILD_RNG_FALSE"]="#" +S["BUILD_RNG_TRUE"]="" +S["PTHREAD_CFLAGS"]="-D_THREAD_SAFE " +S["PTHREAD_LIBS"]="" +S["PTHREAD_CC"]="gcc" +S["ax_pthread_config"]="" +S["DEBUG_FALSE"]="#" +S["DEBUG_TRUE"]="" +S["MCHECK"]="" +S["LIBM"]="" +S["am__fastdepCCAS_FALSE"]="#" +S["am__fastdepCCAS_TRUE"]="" +S["CCASDEPMODE"]="depmode=gcc3" +S["CCASFLAGS"]="-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT" +S["CCAS"]="gcc" +S["HAVE_VISIBILITY"]="1" +S["CFLAG_VISIBILITY"]="-fvisibility=hidden" +S["CXXCPP"]="g++ -E" +S["am__fastdepCXX_FALSE"]="#" +S["am__fastdepCXX_TRUE"]="" +S["CXXDEPMODE"]="depmode=gcc3" +S["ac_ct_CXX"]="g++" +S["CXXFLAGS"]="-g -O2" +S["CXX"]="g++" +S["CPP"]="gcc -E" +S["LT_SYS_LIBRARY_PATH"]="" +S["OTOOL64"]=":" +S["OTOOL"]="otool" +S["LIPO"]="lipo" +S["NMEDIT"]="nmedit" +S["DSYMUTIL"]="dsymutil" +S["MANIFEST_TOOL"]=":" +S["RANLIB"]="ranlib" +S["ac_ct_AR"]="ar" +S["AR"]="ar" +S["DLLTOOL"]="false" +S["OBJDUMP"]="false" +S["LN_S"]="ln -s" +S["NM"]="/usr/bin/nm -B" +S["ac_ct_DUMPBIN"]="" +S["DUMPBIN"]="" +S["LD"]="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld" +S["FGREP"]="/usr/bin/grep -F" +S["EGREP"]="/usr/bin/grep -E" +S["GREP"]="/usr/bin/grep" +S["SED"]="/usr/bin/sed" +S["am__fastdepCC_FALSE"]="#" +S["am__fastdepCC_TRUE"]="" +S["CCDEPMODE"]="depmode=gcc3" +S["am__nodep"]="_no" +S["AMDEPBACKSLASH"]="\\" +S["AMDEP_FALSE"]="#" +S["AMDEP_TRUE"]="" +S["am__quote"]="" +S["am__include"]="include" +S["DEPDIR"]=".deps" +S["OBJEXT"]="o" +S["EXEEXT"]="" +S["ac_ct_CC"]="gcc" +S["CPPFLAGS"]=" -fvisibility=hidden" +S["LDFLAGS"]="" +S["CFLAGS"]="-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT -Werror -g -ggdb -O0 -Wno-pragmas -Wall "\ +"-Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -W"\ +"float-equal -Wformat-security -Wformat=2 -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wpoi"\ +"nter-sign -Wredundant-decls -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunus"\ +"ed-result -Wunused-variable -Wwrite-strings -fwrapv " +S["CC"]="gcc" +S["LIBTOOL"]="$(SHELL) $(top_builddir)/libtool" +S["WOLFSSL_LIBRARY_VERSION"]="8:0:5" +S["AM_BACKSLASH"]="\\" +S["AM_DEFAULT_VERBOSITY"]="0" +S["AM_DEFAULT_V"]="$(AM_DEFAULT_VERBOSITY)" +S["AM_V"]="$(V)" +S["am__untar"]="tar -xf -" +S["am__tar"]="tar --format=ustar -chf - \"$$tardir\"" +S["AMTAR"]="$${TAR-tar}" +S["am__leading_dot"]="." +S["SET_MAKE"]="" +S["AWK"]="awk" +S["mkdir_p"]="$(MKDIR_P)" +S["MKDIR_P"]="build-aux/install-sh -c -d" +S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s" +S["STRIP"]="strip" +S["install_sh"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/install-sh" +S["MAKEINFO"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing makeinfo" +S["AUTOHEADER"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing autoheader" +S["AUTOMAKE"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing automake-1.15" +S["AUTOCONF"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing autoconf" +S["ACLOCAL"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing aclocal-1.15" +S["VERSION"]="3.9.10" +S["PACKAGE"]="wolfssl" +S["CYGPATH_W"]="echo" +S["am__isrc"]="" +S["INSTALL_DATA"]="${INSTALL} -m 644" +S["INSTALL_SCRIPT"]="${INSTALL}" +S["INSTALL_PROGRAM"]="${INSTALL}" +S["host_os"]="darwin15.6.0" +S["host_vendor"]="apple" +S["host_cpu"]="x86_64" +S["host"]="x86_64-apple-darwin15.6.0" +S["build_os"]="darwin15.6.0" +S["build_vendor"]="apple" +S["build_cpu"]="x86_64" +S["build"]="x86_64-apple-darwin15.6.0" +S["target_alias"]="" +S["host_alias"]="" +S["build_alias"]="" +S["LIBS"]="-lnetwork " +S["ECHO_T"]="" +S["ECHO_N"]="" +S["ECHO_C"]="\\c" +S["DEFS"]="-DHAVE_CONFIG_H" +S["mandir"]="${datarootdir}/man" +S["localedir"]="${datarootdir}/locale" +S["libdir"]="${exec_prefix}/lib" +S["psdir"]="${docdir}" +S["pdfdir"]="${docdir}" +S["dvidir"]="${docdir}" +S["htmldir"]="${docdir}" +S["infodir"]="${datarootdir}/info" +S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}" +S["oldincludedir"]="/usr/include" +S["includedir"]="${prefix}/include" +S["localstatedir"]="${prefix}/var" +S["sharedstatedir"]="${prefix}/com" +S["sysconfdir"]="${prefix}/etc" +S["datadir"]="${datarootdir}" +S["datarootdir"]="${prefix}/share" +S["libexecdir"]="${exec_prefix}/libexec" +S["sbindir"]="${exec_prefix}/sbin" +S["bindir"]="${exec_prefix}/bin" +S["program_transform_name"]="s,x,x," +S["prefix"]="/usr/local" +S["exec_prefix"]="${prefix}" +S["PACKAGE_URL"]="http://www.wolfssl.com" +S["PACKAGE_BUGREPORT"]="https://github.com/wolfssl/wolfssl/issues" +S["PACKAGE_STRING"]="wolfssl 3.9.10" +S["PACKAGE_VERSION"]="3.9.10" +S["PACKAGE_TARNAME"]="wolfssl" +S["PACKAGE_NAME"]="wolfssl" +S["PATH_SEPARATOR"]=":" +S["SHELL"]="/bin/sh" +_ACAWK +cat >>"$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +D["PACKAGE_NAME"]=" \"wolfssl\"" +D["PACKAGE_TARNAME"]=" \"wolfssl\"" +D["PACKAGE_VERSION"]=" \"3.9.10\"" +D["PACKAGE_STRING"]=" \"wolfssl 3.9.10\"" +D["PACKAGE_BUGREPORT"]=" \"https://github.com/wolfssl/wolfssl/issues\"" +D["PACKAGE_URL"]=" \"http://www.wolfssl.com\"" +D["STDC_HEADERS"]=" 1" +D["HAVE_SYS_TYPES_H"]=" 1" +D["HAVE_SYS_STAT_H"]=" 1" +D["HAVE_STDLIB_H"]=" 1" +D["HAVE_STRING_H"]=" 1" +D["HAVE_MEMORY_H"]=" 1" +D["HAVE_STRINGS_H"]=" 1" +D["HAVE_INTTYPES_H"]=" 1" +D["HAVE_STDINT_H"]=" 1" +D["HAVE_UNISTD_H"]=" 1" +D["HAVE_DLFCN_H"]=" 1" +D["LT_OBJDIR"]=" \".libs/\"" +D["HAVE_VISIBILITY"]=" 1" +D["HAVE_GETHOSTBYNAME"]=" 1" +D["HAVE_GETADDRINFO"]=" 1" +D["HAVE_GETTIMEOFDAY"]=" 1" +D["HAVE_GMTIME_R"]=" 1" +D["HAVE_INET_NTOA"]=" 1" +D["HAVE_MEMSET"]=" 1" +D["HAVE_SOCKET"]=" 1" +D["HAVE_ARPA_INET_H"]=" 1" +D["HAVE_FCNTL_H"]=" 1" +D["HAVE_LIMITS_H"]=" 1" +D["HAVE_NETDB_H"]=" 1" +D["HAVE_NETINET_IN_H"]=" 1" +D["HAVE_STDDEF_H"]=" 1" +D["HAVE_SYS_IOCTL_H"]=" 1" +D["HAVE_SYS_SOCKET_H"]=" 1" +D["HAVE_SYS_TIME_H"]=" 1" +D["HAVE_ERRNO_H"]=" 1" +D["HAVE_LIBNETWORK"]=" 1" +D["SIZEOF_LONG_LONG"]=" 8" +D["SIZEOF_LONG"]=" 8" +D["HAVE___UINT128_T"]=" 1" +D["TLS"]=" __thread" +D["DEBUG"]=" 1" +D["HAVE_PTHREAD_PRIO_INHERIT"]=" 1" +D["HAVE_PTHREAD"]=" 1" +D["BUILD_USER_RSA"]=" /**/" +D["VCS_SYSTEM"]=" \"git\"" +D["VCS_CHECKOUT"]=" 1" + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ { + line = $ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + ac_datarootdir_hack=' + s&@datadir@&${datarootdir}&g + s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g + s&@infodir@&${datarootdir}/info&g + s&@localedir@&${datarootdir}/locale&g + s&@mandir@&${datarootdir}/man&g + s&\${datarootdir}&${prefix}/share&g' ;; +esac +ac_sed_extra="/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +} + +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named 'Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running 'make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "$am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# The names of the tagged configurations supported by this script. +available_tags='CXX ' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and where our libraries should be installed. +lt_sysroot=$lt_sysroot + +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects +postdep_objects=$lt_postdep_objects +predeps=$lt_predeps +postdeps=$lt_postdeps + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path + +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain=$ac_aux_dir/ltmain.sh + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + + cat <<_LT_EOF >> "$ofile" + +# ### BEGIN LIBTOOL TAG CONFIG: CXX + +# The linker used to build libraries. +LD=$lt_LD_CXX + +# How to create reloadable object files. +reload_flag=$lt_reload_flag_CXX +reload_cmds=$lt_reload_cmds_CXX + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds_CXX + +# A language specific compiler. +CC=$lt_compiler_CXX + +# Is the compiler the GNU compiler? +with_gcc=$GCC_CXX + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_CXX + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_CXX + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_CXX + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_CXX + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object_CXX + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds_CXX +archive_expsym_cmds=$lt_archive_expsym_cmds_CXX + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds_CXX +module_expsym_cmds=$lt_module_expsym_cmds_CXX + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld_CXX + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_CXX + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_CXX + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute_CXX + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L_CXX + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic_CXX + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath_CXX + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_CXX + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols_CXX + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_CXX + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_CXX + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_CXX + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds_CXX + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds_CXX + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec_CXX + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_CXX + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects_CXX +postdep_objects=$lt_postdep_objects_CXX +predeps=$lt_predeps_CXX +postdeps=$lt_postdeps_CXX + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX + +# ### END LIBTOOL TAG CONFIG: CXX +_LT_EOF + + ;; + "stamp-h":F) echo timestamp > stamp-h ;; + + esac +done # for ac_tag + + +as_fn_exit 0 diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index c8b969347..de11375a0 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -177,12 +177,13 @@ typedef int WOLFSSL_ENGINE ; WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); +WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md); WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void); WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx); - +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx); WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name); WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name); @@ -336,8 +337,13 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MD_CTX_new wolfSSL_EVP_MD_CTX_new #define EVP_MD_CTX_create wolfSSL_EVP_MD_CTX_new #define EVP_MD_CTX_free wolfSSL_EVP_MD_CTX_free +#define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free #define EVP_MD_CTX_init wolfSSL_EVP_MD_CTX_init #define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_md wolfSSL_EVP_MD_CTX_md +#define EVP_MD_CTX_type wolfSSL_EVP_MD_type +#define EVP_MD_type wolfSSL_EVP_MD_type + #define EVP_DigestInit wolfSSL_EVP_DigestInit #define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex #define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 2fcf6cee7..f94be0a92 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -107,7 +107,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; strncpy(buf, "Not Implemented, SSLv2 only", len) /* @TODO */ -#define ERR_print_errors_fp(file) wolfSSL_print_all_errors_fp((file)) +#define ERR_print_errors_fp(file) wolfSSL_ERR_print_errors_fp((file)) /* at the moment only returns ok */ #define SSL_get_verify_result wolfSSL_get_verify_result @@ -320,6 +320,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_CRL_verify wolfSSL_X509_CRL_verify #define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents +#define EVP_PKEY_new wolfSSL_PKEY_new #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num From a2d1db4b7349256eceadac07ee899ca4bb22c3e4 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 6 Dec 2016 21:14:23 +0900 Subject: [PATCH 66/86] Merge branch 'openssl-ex' of https://github.com/kojo1/wolfssl into openssl-ex --- tmp.options.h | 146 --- tmp.status | 2403 ------------------------------------------------- 2 files changed, 2549 deletions(-) delete mode 100644 tmp.options.h delete mode 100755 tmp.status diff --git a/tmp.options.h b/tmp.options.h deleted file mode 100644 index 2ea3689f7..000000000 --- a/tmp.options.h +++ /dev/null @@ -1,146 +0,0 @@ -/* wolfssl options.h - * generated from configure options - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - */ - -#ifndef WOLFSSL_OPTIONS_H -#define WOLFSSL_OPTIONS_H - - -#ifdef __cplusplus -extern "C" { -#endif - -#undef WOLFSSL_AES_COUNTER -#define WOLFSSL_AES_COUNTER - -#undef HAVE_AESGCM -#define HAVE_AESGCM - -#undef WOLFSSL_AES_DIRECT -#define WOLFSSL_AES_DIRECT - -#undef HAVE_AES_CCM -#define HAVE_AES_CCM - -#undef HAVE_AES_ECB -#define HAVE_AES_ECB - -#undef SHAVE_AES_DECRYPT -#define SHAVE_AES_DECRYPT - -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA - -#ifndef WOLFSSL_OPTIONS_IGNORE_SYS -#undef _POSIX_THREADS -#define _POSIX_THREADS -#endif - -#undef DEBUG_WOLFSSL -#define DEBUG_WOLFSSL - -#undef HAVE_THREAD_LS -#define HAVE_THREAD_LS - -#ifndef WOLFSSL_OPTIONS_IGNORE_SYS -#undef _THREAD_SAFE -#define _THREAD_SAFE -#endif - -#undef TFM_TIMING_RESISTANT -#define TFM_TIMING_RESISTANT - -#undef ECC_TIMING_RESISTANT -#define ECC_TIMING_RESISTANT - -#undef WC_RSA_BLINDING -#define WC_RSA_BLINDING - -#undef HAVE_AESGCM -#define HAVE_AESGCM - -#undef WOLFSSL_SHA512 -#define WOLFSSL_SHA512 - -#undef WOLFSSL_SHA384 -#define WOLFSSL_SHA384 - -#undef NO_DSA -#define NO_DSA - -#undef HAVE_ECC -#define HAVE_ECC - -#undef TFM_ECC256 -#define TFM_ECC256 - -#undef ECC_SHAMIR -#define ECC_SHAMIR - -#undef WOLFSSL_BASE64_ENCODE -#define WOLFSSL_BASE64_ENCODE - -#undef NO_RC4 -#define NO_RC4 - -#undef NO_HC128 -#define NO_HC128 - -#undef NO_RABBIT -#define NO_RABBIT - -#undef WOLFSSL_SHA224 -#define WOLFSSL_SHA224 - -#undef HAVE_POLY1305 -#define HAVE_POLY1305 - -#undef HAVE_ONE_TIME_AUTH -#define HAVE_ONE_TIME_AUTH - -#undef HAVE_CHACHA -#define HAVE_CHACHA - -#undef HAVE_HASHDRBG -#define HAVE_HASHDRBG - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SUPPORTED_CURVES -#define HAVE_SUPPORTED_CURVES - -#undef HAVE_EXTENDED_MASTER -#define HAVE_EXTENDED_MASTER - -#undef NO_PSK -#define NO_PSK - -#undef NO_MD4 -#define NO_MD4 - -#undef USE_FAST_MATH -#define USE_FAST_MATH - -#undef WOLFSSL_X86_64_BUILD -#define WOLFSSL_X86_64_BUILD - -#undef NO_DES3 -#define NO_DES3 - -#undef HAVE___UINT128_T -#define HAVE___UINT128_T - - -#ifdef __cplusplus -} -#endif - - -#endif /* WOLFSSL_OPTIONS_H */ - diff --git a/tmp.status b/tmp.status deleted file mode 100755 index 8ac72b512..000000000 --- a/tmp.status +++ /dev/null @@ -1,2403 +0,0 @@ -#! /bin/sh -# Generated by configure. -# Run this file to recreate the current configuration. -# Compiler output produced by configure, useful for debugging -# configure, is in config.log if it exists. - -debug=false -ac_cs_recheck=false -ac_cs_silent=false - -SHELL=${CONFIG_SHELL-/bin/sh} -export SHELL -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - - -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- -# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} # as_fn_error - - -# as_fn_set_status STATUS -# ----------------------- -# Set $? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} # as_fn_set_status - -# as_fn_exit STATUS -# ----------------- -# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} # as_fn_exit - -# as_fn_unset VAR -# --------------- -# Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset -# as_fn_append VAR VALUE -# ---------------------- -# Append the text in VALUE to the end of the definition contained in VAR. Take -# advantage of any shell optimizations that allow amortized linear growth over -# repeated appends, instead of the typical quadratic growth present in naive -# implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -# as_fn_arith ARG... -# ------------------ -# Perform arithmetic evaluation on the ARGs, and store the result in the -# global $as_val. Take advantage of shells that can avoid forks. The arguments -# must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in #((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - - -# as_fn_mkdir_p -# ------------- -# Create "$as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} # as_fn_mkdir_p -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -exec 6>&1 -## ----------------------------------- ## -## Main body of $CONFIG_STATUS script. ## -## ----------------------------------- ## -# Save the log message, to keep $0 and so on meaningful, and to -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" -This file was extended by wolfssl $as_me 3.9.10, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS - CONFIG_LINKS = $CONFIG_LINKS - CONFIG_COMMANDS = $CONFIG_COMMANDS - $ $0 $@ - -on `(hostname || uname -n) 2>/dev/null | sed 1q` -" - -# Files that config.status was made for. -config_files=" stamp-h Makefile wolfssl/version.h wolfssl/options.h support/wolfssl.pc rpm/spec" -config_headers=" config.h:config.in" -config_commands=" depfiles libtool" - -ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions -from templates according to the current configuration. Unless the files -and actions are specified as TAGs, all are instantiated by default. - -Usage: $0 [OPTION]... [TAG]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit - --config print configuration, then exit - -q, --quiet, --silent - do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE - -Configuration files: -$config_files - -Configuration headers: -$config_headers - -Configuration commands: -$config_commands - -Report bugs to . -wolfssl home page: ." - -ac_cs_config="'--enable-debug' '--enable-opensslextra' 'CFLAGS=-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT'" -ac_cs_version="\ -wolfssl config.status 3.9.10 -configured by ./configure, generated by GNU Autoconf 2.69, - with options \"$ac_cs_config\" - -Copyright (C) 2012 Free Software Foundation, Inc. -This config.status script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it." - -ac_pwd='/Users/kojo/wolfSSL/openSSL/wolfssl' -srcdir='.' -INSTALL='/usr/bin/install -c' -MKDIR_P='build-aux/install-sh -c -d' -AWK='awk' -test -n "$AWK" || AWK=awk -# The default lists apply if the user does not specify any file. -ac_need_defaults=: -while test $# != 0 -do - case $1 in - --*=?*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; - --*=) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg= - ac_shift=: - ;; - *) - ac_option=$1 - ac_optarg=$2 - ac_shift=shift - ;; - esac - - case $ac_option in - # Handling of the options. - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; - --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - '') as_fn_error $? "missing file argument" ;; - esac - as_fn_append CONFIG_FILES " '$ac_optarg'" - ac_need_defaults=false;; - --header | --heade | --head | --hea ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - as_fn_append CONFIG_HEADERS " '$ac_optarg'" - ac_need_defaults=false;; - --he | --h) - # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; - --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; - - *) as_fn_append ac_config_targets " $1" - ac_need_defaults=false ;; - - esac - shift -done - -ac_configure_extra_args= - -if $ac_cs_silent; then - exec 6>/dev/null - ac_configure_extra_args="$ac_configure_extra_args --silent" -fi - -if $ac_cs_recheck; then - set X /bin/sh './configure' '--enable-debug' '--enable-opensslextra' 'CFLAGS=-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT' $ac_configure_extra_args --no-create --no-recursion - shift - $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6 - CONFIG_SHELL='/bin/sh' - export CONFIG_SHELL - exec "$@" -fi - -exec 5>>config.log -{ - echo - sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -## Running $as_me. ## -_ASBOX - $as_echo "$ac_log" -} >&5 - -# -# INIT-COMMANDS -# -AMDEP_TRUE="" ac_aux_dir="build-aux" - - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -sed_quote_subst='s/\(["`$\\]\)/\\\1/g' -double_quote_subst='s/\(["`\\]\)/\\\1/g' -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' -macro_version='2.4.6' -macro_revision='2.4.6' -enable_static='no' -enable_shared='yes' -pic_mode='default' -enable_fast_install='needless' -shared_archive_member_spec='' -SHELL='/bin/sh' -ECHO='printf %s\n' -PATH_SEPARATOR=':' -host_alias='' -host='x86_64-apple-darwin15.6.0' -host_os='darwin15.6.0' -build_alias='' -build='x86_64-apple-darwin15.6.0' -build_os='darwin15.6.0' -SED='/usr/bin/sed' -Xsed='/usr/bin/sed -e 1s/^X//' -GREP='/usr/bin/grep' -EGREP='/usr/bin/grep -E' -FGREP='/usr/bin/grep -F' -LD='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld' -NM='/usr/bin/nm -B' -LN_S='ln -s' -max_cmd_len='196608' -ac_objext='o' -exeext='' -lt_unset='unset' -lt_SP2NL='tr \040 \012' -lt_NL2SP='tr \015\012 \040\040' -lt_cv_to_host_file_cmd='func_convert_file_noop' -lt_cv_to_tool_file_cmd='func_convert_file_noop' -reload_flag=' -r' -reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' -OBJDUMP='false' -deplibs_check_method='pass_all' -file_magic_cmd='$MAGIC_CMD' -file_magic_glob='' -want_nocaseglob='no' -DLLTOOL='false' -sharedlib_from_linklib_cmd='printf %s\n' -AR='ar' -AR_FLAGS='cru' -archiver_list_spec='' -STRIP='strip' -RANLIB='ranlib' -old_postinstall_cmds='chmod 644 $oldlib~$RANLIB $tool_oldlib' -old_postuninstall_cmds='' -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs~$RANLIB $tool_oldlib' -lock_old_archive_extraction='yes' -CC='gcc' -CFLAGS='-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT -Werror -g -ggdb -O0 -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv ' -compiler='g++' -GCC='yes' -lt_cv_sys_global_symbol_pipe='sed -n -e '\''s/^.*[ ]\([BCDEGRST][BCDEGRST]*\)[ ][ ]*_\([_A-Za-z][_A-Za-z0-9]*\)$/\1 _\2 \2/p'\'' | sed '\''/ __gnu_lto/d'\''' -lt_cv_sys_global_symbol_to_cdecl='sed -n -e '\''s/^T .* \(.*\)$/extern int \1();/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/extern char \1;/p'\''' -lt_cv_sys_global_symbol_to_import='' -lt_cv_sys_global_symbol_to_c_name_address='sed -n -e '\''s/^: \(.*\) .*$/ {"\1", (void *) 0},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/ {"\1", (void *) \&\1},/p'\''' -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='sed -n -e '\''s/^: \(.*\) .*$/ {"\1", (void *) 0},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(lib.*\)$/ {"\1", (void *) \&\1},/p'\'' -e '\''s/^[BCDEGRST][BCDEGRST]* .* \(.*\)$/ {"lib\1", (void *) \&\1},/p'\''' -lt_cv_nm_interface='BSD nm' -nm_file_list_spec='' -lt_sysroot='' -lt_cv_truncate_bin='/bin/dd bs=4096 count=1' -objdir='.libs' -MAGIC_CMD='file' -lt_prog_compiler_no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions' -lt_prog_compiler_pic=' -fno-common -DPIC' -lt_prog_compiler_wl='-Wl,' -lt_prog_compiler_static='' -lt_cv_prog_compiler_c_o='yes' -need_locks='no' -MANIFEST_TOOL=':' -DSYMUTIL='dsymutil' -NMEDIT='nmedit' -LIPO='lipo' -OTOOL='otool' -OTOOL64=':' -libext='a' -shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' -extract_expsyms_cmds='' -archive_cmds_need_lc='no' -enable_shared_with_static_runtimes='no' -export_dynamic_flag_spec='' -whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' -compiler_needs_object='no' -old_archive_from_new_cmds='' -old_archive_from_expsyms_cmds='' -archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module' -archive_expsym_cmds='sed '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' -module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags' -module_expsym_cmds='sed -e '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' -with_gnu_ld='no' -allow_undefined_flag='$wl-undefined ${wl}dynamic_lookup' -no_undefined_flag='' -hardcode_libdir_flag_spec='' -hardcode_libdir_separator='' -hardcode_direct='no' -hardcode_direct_absolute='no' -hardcode_minus_L='no' -hardcode_shlibpath_var='unsupported' -hardcode_automatic='yes' -inherit_rpath='no' -link_all_deplibs='yes' -always_export_symbols='no' -export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' -exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' -include_expsyms='' -prelink_cmds='' -postlink_cmds='' -file_list_spec='' -variables_saved_for_relink='PATH DYLD_LIBRARY_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH' -need_lib_prefix='no' -need_version='no' -version_type='darwin' -runpath_var='' -shlibpath_var='DYLD_LIBRARY_PATH' -shlibpath_overrides_runpath='yes' -libname_spec='lib$name' -library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' -soname_spec='$libname$release$major$shared_ext' -install_override_mode='' -postinstall_cmds='' -postuninstall_cmds='' -finish_cmds='' -finish_eval='' -hardcode_into_libs='no' -sys_lib_search_path_spec='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0 /usr/local/lib' -configure_time_dlsearch_path='/usr/local/lib /lib /usr/lib' -configure_time_lt_sys_library_path='' -hardcode_action='immediate' -enable_dlopen='unknown' -enable_dlopen_self='unknown' -enable_dlopen_self_static='unknown' -old_striplib='strip -S' -striplib='strip -x' -compiler_lib_search_dirs='' -predep_objects='' -postdep_objects='' -predeps='' -postdeps='' -compiler_lib_search_path='' -LD_CXX='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld' -reload_flag_CXX=' -r' -reload_cmds_CXX='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' -old_archive_cmds_CXX='$AR $AR_FLAGS $oldlib$oldobjs~$RANLIB $tool_oldlib' -compiler_CXX='g++' -GCC_CXX='yes' -lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' -lt_prog_compiler_pic_CXX=' -fno-common -DPIC' -lt_prog_compiler_wl_CXX='-Wl,' -lt_prog_compiler_static_CXX='' -lt_cv_prog_compiler_c_o_CXX='yes' -archive_cmds_need_lc_CXX='no' -enable_shared_with_static_runtimes_CXX='no' -export_dynamic_flag_spec_CXX='' -whole_archive_flag_spec_CXX='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' -compiler_needs_object_CXX='no' -old_archive_from_new_cmds_CXX='' -old_archive_from_expsyms_cmds_CXX='' -archive_cmds_CXX='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module' -archive_expsym_cmds_CXX='sed '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring $single_module $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' -module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags' -module_expsym_cmds_CXX='sed -e '\''s|^|_|'\'' < $export_symbols > $output_objdir/$libname-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs $compiler_flags $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' -with_gnu_ld_CXX='no' -allow_undefined_flag_CXX='$wl-undefined ${wl}dynamic_lookup' -no_undefined_flag_CXX='' -hardcode_libdir_flag_spec_CXX='' -hardcode_libdir_separator_CXX='' -hardcode_direct_CXX='no' -hardcode_direct_absolute_CXX='no' -hardcode_minus_L_CXX='no' -hardcode_shlibpath_var_CXX='unsupported' -hardcode_automatic_CXX='yes' -inherit_rpath_CXX='no' -link_all_deplibs_CXX='yes' -always_export_symbols_CXX='no' -export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' -exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' -include_expsyms_CXX='' -prelink_cmds_CXX='' -postlink_cmds_CXX='' -file_list_spec_CXX='' -hardcode_action_CXX='immediate' -compiler_lib_search_dirs_CXX='' -predep_objects_CXX='' -postdep_objects_CXX='' -predeps_CXX='' -postdeps_CXX='' -compiler_lib_search_path_CXX='' - -LTCC='gcc' -LTCFLAGS='-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT' -compiler='gcc' - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' -} - -# Quote evaled strings. -for var in SHELL ECHO PATH_SEPARATOR SED GREP EGREP FGREP LD NM LN_S lt_SP2NL lt_NL2SP reload_flag OBJDUMP deplibs_check_method file_magic_cmd file_magic_glob want_nocaseglob DLLTOOL sharedlib_from_linklib_cmd AR AR_FLAGS archiver_list_spec STRIP RANLIB CC CFLAGS compiler lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl lt_cv_sys_global_symbol_to_import lt_cv_sys_global_symbol_to_c_name_address lt_cv_sys_global_symbol_to_c_name_address_lib_prefix lt_cv_nm_interface nm_file_list_spec lt_cv_truncate_bin lt_prog_compiler_no_builtin_flag lt_prog_compiler_pic lt_prog_compiler_wl lt_prog_compiler_static lt_cv_prog_compiler_c_o need_locks MANIFEST_TOOL DSYMUTIL NMEDIT LIPO OTOOL OTOOL64 shrext_cmds export_dynamic_flag_spec whole_archive_flag_spec compiler_needs_object with_gnu_ld allow_undefined_flag no_undefined_flag hardcode_libdir_flag_spec hardcode_libdir_separator exclude_expsyms include_expsyms file_list_spec variables_saved_for_relink libname_spec library_names_spec soname_spec install_override_mode finish_eval old_striplib striplib compiler_lib_search_dirs predep_objects postdep_objects predeps postdeps compiler_lib_search_path LD_CXX reload_flag_CXX compiler_CXX lt_prog_compiler_no_builtin_flag_CXX lt_prog_compiler_pic_CXX lt_prog_compiler_wl_CXX lt_prog_compiler_static_CXX lt_cv_prog_compiler_c_o_CXX export_dynamic_flag_spec_CXX whole_archive_flag_spec_CXX compiler_needs_object_CXX with_gnu_ld_CXX allow_undefined_flag_CXX no_undefined_flag_CXX hardcode_libdir_flag_spec_CXX hardcode_libdir_separator_CXX exclude_expsyms_CXX include_expsyms_CXX file_list_spec_CXX compiler_lib_search_dirs_CXX predep_objects_CXX postdep_objects_CXX predeps_CXX postdeps_CXX compiler_lib_search_path_CXX; do - case `eval \\$ECHO \\""\\$$var"\\"` in - *[\\\`\"\$]*) - eval "lt_$var=\\\"\`\$ECHO \"\$$var\" | \$SED \"\$sed_quote_subst\"\`\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_$var=\\\"\$$var\\\"" - ;; - esac -done - -# Double-quote double-evaled strings. -for var in reload_cmds old_postinstall_cmds old_postuninstall_cmds old_archive_cmds extract_expsyms_cmds old_archive_from_new_cmds old_archive_from_expsyms_cmds archive_cmds archive_expsym_cmds module_cmds module_expsym_cmds export_symbols_cmds prelink_cmds postlink_cmds postinstall_cmds postuninstall_cmds finish_cmds sys_lib_search_path_spec configure_time_dlsearch_path configure_time_lt_sys_library_path reload_cmds_CXX old_archive_cmds_CXX old_archive_from_new_cmds_CXX old_archive_from_expsyms_cmds_CXX archive_cmds_CXX archive_expsym_cmds_CXX module_cmds_CXX module_expsym_cmds_CXX export_symbols_cmds_CXX prelink_cmds_CXX postlink_cmds_CXX; do - case `eval \\$ECHO \\""\\$$var"\\"` in - *[\\\`\"\$]*) - eval "lt_$var=\\\"\`\$ECHO \"\$$var\" | \$SED -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ## exclude from sc_prohibit_nested_quotes - ;; - *) - eval "lt_$var=\\\"\$$var\\\"" - ;; - esac -done - -ac_aux_dir='build-aux' - -# See if we are running on zsh, and set the options that allow our -# commands through without removal of \ escapes INIT. -if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST -fi - - - PACKAGE='wolfssl' - VERSION='3.9.10' - RM='rm -f' - ofile='libtool' - - - - - - - -# Handling of arguments. -for ac_config_target in $ac_config_targets -do - case $ac_config_target in - "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h:config.in" ;; - "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; - "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; - "stamp-h") CONFIG_FILES="$CONFIG_FILES stamp-h" ;; - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "wolfssl/version.h") CONFIG_FILES="$CONFIG_FILES wolfssl/version.h" ;; - "wolfssl/options.h") CONFIG_FILES="$CONFIG_FILES wolfssl/options.h" ;; - "support/wolfssl.pc") CONFIG_FILES="$CONFIG_FILES support/wolfssl.pc" ;; - "rpm/spec") CONFIG_FILES="$CONFIG_FILES rpm/spec" ;; - - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; - esac -done - - -# If the user did not use the arguments to specify the items to instantiate, -# then the envvar interface is used. Set only those that are not. -# We use the long form for the default assignment because of an extremely -# bizarre bug on SunOS 4.1.3. -if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands -fi - -# Have a temporary directory for convenience. Make it in the build tree -# simply because there is no reason against having it here, and in addition, -# creating and moving files from /tmp can sometimes cause problems. -# Hook for its removal unless debugging. -# Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. -$debug || -{ - tmp= ac_tmp= - trap 'exit_status=$? - : "${ac_tmp:=$tmp}" - { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status -' 0 - trap 'as_fn_exit 1' 1 2 13 15 -} -# Create a (secure) tmp directory for tmp files. - -{ - tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -d "$tmp" -} || -{ - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") -} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 -ac_tmp=$tmp - -# Set up the scripts for CONFIG_FILES section. -# No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. -if test -n "$CONFIG_FILES"; then - - -ac_cr=`echo X | tr X '\015'` -# On cygwin, bash can eat \r inside `` if the user requested igncr. -# But we know of no other shell where ac_cr would be empty at this -# point, so we can use a bashism as a fallback. -if test "x$ac_cr" = x; then - eval ac_cr=\$\'\\r\' -fi -ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` -if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' -else - ac_cs_awk_cr=$ac_cr -fi - -echo 'BEGIN {' >"$ac_tmp/subs1.awk" && -cat >>"$ac_tmp/subs1.awk" <<\_ACAWK && -S["am__EXEEXT_FALSE"]="" -S["am__EXEEXT_TRUE"]="#" -S["LTLIBOBJS"]="" -S["LIBOBJS"]="" -S["INC_AMINCLUDE"]="include $(top_builddir)/aminclude.am" -S["AMINCLUDE"]="aminclude.am" -S["GENERIC_CONFIG"]="wolfssl-config" -S["LIB_STATIC_ADD"]="" -S["LIB_ADD"]="" -S["AM_CCASFLAGS"]="" -S["AM_LDFLAGS"]="" -S["AM_CFLAGS"]="-DOPENSSL_EXTRA -D_POSIX_THREADS -g -DDEBUG -DDEBUG_WOLFSSL -DHAVE_THREAD_LS -D_THREAD_SAFE -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA"\ -"_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 "\ -"-DNO_RABBIT -DWOLFSSL_SHA224 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE"\ -"_EXTENDED_MASTER -DNO_PSK -DNO_MD4 -DUSE_FAST_MATH -DWOLFSSL_X86_64_BUILD -DNO_DES3 -Wall -Wno-unused -DHAVE___UINT128_T" -S["AM_CPPFLAGS"]=" -fvisibility=hidden" -S["HEX_VERSION"]="0x03009010" -S["IS_VCS_CHECKOUT_FALSE"]="#" -S["IS_VCS_CHECKOUT_TRUE"]="" -S["BUILD_PKCS7_FALSE"]="" -S["BUILD_PKCS7_TRUE"]="#" -S["BUILD_DES3_FALSE"]="" -S["BUILD_DES3_TRUE"]="#" -S["BUILD_TRUST_PEER_CERT_FALSE"]="" -S["BUILD_TRUST_PEER_CERT_TRUE"]="#" -S["BUILD_PSK_FALSE"]="" -S["BUILD_PSK_TRUE"]="#" -S["BUILD_WOLFEVENT_FALSE"]="" -S["BUILD_WOLFEVENT_TRUE"]="#" -S["BUILD_ASYNCCRYPT_FALSE"]="" -S["BUILD_ASYNCCRYPT_TRUE"]="#" -S["BUILD_MCAPI_FALSE"]="" -S["BUILD_MCAPI_TRUE"]="#" -S["BUILD_FAST_RSA_FALSE"]="" -S["BUILD_FAST_RSA_TRUE"]="#" -S["IPPLINK"]="" -S["IPPHEADERS"]="" -S["IPPLIBS"]="" -S["BUILD_CAVIUM_FALSE"]="" -S["BUILD_CAVIUM_TRUE"]="#" -S["BUILD_LIBZ_FALSE"]="" -S["BUILD_LIBZ_TRUE"]="#" -S["BUILD_WOLFCRYPT_TESTS_FALSE"]="#" -S["BUILD_WOLFCRYPT_TESTS_TRUE"]="" -S["BUILD_TESTS_FALSE"]="#" -S["BUILD_TESTS_TRUE"]="" -S["BUILD_EXAMPLE_CLIENTS_FALSE"]="#" -S["BUILD_EXAMPLE_CLIENTS_TRUE"]="" -S["BUILD_EXAMPLE_SERVERS_FALSE"]="#" -S["BUILD_EXAMPLE_SERVERS_TRUE"]="" -S["BUILD_SLOWMATH_FALSE"]="" -S["BUILD_SLOWMATH_TRUE"]="#" -S["BUILD_FASTMATH_FALSE"]="#" -S["BUILD_FASTMATH_TRUE"]="" -S["BUILD_CRYPTONLY_FALSE"]="" -S["BUILD_CRYPTONLY_TRUE"]="#" -S["BUILD_PWDBASED_FALSE"]="#" -S["BUILD_PWDBASED_TRUE"]="" -S["BUILD_MD4_FALSE"]="" -S["BUILD_MD4_TRUE"]="#" -S["USE_VALGRIND_FALSE"]="" -S["USE_VALGRIND_TRUE"]="#" -S["HAVE_VALGRIND"]="" -S["BUILD_SRP_FALSE"]="" -S["BUILD_SRP_TRUE"]="#" -S["BUILD_WNR_FALSE"]="" -S["BUILD_WNR_TRUE"]="#" -S["BUILD_NTRU_FALSE"]="" -S["BUILD_NTRU_TRUE"]="#" -S["BUILD_USER_CRYPTO_FALSE"]="" -S["BUILD_USER_CRYPTO_TRUE"]="#" -S["BUILD_USER_RSA_FALSE"]="" -S["BUILD_USER_RSA_TRUE"]="#" -S["BUILD_CRL_MONITOR_FALSE"]="" -S["BUILD_CRL_MONITOR_TRUE"]="#" -S["BUILD_CRL_FALSE"]="" -S["BUILD_CRL_TRUE"]="#" -S["BUILD_OCSP_STAPLING_V2_FALSE"]="" -S["BUILD_OCSP_STAPLING_V2_TRUE"]="#" -S["BUILD_OCSP_STAPLING_FALSE"]="" -S["BUILD_OCSP_STAPLING_TRUE"]="#" -S["HAVE_OPENSSL_CMD"]="" -S["BUILD_OCSP_FALSE"]="" -S["BUILD_OCSP_TRUE"]="#" -S["BUILD_INLINE_FALSE"]="#" -S["BUILD_INLINE_TRUE"]="" -S["BUILD_CHACHA_FALSE"]="#" -S["BUILD_CHACHA_TRUE"]="" -S["BUILD_POLY1305_FALSE"]="#" -S["BUILD_POLY1305_TRUE"]="" -S["BUILD_SHA224_FALSE"]="#" -S["BUILD_SHA224_TRUE"]="" -S["BUILD_FIPS_FALSE"]="" -S["BUILD_FIPS_TRUE"]="#" -S["BUILD_RABBIT_FALSE"]="" -S["BUILD_RABBIT_TRUE"]="#" -S["BUILD_HC128_FALSE"]="" -S["BUILD_HC128_TRUE"]="#" -S["BUILD_CMAC_FALSE"]="" -S["BUILD_CMAC_TRUE"]="#" -S["BUILD_SHA_FALSE"]="#" -S["BUILD_SHA_TRUE"]="" -S["BUILD_MD5_FALSE"]="#" -S["BUILD_MD5_TRUE"]="" -S["BUILD_RC4_FALSE"]="" -S["BUILD_RC4_TRUE"]="#" -S["BUILD_IDEA_FALSE"]="" -S["BUILD_IDEA_TRUE"]="#" -S["BUILD_CODING_FALSE"]="#" -S["BUILD_CODING_TRUE"]="" -S["BUILD_AES_FALSE"]="#" -S["BUILD_AES_TRUE"]="" -S["BUILD_ASN_FALSE"]="#" -S["BUILD_ASN_TRUE"]="" -S["BUILD_DH_FALSE"]="#" -S["BUILD_DH_TRUE"]="" -S["BUILD_RSA_FALSE"]="#" -S["BUILD_RSA_TRUE"]="" -S["BUILD_MEMORY_FALSE"]="#" -S["BUILD_MEMORY_TRUE"]="" -S["BUILD_GEMATH_FALSE"]="" -S["BUILD_GEMATH_TRUE"]="#" -S["BUILD_FEMATH_FALSE"]="" -S["BUILD_FEMATH_TRUE"]="#" -S["BUILD_CURVED25519_SMALL_FALSE"]="" -S["BUILD_CURVED25519_SMALL_TRUE"]="#" -S["BUILD_ED25519_FALSE"]="" -S["BUILD_ED25519_TRUE"]="#" -S["BUILD_CURVE25519_FALSE"]="" -S["BUILD_CURVE25519_TRUE"]="#" -S["BUILD_ECC_FALSE"]="#" -S["BUILD_ECC_TRUE"]="" -S["BUILD_DSA_FALSE"]="" -S["BUILD_DSA_TRUE"]="#" -S["BUILD_SHA512_FALSE"]="#" -S["BUILD_SHA512_TRUE"]="" -S["BUILD_BLAKE2_FALSE"]="" -S["BUILD_BLAKE2_TRUE"]="#" -S["BUILD_RIPEMD_FALSE"]="" -S["BUILD_RIPEMD_TRUE"]="#" -S["BUILD_MD2_FALSE"]="" -S["BUILD_MD2_TRUE"]="#" -S["BUILD_CAMELLIA_FALSE"]="" -S["BUILD_CAMELLIA_TRUE"]="#" -S["BUILD_AESNI_FALSE"]="" -S["BUILD_AESNI_TRUE"]="#" -S["BUILD_ARMASM_FALSE"]="" -S["BUILD_ARMASM_TRUE"]="#" -S["BUILD_AESCCM_FALSE"]="" -S["BUILD_AESCCM_TRUE"]="#" -S["BUILD_AESGCM_FALSE"]="#" -S["BUILD_AESGCM_TRUE"]="" -S["BUILD_SNIFFTEST_FALSE"]="" -S["BUILD_SNIFFTEST_TRUE"]="#" -S["BUILD_SNIFFER_FALSE"]="" -S["BUILD_SNIFFER_TRUE"]="#" -S["BUILD_LEANTLS_FALSE"]="" -S["BUILD_LEANTLS_TRUE"]="#" -S["BUILD_LEANPSK_FALSE"]="" -S["BUILD_LEANPSK_TRUE"]="#" -S["BUILD_IPV6_FALSE"]="" -S["BUILD_IPV6_TRUE"]="#" -S["BUILD_SCTP_FALSE"]="" -S["BUILD_SCTP_TRUE"]="#" -S["BUILD_RNG_FALSE"]="#" -S["BUILD_RNG_TRUE"]="" -S["PTHREAD_CFLAGS"]="-D_THREAD_SAFE " -S["PTHREAD_LIBS"]="" -S["PTHREAD_CC"]="gcc" -S["ax_pthread_config"]="" -S["DEBUG_FALSE"]="#" -S["DEBUG_TRUE"]="" -S["MCHECK"]="" -S["LIBM"]="" -S["am__fastdepCCAS_FALSE"]="#" -S["am__fastdepCCAS_TRUE"]="" -S["CCASDEPMODE"]="depmode=gcc3" -S["CCASFLAGS"]="-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT" -S["CCAS"]="gcc" -S["HAVE_VISIBILITY"]="1" -S["CFLAG_VISIBILITY"]="-fvisibility=hidden" -S["CXXCPP"]="g++ -E" -S["am__fastdepCXX_FALSE"]="#" -S["am__fastdepCXX_TRUE"]="" -S["CXXDEPMODE"]="depmode=gcc3" -S["ac_ct_CXX"]="g++" -S["CXXFLAGS"]="-g -O2" -S["CXX"]="g++" -S["CPP"]="gcc -E" -S["LT_SYS_LIBRARY_PATH"]="" -S["OTOOL64"]=":" -S["OTOOL"]="otool" -S["LIPO"]="lipo" -S["NMEDIT"]="nmedit" -S["DSYMUTIL"]="dsymutil" -S["MANIFEST_TOOL"]=":" -S["RANLIB"]="ranlib" -S["ac_ct_AR"]="ar" -S["AR"]="ar" -S["DLLTOOL"]="false" -S["OBJDUMP"]="false" -S["LN_S"]="ln -s" -S["NM"]="/usr/bin/nm -B" -S["ac_ct_DUMPBIN"]="" -S["DUMPBIN"]="" -S["LD"]="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld" -S["FGREP"]="/usr/bin/grep -F" -S["EGREP"]="/usr/bin/grep -E" -S["GREP"]="/usr/bin/grep" -S["SED"]="/usr/bin/sed" -S["am__fastdepCC_FALSE"]="#" -S["am__fastdepCC_TRUE"]="" -S["CCDEPMODE"]="depmode=gcc3" -S["am__nodep"]="_no" -S["AMDEPBACKSLASH"]="\\" -S["AMDEP_FALSE"]="#" -S["AMDEP_TRUE"]="" -S["am__quote"]="" -S["am__include"]="include" -S["DEPDIR"]=".deps" -S["OBJEXT"]="o" -S["EXEEXT"]="" -S["ac_ct_CC"]="gcc" -S["CPPFLAGS"]=" -fvisibility=hidden" -S["LDFLAGS"]="" -S["CFLAGS"]="-DWOLFSSL_AES_COUNTER -DHAVE_AESGCM -DWOLFSSL_AES_DIRECT -DHAVE_AES_CCM -DHAVE_AES_ECB -DSHAVE_AES_DECRYPT -Werror -g -ggdb -O0 -Wno-pragmas -Wall "\ -"-Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -W"\ -"float-equal -Wformat-security -Wformat=2 -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wpoi"\ -"nter-sign -Wredundant-decls -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wstrict-overflow=1 -Wstrict-prototypes -Wswitch-enum -Wundef -Wunused -Wunus"\ -"ed-result -Wunused-variable -Wwrite-strings -fwrapv " -S["CC"]="gcc" -S["LIBTOOL"]="$(SHELL) $(top_builddir)/libtool" -S["WOLFSSL_LIBRARY_VERSION"]="8:0:5" -S["AM_BACKSLASH"]="\\" -S["AM_DEFAULT_VERBOSITY"]="0" -S["AM_DEFAULT_V"]="$(AM_DEFAULT_VERBOSITY)" -S["AM_V"]="$(V)" -S["am__untar"]="tar -xf -" -S["am__tar"]="tar --format=ustar -chf - \"$$tardir\"" -S["AMTAR"]="$${TAR-tar}" -S["am__leading_dot"]="." -S["SET_MAKE"]="" -S["AWK"]="awk" -S["mkdir_p"]="$(MKDIR_P)" -S["MKDIR_P"]="build-aux/install-sh -c -d" -S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s" -S["STRIP"]="strip" -S["install_sh"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/install-sh" -S["MAKEINFO"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing makeinfo" -S["AUTOHEADER"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing autoheader" -S["AUTOMAKE"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing automake-1.15" -S["AUTOCONF"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing autoconf" -S["ACLOCAL"]="${SHELL} /Users/kojo/wolfSSL/openSSL/wolfssl/build-aux/missing aclocal-1.15" -S["VERSION"]="3.9.10" -S["PACKAGE"]="wolfssl" -S["CYGPATH_W"]="echo" -S["am__isrc"]="" -S["INSTALL_DATA"]="${INSTALL} -m 644" -S["INSTALL_SCRIPT"]="${INSTALL}" -S["INSTALL_PROGRAM"]="${INSTALL}" -S["host_os"]="darwin15.6.0" -S["host_vendor"]="apple" -S["host_cpu"]="x86_64" -S["host"]="x86_64-apple-darwin15.6.0" -S["build_os"]="darwin15.6.0" -S["build_vendor"]="apple" -S["build_cpu"]="x86_64" -S["build"]="x86_64-apple-darwin15.6.0" -S["target_alias"]="" -S["host_alias"]="" -S["build_alias"]="" -S["LIBS"]="-lnetwork " -S["ECHO_T"]="" -S["ECHO_N"]="" -S["ECHO_C"]="\\c" -S["DEFS"]="-DHAVE_CONFIG_H" -S["mandir"]="${datarootdir}/man" -S["localedir"]="${datarootdir}/locale" -S["libdir"]="${exec_prefix}/lib" -S["psdir"]="${docdir}" -S["pdfdir"]="${docdir}" -S["dvidir"]="${docdir}" -S["htmldir"]="${docdir}" -S["infodir"]="${datarootdir}/info" -S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}" -S["oldincludedir"]="/usr/include" -S["includedir"]="${prefix}/include" -S["localstatedir"]="${prefix}/var" -S["sharedstatedir"]="${prefix}/com" -S["sysconfdir"]="${prefix}/etc" -S["datadir"]="${datarootdir}" -S["datarootdir"]="${prefix}/share" -S["libexecdir"]="${exec_prefix}/libexec" -S["sbindir"]="${exec_prefix}/sbin" -S["bindir"]="${exec_prefix}/bin" -S["program_transform_name"]="s,x,x," -S["prefix"]="/usr/local" -S["exec_prefix"]="${prefix}" -S["PACKAGE_URL"]="http://www.wolfssl.com" -S["PACKAGE_BUGREPORT"]="https://github.com/wolfssl/wolfssl/issues" -S["PACKAGE_STRING"]="wolfssl 3.9.10" -S["PACKAGE_VERSION"]="3.9.10" -S["PACKAGE_TARNAME"]="wolfssl" -S["PACKAGE_NAME"]="wolfssl" -S["PATH_SEPARATOR"]=":" -S["SHELL"]="/bin/sh" -_ACAWK -cat >>"$ac_tmp/subs1.awk" <<_ACAWK && - for (key in S) S_is_set[key] = 1 - FS = "" - -} -{ - line = $ 0 - nfields = split(line, field, "@") - substed = 0 - len = length(field[1]) - for (i = 2; i < nfields; i++) { - key = field[i] - keylen = length(key) - if (S_is_set[key]) { - value = S[key] - line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) - len += length(value) + length(field[++i]) - substed = 1 - } else - len += 1 + keylen - } - - print line -} - -_ACAWK -if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then - sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" -else - cat -fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ - || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 -fi # test -n "$CONFIG_FILES" - -# Set up the scripts for CONFIG_HEADERS section. -# No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. -if test -n "$CONFIG_HEADERS"; then -cat >"$ac_tmp/defines.awk" <<\_ACAWK || -BEGIN { -D["PACKAGE_NAME"]=" \"wolfssl\"" -D["PACKAGE_TARNAME"]=" \"wolfssl\"" -D["PACKAGE_VERSION"]=" \"3.9.10\"" -D["PACKAGE_STRING"]=" \"wolfssl 3.9.10\"" -D["PACKAGE_BUGREPORT"]=" \"https://github.com/wolfssl/wolfssl/issues\"" -D["PACKAGE_URL"]=" \"http://www.wolfssl.com\"" -D["STDC_HEADERS"]=" 1" -D["HAVE_SYS_TYPES_H"]=" 1" -D["HAVE_SYS_STAT_H"]=" 1" -D["HAVE_STDLIB_H"]=" 1" -D["HAVE_STRING_H"]=" 1" -D["HAVE_MEMORY_H"]=" 1" -D["HAVE_STRINGS_H"]=" 1" -D["HAVE_INTTYPES_H"]=" 1" -D["HAVE_STDINT_H"]=" 1" -D["HAVE_UNISTD_H"]=" 1" -D["HAVE_DLFCN_H"]=" 1" -D["LT_OBJDIR"]=" \".libs/\"" -D["HAVE_VISIBILITY"]=" 1" -D["HAVE_GETHOSTBYNAME"]=" 1" -D["HAVE_GETADDRINFO"]=" 1" -D["HAVE_GETTIMEOFDAY"]=" 1" -D["HAVE_GMTIME_R"]=" 1" -D["HAVE_INET_NTOA"]=" 1" -D["HAVE_MEMSET"]=" 1" -D["HAVE_SOCKET"]=" 1" -D["HAVE_ARPA_INET_H"]=" 1" -D["HAVE_FCNTL_H"]=" 1" -D["HAVE_LIMITS_H"]=" 1" -D["HAVE_NETDB_H"]=" 1" -D["HAVE_NETINET_IN_H"]=" 1" -D["HAVE_STDDEF_H"]=" 1" -D["HAVE_SYS_IOCTL_H"]=" 1" -D["HAVE_SYS_SOCKET_H"]=" 1" -D["HAVE_SYS_TIME_H"]=" 1" -D["HAVE_ERRNO_H"]=" 1" -D["HAVE_LIBNETWORK"]=" 1" -D["SIZEOF_LONG_LONG"]=" 8" -D["SIZEOF_LONG"]=" 8" -D["HAVE___UINT128_T"]=" 1" -D["TLS"]=" __thread" -D["DEBUG"]=" 1" -D["HAVE_PTHREAD_PRIO_INHERIT"]=" 1" -D["HAVE_PTHREAD"]=" 1" -D["BUILD_USER_RSA"]=" /**/" -D["VCS_SYSTEM"]=" \"git\"" -D["VCS_CHECKOUT"]=" 1" - for (key in D) D_is_set[key] = 1 - FS = "" -} -/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ { - line = $ 0 - split(line, arg, " ") - if (arg[1] == "#") { - defundef = arg[2] - mac1 = arg[3] - } else { - defundef = substr(arg[1], 2) - mac1 = arg[2] - } - split(mac1, mac2, "(") #) - macro = mac2[1] - prefix = substr(line, 1, index(line, defundef) - 1) - if (D_is_set[macro]) { - # Preserve the white space surrounding the "#". - print prefix "define", macro P[macro] D[macro] - next - } else { - # Replace #undef with comments. This is necessary, for example, - # in the case of _POSIX_SOURCE, which is predefined and required - # on some systems where configure will not decide to define it. - if (defundef == "undef") { - print "/*", prefix defundef, macro, "*/" - next - } - } -} -{ print } -_ACAWK - as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 -fi # test -n "$CONFIG_HEADERS" - - -eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" -shift -for ac_tag -do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac - ac_save_IFS=$IFS - IFS=: - set x $ac_tag - IFS=$ac_save_IFS - shift - ac_file=$1 - shift - - case $ac_mode in - :L) ac_source=$1;; - :[FH]) - ac_file_inputs= - for ac_f - do - case $ac_f in - -) ac_f="$ac_tmp/stdin";; - *) # Look for the file first in the build tree, then in the source tree - # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. - test -f "$ac_f" || - case $ac_f in - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; - esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac - as_fn_append ac_file_inputs " '$ac_f'" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ - configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' - `' by configure.' - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} - fi - # Neutralize special characters interpreted by sed in replacement strings. - case $configure_input in #( - *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | - sed 's/[\\\\&|]/\\\\&/g'`;; #( - *) ac_sed_conf_input=$configure_input;; - esac - - case $ac_tag in - *:-:* | *:-) cat >"$ac_tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - esac - ;; - esac - - ac_dir=`$as_dirname -- "$ac_file" || -$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - as_dir="$ac_dir"; as_fn_mkdir_p - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - - case $ac_mode in - :F) - # - # CONFIG_FILE - # - - case $INSTALL in - [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; - *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; - esac - ac_MKDIR_P=$MKDIR_P - case $MKDIR_P in - [\\/$]* | ?:[\\/]* ) ;; - */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; - esac -# If the template does not know about datarootdir, expand it. -# FIXME: This hack should be removed a few years after 2.60. -ac_datarootdir_hack=; ac_datarootdir_seen= -ac_sed_dataroot=' -/datarootdir/ { - p - q -} -/@datadir@/p -/@docdir@/p -/@infodir@/p -/@localedir@/p -/@mandir@/p' -case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in -*datarootdir*) ac_datarootdir_seen=yes;; -*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} - ac_datarootdir_hack=' - s&@datadir@&${datarootdir}&g - s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g - s&@infodir@&${datarootdir}/info&g - s&@localedir@&${datarootdir}/locale&g - s&@mandir@&${datarootdir}/man&g - s&\${datarootdir}&${prefix}/share&g' ;; -esac -ac_sed_extra="/^[ ]*VPATH[ ]*=[ ]*/{ -h -s/// -s/^/:/ -s/[ ]*$/:/ -s/:\$(srcdir):/:/g -s/:\${srcdir}:/:/g -s/:@srcdir@:/:/g -s/^:*// -s/:*$// -x -s/\(=[ ]*\).*/\1/ -G -s/\n// -s/^[^=]*=[ ]*$// -} - -:t -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s|@configure_input@|$ac_sed_conf_input|;t t -s&@top_builddir@&$ac_top_builddir_sub&;t t -s&@top_build_prefix@&$ac_top_build_prefix&;t t -s&@srcdir@&$ac_srcdir&;t t -s&@abs_srcdir@&$ac_abs_srcdir&;t t -s&@top_srcdir@&$ac_top_srcdir&;t t -s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t -s&@builddir@&$ac_builddir&;t t -s&@abs_builddir@&$ac_abs_builddir&;t t -s&@abs_top_builddir@&$ac_abs_top_builddir&;t t -s&@INSTALL@&$ac_INSTALL&;t t -s&@MKDIR_P@&$ac_MKDIR_P&;t t -$ac_datarootdir_hack -" -eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ - >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - -test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ - "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&2;} - - rm -f "$ac_tmp/stdin" - case $ac_file in - -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; - *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; - esac \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - ;; - :H) - # - # CONFIG_HEADER - # - if test x"$ac_file" != x-; then - { - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" - } >"$ac_tmp/config.h" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} - else - rm -f "$ac_file" - mv "$ac_tmp/config.h" "$ac_file" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - fi - else - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error $? "could not create -" "$LINENO" 5 - fi -# Compute "$ac_file"'s index in $config_headers. -_am_arg="$ac_file" -_am_stamp_count=1 -for _am_header in $config_headers :; do - case $_am_header in - $_am_arg | $_am_arg:* ) - break ;; - * ) - _am_stamp_count=`expr $_am_stamp_count + 1` ;; - esac -done -echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || -$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$_am_arg" : 'X\(//\)[^/]' \| \ - X"$_am_arg" : 'X\(//\)$' \| \ - X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$_am_arg" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'`/stamp-h$_am_stamp_count - ;; - - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} - ;; - esac - - - case $ac_file$ac_mode in - "depfiles":C) test x"$AMDEP_TRUE" != x"" || { - # Older Autoconf quotes --file arguments for eval, but not when files - # are listed without --file. Let's play safe and only enable the eval - # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac - shift - for mf - do - # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line - # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`$as_dirname -- "$mf" || -$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$mf" : 'X\(//\)[^/]' \| \ - X"$mf" : 'X\(//\)$' \| \ - X"$mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$mf" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`$as_dirname -- "$file" || -$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$file" : 'X\(//\)[^/]' \| \ - X"$file" : 'X\(//\)$' \| \ - X"$file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - as_dir=$dirpart/$fdir; as_fn_mkdir_p - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done - done -} - ;; - "libtool":C) - - # See if we are running on zsh, and set the options that allow our - # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}"; then - setopt NO_GLOB_SUBST - fi - - cfgfile=${ofile}T - trap "$RM \"$cfgfile\"; exit 1" 1 2 15 - $RM "$cfgfile" - - cat <<_LT_EOF >> "$cfgfile" -#! $SHELL -# Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# NOTE: Changes made to this file will be lost: look at ltmain.sh. - -# Provide generalized library-building support services. -# Written by Gordon Matzigkeit, 1996 - -# Copyright (C) 2014 Free Software Foundation, Inc. -# This is free software; see the source for copying conditions. There is NO -# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# GNU Libtool is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of of the License, or -# (at your option) any later version. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program or library that is built -# using GNU Libtool, you may include this file under the same -# distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# The names of the tagged configurations supported by this script. -available_tags='CXX ' - -# Configured defaults for sys_lib_dlsearch_path munging. -: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} - -# ### BEGIN LIBTOOL CONFIG - -# Which release of libtool.m4 was used? -macro_version=$macro_version -macro_revision=$macro_revision - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# What type of objects to build. -pic_mode=$pic_mode - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# Shared archive member basename,for filename based shared library versioning on AIX. -shared_archive_member_spec=$shared_archive_member_spec - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# An echo program that protects backslashes. -ECHO=$lt_ECHO - -# The PATH separator for the build system. -PATH_SEPARATOR=$lt_PATH_SEPARATOR - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# A sed program that does not truncate output. -SED=$lt_SED - -# Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="\$SED -e 1s/^X//" - -# A grep program that handles long lines. -GREP=$lt_GREP - -# An ERE matcher. -EGREP=$lt_EGREP - -# A literal string matcher. -FGREP=$lt_FGREP - -# A BSD- or MS-compatible name lister. -NM=$lt_NM - -# Whether we need soft or hard links. -LN_S=$lt_LN_S - -# What is the maximum length of a command? -max_cmd_len=$max_cmd_len - -# Object file suffix (normally "o"). -objext=$ac_objext - -# Executable file suffix (normally ""). -exeext=$exeext - -# whether the shell understands "unset". -lt_unset=$lt_unset - -# turn spaces into newlines. -SP2NL=$lt_lt_SP2NL - -# turn newlines into spaces. -NL2SP=$lt_lt_NL2SP - -# convert \$build file names to \$host format. -to_host_file_cmd=$lt_cv_to_host_file_cmd - -# convert \$build files to toolchain format. -to_tool_file_cmd=$lt_cv_to_tool_file_cmd - -# An object symbol dumper. -OBJDUMP=$lt_OBJDUMP - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method = "file_magic". -file_magic_cmd=$lt_file_magic_cmd - -# How to find potential files when deplibs_check_method = "file_magic". -file_magic_glob=$lt_file_magic_glob - -# Find potential files using nocaseglob when deplibs_check_method = "file_magic". -want_nocaseglob=$lt_want_nocaseglob - -# DLL creation program. -DLLTOOL=$lt_DLLTOOL - -# Command to associate shared and link libraries. -sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd - -# The archiver. -AR=$lt_AR - -# Flags to create an archive. -AR_FLAGS=$lt_AR_FLAGS - -# How to feed a file listing to the archiver. -archiver_list_spec=$lt_archiver_list_spec - -# A symbol stripping program. -STRIP=$lt_STRIP - -# Commands used to install an old-style archive. -RANLIB=$lt_RANLIB -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Whether to use a lock for old archive extraction. -lock_old_archive_extraction=$lock_old_archive_extraction - -# A C compiler. -LTCC=$lt_CC - -# LTCC compiler flags. -LTCFLAGS=$lt_CFLAGS - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration. -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm into a list of symbols to manually relocate. -global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import - -# Transform the output of nm in a C name address pair. -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# Transform the output of nm in a C name address pair when lib prefix is needed. -global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix - -# The name lister interface. -nm_interface=$lt_lt_cv_nm_interface - -# Specify filename containing input files for \$NM. -nm_file_list_spec=$lt_nm_file_list_spec - -# The root where to search for dependent libraries,and where our libraries should be installed. -lt_sysroot=$lt_sysroot - -# Command to truncate a binary pipe. -lt_truncate_bin=$lt_lt_cv_truncate_bin - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# Used to examine libraries when file_magic_cmd begins with "file". -MAGIC_CMD=$MAGIC_CMD - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Manifest tool. -MANIFEST_TOOL=$lt_MANIFEST_TOOL - -# Tool to manipulate archived DWARF debug symbol files on Mac OS X. -DSYMUTIL=$lt_DSYMUTIL - -# Tool to change global to local symbols on Mac OS X. -NMEDIT=$lt_NMEDIT - -# Tool to manipulate fat objects and archives on Mac OS X. -LIPO=$lt_LIPO - -# ldd/readelf like tool for Mach-O binaries on Mac OS X. -OTOOL=$lt_OTOOL - -# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. -OTOOL64=$lt_OTOOL64 - -# Old archive suffix (normally "a"). -libext=$libext - -# Shared library suffix (normally ".so"). -shrext_cmds=$lt_shrext_cmds - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at link time. -variables_saved_for_relink=$lt_variables_saved_for_relink - -# Do we need the "lib" prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Library versioning type. -version_type=$version_type - -# Shared library runtime path variable. -runpath_var=$runpath_var - -# Shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Permission mode override for installation of shared libraries. -install_override_mode=$lt_install_override_mode - -# Command to use after installation of a shared archive. -postinstall_cmds=$lt_postinstall_cmds - -# Command to use after uninstallation of a shared archive. -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# As "finish_cmds", except a single script fragment to be evaled but -# not shown. -finish_eval=$lt_finish_eval - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Compile-time system search path for libraries. -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Detected run-time system search path for libraries. -sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path - -# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. -configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - - -# The linker used to build libraries. -LD=$lt_LD - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# Commands used to build an old-style archive. -old_archive_cmds=$lt_old_archive_cmds - -# A language specific compiler. -CC=$lt_compiler - -# Is the compiler the GNU compiler? -with_gcc=$GCC - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc - -# Whether or not to disallow shared libs when runtime libs are static. -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec - -# Whether the compiler copes with passing no objects directly. -compiler_needs_object=$lt_compiler_needs_object - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds - -# Commands used to build a shared archive. -archive_cmds=$lt_archive_cmds -archive_expsym_cmds=$lt_archive_expsym_cmds - -# Commands used to build a loadable module if different from building -# a shared archive. -module_cmds=$lt_module_cmds -module_expsym_cmds=$lt_module_expsym_cmds - -# Whether we are building with GNU ld or not. -with_gnu_ld=$lt_with_gnu_ld - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag - -# Flag that enforces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec - -# Whether we need a single "-rpath" flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary. -hardcode_direct=$hardcode_direct - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the -# library is relocated. -hardcode_direct_absolute=$hardcode_direct_absolute - -# Set to "yes" if using the -LDIR flag during linking hardcodes DIR -# into the resulting binary. -hardcode_minus_L=$hardcode_minus_L - -# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR -# into the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var - -# Set to "yes" if building a shared library automatically hardcodes DIR -# into the library and all subsequent libraries and executables linked -# against it. -hardcode_automatic=$hardcode_automatic - -# Set to yes if linker adds runtime paths of dependent libraries -# to runtime path list. -inherit_rpath=$inherit_rpath - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs - -# Set to "yes" if exported symbols are required. -always_export_symbols=$always_export_symbols - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms - -# Commands necessary for linking programs (against libraries) with templates. -prelink_cmds=$lt_prelink_cmds - -# Commands necessary for finishing linking programs. -postlink_cmds=$lt_postlink_cmds - -# Specify filename containing input files. -file_list_spec=$lt_file_list_spec - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action - -# The directories searched by this compiler when creating a shared library. -compiler_lib_search_dirs=$lt_compiler_lib_search_dirs - -# Dependencies to place before and after the objects being linked to -# create a shared library. -predep_objects=$lt_predep_objects -postdep_objects=$lt_postdep_objects -predeps=$lt_predeps -postdeps=$lt_postdeps - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path - -# ### END LIBTOOL CONFIG - -_LT_EOF - - cat <<'_LT_EOF' >> "$cfgfile" - -# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE - -# func_munge_path_list VARIABLE PATH -# ----------------------------------- -# VARIABLE is name of variable containing _space_ separated list of -# directories to be munged by the contents of PATH, which is string -# having a format: -# "DIR[:DIR]:" -# string "DIR[ DIR]" will be prepended to VARIABLE -# ":DIR[:DIR]" -# string "DIR[ DIR]" will be appended to VARIABLE -# "DIRP[:DIRP]::[DIRA:]DIRA" -# string "DIRP[ DIRP]" will be prepended to VARIABLE and string -# "DIRA[ DIRA]" will be appended to VARIABLE -# "DIR[:DIR]" -# VARIABLE will be replaced by "DIR[ DIR]" -func_munge_path_list () -{ - case x$2 in - x) - ;; - *:) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" - ;; - x:*) - eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" - ;; - *::*) - eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" - eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" - ;; - *) - eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" - ;; - esac -} - - -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -func_cc_basename () -{ - for cc_temp in $*""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac - done - func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` -} - - -# ### END FUNCTIONS SHARED WITH CONFIGURE - -_LT_EOF - - case $host_os in - aix3*) - cat <<\_LT_EOF >> "$cfgfile" -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test set != "${COLLECT_NAMES+set}"; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -_LT_EOF - ;; - esac - - -ltmain=$ac_aux_dir/ltmain.sh - - - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" \ - || (rm -f "$cfgfile"; exit 1) - - mv -f "$cfgfile" "$ofile" || - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" - - - cat <<_LT_EOF >> "$ofile" - -# ### BEGIN LIBTOOL TAG CONFIG: CXX - -# The linker used to build libraries. -LD=$lt_LD_CXX - -# How to create reloadable object files. -reload_flag=$lt_reload_flag_CXX -reload_cmds=$lt_reload_cmds_CXX - -# Commands used to build an old-style archive. -old_archive_cmds=$lt_old_archive_cmds_CXX - -# A language specific compiler. -CC=$lt_compiler_CXX - -# Is the compiler the GNU compiler? -with_gcc=$GCC_CXX - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic_CXX - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl_CXX - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static_CXX - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc_CXX - -# Whether or not to disallow shared libs when runtime libs are static. -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX - -# Whether the compiler copes with passing no objects directly. -compiler_needs_object=$lt_compiler_needs_object_CXX - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX - -# Commands used to build a shared archive. -archive_cmds=$lt_archive_cmds_CXX -archive_expsym_cmds=$lt_archive_expsym_cmds_CXX - -# Commands used to build a loadable module if different from building -# a shared archive. -module_cmds=$lt_module_cmds_CXX -module_expsym_cmds=$lt_module_expsym_cmds_CXX - -# Whether we are building with GNU ld or not. -with_gnu_ld=$lt_with_gnu_ld_CXX - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag_CXX - -# Flag that enforces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag_CXX - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX - -# Whether we need a single "-rpath" flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary. -hardcode_direct=$hardcode_direct_CXX - -# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes -# DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the -# library is relocated. -hardcode_direct_absolute=$hardcode_direct_absolute_CXX - -# Set to "yes" if using the -LDIR flag during linking hardcodes DIR -# into the resulting binary. -hardcode_minus_L=$hardcode_minus_L_CXX - -# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR -# into the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX - -# Set to "yes" if building a shared library automatically hardcodes DIR -# into the library and all subsequent libraries and executables linked -# against it. -hardcode_automatic=$hardcode_automatic_CXX - -# Set to yes if linker adds runtime paths of dependent libraries -# to runtime path list. -inherit_rpath=$inherit_rpath_CXX - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs_CXX - -# Set to "yes" if exported symbols are required. -always_export_symbols=$always_export_symbols_CXX - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds_CXX - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms_CXX - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms_CXX - -# Commands necessary for linking programs (against libraries) with templates. -prelink_cmds=$lt_prelink_cmds_CXX - -# Commands necessary for finishing linking programs. -postlink_cmds=$lt_postlink_cmds_CXX - -# Specify filename containing input files. -file_list_spec=$lt_file_list_spec_CXX - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action_CXX - -# The directories searched by this compiler when creating a shared library. -compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX - -# Dependencies to place before and after the objects being linked to -# create a shared library. -predep_objects=$lt_predep_objects_CXX -postdep_objects=$lt_postdep_objects_CXX -predeps=$lt_predeps_CXX -postdeps=$lt_postdeps_CXX - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_CXX - -# ### END LIBTOOL TAG CONFIG: CXX -_LT_EOF - - ;; - "stamp-h":F) echo timestamp > stamp-h ;; - - esac -done # for ac_tag - - -as_fn_exit 0 From f7737fdc5593d410bc586fb1ffb3a32a47c4c48a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 8 Dec 2016 09:10:54 -0700 Subject: [PATCH 67/86] expand BIO compatibility --- .gitignore | 3 +- src/bio.c | 450 +++++++++++++++++++++++++++++++++--------- src/ssl.c | 119 ++++++++--- tests/api.c | 177 ++++++++++++++++- wolfcrypt/src/evp.c | 3 +- wolfssl/internal.h | 23 ++- wolfssl/openssl/ssl.h | 6 + wolfssl/ssl.h | 38 ++-- 8 files changed, 678 insertions(+), 141 deletions(-) diff --git a/.gitignore b/.gitignore index b22328702..cd9de3c0f 100644 --- a/.gitignore +++ b/.gitignore @@ -64,6 +64,7 @@ testsuite/testsuite tests/unit testsuite/testsuite.test tests/unit.test +tests/bio_write_test.txt testsuite/*.der testsuite/*.pem testsuite/*.raw @@ -188,4 +189,4 @@ wolfcrypt/user-crypto/lib/libusercrypto.* wrapper/CSharp/x64/ # Visual Studio Code Workspace Files -*.vscode \ No newline at end of file +*.vscode diff --git a/src/bio.c b/src/bio.c index 5210f40ce..39f160a63 100644 --- a/src/bio.c +++ b/src/bio.c @@ -31,12 +31,38 @@ WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *pa return 1; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) + +/* Return the number of pending bytes in read and write buffers */ +size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) { - (void) b; WOLFSSL_ENTER("BIO_ctrl_pending"); - return 0; + if (bio == NULL) { + return 0; + } + + if (bio->ssl != NULL) { + return (long)wolfSSL_pending(bio->ssl); + } + + if (bio->type == BIO_MEMORY) { + return bio->memLen; + } + + /* type BIO_BIO then check paired buffer */ + if (bio->type == BIO_BIO && bio->pair != NULL) { + WOLFSSL_BIO* pair = bio->pair; + if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) { + /* in wrap around state where begining of buffer is being + * overwritten */ + return pair->wrSz - pair->rdIdx + pair->wrIdx; + } + else { + /* simple case where has not wrapped around */ + return pair->wrIdx - pair->rdIdx; + } + } + + return 0; } @@ -63,115 +89,355 @@ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int i return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size) + +int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) { - (void) b; - (void) size; - WOLFSSL_ENTER("BIO_set_write_buf_size"); + WOLFSSL_ENTER("wolfSSL_BIO_set_write_buf_size"); + + if (bio == NULL || bio->type != BIO_BIO || size < 0) { + return SSL_FAILURE; + } + + /* if already in pair then do not change size */ + if (bio->pair != NULL) { + WOLFSSL_MSG("WOLFSSL_BIO is paired, free from pair before changing"); + return SSL_FAILURE; + } + + bio->wrSz = (int)size; + if (bio->wrSz < 0) { + WOLFSSL_MSG("Unexpected negative size value"); + return SSL_FAILURE; + } + + if (bio->mem != NULL) { + XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + } + + bio->mem = (byte*)XMALLOC(bio->wrSz, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->mem == NULL) { + WOLFSSL_MSG("Memory allocation error"); + return SSL_FAILURE; + } + bio->wrIdx = 0; + bio->rdIdx = 0; + + return SSL_SUCCESS; +} + + +/* Joins two BIO_BIO types. The write of b1 goes to the read of b2 and vise + * versa. Creating something similar to a two way pipe. + * Reading and writing between the two BIOs is not thread safe, they are + * expected to be used by the same thread. */ +int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) +{ + WOLFSSL_ENTER("wolfSSL_BIO_make_bio_pair"); + + if (b1 == NULL || b2 == NULL) { + WOLFSSL_LEAVE("wolfSSL_BIO_make_bio_pair", BAD_FUNC_ARG); + return SSL_FAILURE; + } + + /* both are expected to be of type BIO and not already paired */ + if (b1->type != BIO_BIO || b2->type != BIO_BIO || + b1->pair != NULL || b2->pair != NULL) { + WOLFSSL_MSG("Expected type BIO and not already paired"); + return SSL_FAILURE; + } + + /* set default write size if not already set */ + if (b1->mem == NULL && wolfSSL_BIO_set_write_buf_size(b1, + WOLFSSL_BIO_SIZE) != SSL_SUCCESS) { + return SSL_FAILURE; + } + + if (b2->mem == NULL && wolfSSL_BIO_set_write_buf_size(b2, + WOLFSSL_BIO_SIZE) != SSL_SUCCESS) { + return SSL_FAILURE; + } + + b1->pair = b2; + b2->pair = b1; + + return SSL_SUCCESS; +} + + +int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b) +{ + WOLFSSL_ENTER("wolfSSL_BIO_ctrl_reset_read_request"); + + if (b == NULL) { + return SSL_FAILURE; + } + + b->readRq = 0; + + return SSL_SUCCESS; +} + + +/* Does not advance read index pointer */ +int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) +{ + WOLFSSL_ENTER("wolfSSL_BIO_nread0"); + + if (bio == NULL || buf == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + + /* if paired read from pair */ + if (bio->pair != NULL) { + WOLFSSL_BIO* pair = bio->pair; + + /* case where have wrapped around write buffer */ + *buf = (char*)pair->mem + pair->rdIdx; + if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { + return pair->wrSz - pair->rdIdx; + } + else { + return pair->wrIdx - pair->rdIdx; + } + } + return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) + +/* similar to wolfSSL_BIO_nread0 but advances the read index */ +int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) { - (void) b1; - (void) b2; - WOLFSSL_ENTER("BIO_make_bio_pair"); - return 0; + int sz = WOLFSSL_BIO_UNSET; + + WOLFSSL_ENTER("wolfSSL_BIO_nread"); + + if (bio == NULL || buf == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return SSL_FAILURE; + } + + if (bio->pair != NULL) { + /* special case if asking to read 0 bytes */ + if (num == 0) { + *buf = (char*)bio->pair->mem + bio->pair->rdIdx; + return 0; + } + + /* get amount able to read and set buffer pointer */ + sz = wolfSSL_BIO_nread0(bio, buf); + if (sz == 0) { + return WOLFSSL_BIO_ERROR; + } + + if (num < sz) { + sz = num; + } + bio->pair->rdIdx += sz; + + /* check if have read to the end of the buffer and need to reset */ + if (bio->pair->rdIdx == bio->pair->wrSz) { + bio->pair->rdIdx = 0; + if (bio->pair->wrIdx == bio->pair->wrSz) { + bio->pair->wrIdx = 0; + } + } + + /* check if read up to write index, if so then reset indexs */ + if (bio->pair->rdIdx == bio->pair->wrIdx) { + bio->pair->rdIdx = 0; + bio->pair->wrIdx = 0; + } + } + + return sz; } -/*** TBD ***/ -WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b) + +int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) { - (void) b; - WOLFSSL_ENTER("BIO_ctrl_reset_read_request"); - return 0; + int sz = WOLFSSL_BIO_UNSET; + + WOLFSSL_ENTER("wolfSSL_BIO_nwrite"); + + if (bio == NULL || buf == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + + if (bio->pair != NULL) { + if (num == 0) { + *buf = (char*)bio->mem + bio->wrIdx; + return 0; + } + + if (bio->wrIdx < bio->rdIdx) { + /* if wrapped around only write up to read index. In this case + * rdIdx is always greater then wrIdx so sz will not be negative. */ + sz = bio->rdIdx - bio->wrIdx; + } + else if (bio->rdIdx > 0 && bio->wrIdx == bio->rdIdx) { + return WOLFSSL_BIO_ERROR; /* no more room to write */ + } + else { + /* write index is past read index so write to end of buffer */ + sz = bio->wrSz - bio->wrIdx; + + if (sz <= 0) { + /* either an error has occured with write index or it is at the + * end of the write buffer. */ + if (bio->rdIdx == 0) { + /* no more room, nothing has been read */ + return WOLFSSL_BIO_ERROR; + } + + bio->wrIdx = 0; + + /* check case where read index is not at 0 */ + if (bio->rdIdx > 0) { + sz = bio->rdIdx; /* can write up to the read index */ + } + else { + sz = bio->wrSz; /* no restriction other then buffer size */ + } + } + } + + if (num < sz) { + sz = num; + } + *buf = (char*)bio->mem + bio->wrIdx; + bio->wrIdx += sz; + + /* if at the end of the buffer and space for wrap around then set + * write index back to 0 */ + if (bio->wrIdx == bio->wrSz && bio->rdIdx > 0) { + bio->wrIdx = 0; + } + } + + return sz; } -/*** TBD ***/ -WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) + +/* Reset BIO to initial state */ +int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) { - (void) bio; - (void) buf; - WOLFSSL_ENTER("BIO_nread0"); - return 0; + WOLFSSL_ENTER("wolfSSL_BIO_reset"); + + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + /* -1 is consistent failure even for FILE type */ + return WOLFSSL_BIO_ERROR; + } + + switch (bio->type) { + case BIO_FILE: + XREWIND(bio->file); + return 0; + + case BIO_BIO: + bio->rdIdx = 0; + bio->wrIdx = 0; + return 0; + + default: + WOLFSSL_MSG("Unknown BIO type needs added to reset function"); + } + + return WOLFSSL_BIO_ERROR; } -/*** TBD ***/ -WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) -{ - (void) bio; - (void) buf; - (void) num; - WOLFSSL_ENTER("BIO_nread"); - return 0; -} - -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) -{ - (void) bio; - (void) buf; - (void) num; - WOLFSSL_ENTER("BIO_nwrite"); - return 0; -} - -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_reset(WOLFSSL_BIO *bio) -{ - (void) bio; - WOLFSSL_ENTER("BIO_reset"); - return 0; -} - -#if 0 #ifndef NO_FILESYSTEM -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) +long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) { - (void) bio; - (void) fp; - (void) c; - WOLFSSL_ENTER("BIO_set_fp"); + WOLFSSL_ENTER("wolfSSL_BIO_set_fp"); + + if (bio == NULL || fp == NULL) { + WOLFSSL_LEAVE("wolfSSL_BIO_set_fp", BAD_FUNC_ARG); + return SSL_FAILURE; + } + + if (bio->type != BIO_FILE) { + return SSL_FAILURE; + } + + bio->close = (byte)c; + bio->file = fp; + + return SSL_SUCCESS; +} + + +long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp) +{ + WOLFSSL_ENTER("wolfSSL_BIO_get_fp"); + + if (bio == NULL || fp == NULL) { + return SSL_FAILURE; + } + + if (bio->type != BIO_FILE) { + return SSL_FAILURE; + } + + *fp = bio->file; + + return SSL_SUCCESS; +} + +/* overwrites file */ +int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) +{ + WOLFSSL_ENTER("wolfSSL_BIO_write_filename"); + + if (bio == NULL || name == NULL) { + return SSL_FAILURE; + } + + if (bio->type == BIO_FILE) { + if (bio->file != NULL && bio->close == BIO_CLOSE) { + XFCLOSE(bio->file); + } + + bio->file = XFOPEN(name, "w"); + if (bio->file == NULL) { + return SSL_FAILURE; + } + bio->close = BIO_CLOSE; + + return SSL_SUCCESS; + } + + return SSL_FAILURE; +} +#endif /* NO_FILESYSTEM */ + +int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) +{ + WOLFSSL_ENTER("wolfSSL_BIO_seek"); + + if (bio == NULL) { + return -1; + } + + /* offset ofs from begining of file */ + if (bio->type == BIO_FILE && XFSEEK(bio->file, ofs, SEEK_SET) < 0) { + return -1; + } + return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp) -{ - (void) bio; - (void) fp; - WOLFSSL_ENTER("BIO_get_fp"); - return 0; -} -#endif -#endif -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) +long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) { - (void) bio; - (void) ofs; - WOLFSSL_ENTER("BIO_seek"); - return 0; -} + WOLFSSL_ENTER("wolfSSL_BIO_set_mem_eof_return"); -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) -{ - (void) bio; - (void) name; - WOLFSSL_ENTER("BIO_write_filename"); - return 0; -} + if (bio != NULL) { + bio->eof = v; + } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) -{ - (void) bio; - (void) v; - WOLFSSL_ENTER("BIO_set_mem_eof_return"); return 0; } diff --git a/src/ssl.c b/src/ssl.c index 9d09cc085..c31de34ff 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10044,6 +10044,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_bio(void) + { + static WOLFSSL_BIO_METHOD bio_meth; + + WOLFSSL_ENTER("wolfSSL_BIO_f_bio"); + bio_meth.type = BIO_BIO; + + return &bio_meth; + } + + + WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) + { + static WOLFSSL_BIO_METHOD file_meth; + + WOLFSSL_ENTER("wolfSSL_BIO_f_file"); + file_meth.type = BIO_FILE; + + return &file_meth; + } + + WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void) { static WOLFSSL_BIO_METHOD meth; @@ -10073,15 +10095,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("BIO_new_socket"); if (bio) { + XMEMSET(bio, 0, sizeof(WOLFSSL_BIO)); bio->type = BIO_SOCKET; bio->close = (byte)closeF; - bio->eof = 0; - bio->ssl = 0; bio->fd = sfd; - bio->prev = 0; - bio->next = 0; bio->mem = NULL; - bio->memLen = 0; } return bio; } @@ -10124,13 +10142,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl) DYNAMIC_TYPE_OPENSSL); WOLFSSL_ENTER("BIO_new"); if (bio) { + XMEMSET(bio, 0, sizeof(WOLFSSL_BIO)); bio->type = method->type; - bio->close = 0; - bio->eof = 0; bio->ssl = NULL; bio->mem = NULL; - bio->memLen = 0; - bio->fd = 0; bio->prev = NULL; bio->next = NULL; } @@ -10184,17 +10199,29 @@ int wolfSSL_set_compression(WOLFSSL* ssl) int wolfSSL_BIO_free(WOLFSSL_BIO* bio) { /* unchain?, doesn't matter in goahead since from free all */ - WOLFSSL_ENTER("BIO_free"); + WOLFSSL_ENTER("wolfSSL_BIO_free"); if (bio) { + /* remove from pair by setting the paired bios pair to NULL */ + if (bio->pair != NULL) { + bio->pair->pair = NULL; + } + if (bio->close) { if (bio->ssl) wolfSSL_free(bio->ssl); if (bio->fd) CloseSocket(bio->fd); } + + if (bio->type == BIO_FILE && bio->close == BIO_CLOSE) { + if (bio->file) { + XFCLOSE(bio->file); + } + } + if (bio->mem) - XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL); - XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + XFREE(bio, bio->heap, DYNAMIC_TYPE_OPENSSL); } return 0; } @@ -10212,13 +10239,37 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) + { + int sz; + char* pt; + + sz = wolfSSL_BIO_nread(bio, &pt, len); + + if (sz > 0) { + XMEMCPY(buf, pt, sz); + } + + return sz; + } + + int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) { int ret; WOLFSSL* ssl = 0; WOLFSSL_BIO* front = bio; - WOLFSSL_ENTER("BIO_read"); + WOLFSSL_ENTER("wolfSSL_BIO_read"); + + if (bio && bio->type == BIO_BIO) { + return wolfSSL_BIO_BIO_read(bio, buf, len); + } + + if (bio && bio->type == BIO_FILE) { + return (int)XFREAD(buf, 1, len, bio->file); + } + /* already got eof, again is error */ if (front->eof) return SSL_FATAL_ERROR; @@ -10240,13 +10291,43 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, + int len) + { + /* internal function where arguments have already been sanity checked */ + int sz; + char* buf; + + sz = wolfSSL_BIO_nwrite(bio, &buf, len); + + /* test space for write */ + if (sz <= 0) { + WOLFSSL_MSG("No room left to write"); + return sz; + } + + XMEMCPY(buf, data, sz); + + return sz; + } + + int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) { int ret; WOLFSSL* ssl = 0; WOLFSSL_BIO* front = bio; - WOLFSSL_ENTER("BIO_write"); + WOLFSSL_ENTER("wolfSSL_BIO_write"); + + if (bio && bio->type == BIO_BIO) { + return wolfSSL_BIO_BIO_write(bio, data, len); + } + + if (bio && bio->type == BIO_FILE) { + return (int)XFWRITE(data, 1, len, bio->file); + } + /* already got eof, again is error */ if (front->eof) return SSL_FATAL_ERROR; @@ -10802,7 +10883,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_EVP_MD_CTX* ctx; WOLFSSL_ENTER("EVP_MD_CTX_new"); - ctx=XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (ctx){ wolfSSL_EVP_MD_CTX_init(ctx); } @@ -20145,13 +20227,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } - WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) { - WOLFSSL_ENTER("wolfSSL_BIO_s_file"); - WOLFSSL_STUB("wolfSSL_BIO_s_file"); - - return NULL; - } - #ifdef HAVE_ECC const char * wolfSSL_OBJ_nid2sn(int n) { int i; diff --git a/tests/api.c b/tests/api.c index d651f9983..a2fe23374 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1981,7 +1981,7 @@ static void test_wolfSSL_DisableExtendedMasterSecret(void) *----------------------------------------------------------------------------*/ static void test_wolfSSL_X509_NAME_get_entry(void) { -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \ && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); @@ -2029,7 +2029,7 @@ static void test_wolfSSL_PKCS12(void) { /* .p12 file is encrypted with DES3 */ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ - !defined(NO_ASN) && !defined(NO_PWDBASED) + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) byte buffer[5300]; char file[] = "./certs/test-servercert.p12"; FILE *f; @@ -2529,7 +2529,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) static void test_wolfSSL_tmp_dh(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_DSA) + !defined(NO_FILESYSTEM) && !defined(NO_DSA) && !defined(NO_RSA) byte buffer[5300]; char file[] = "./certs/dsaparams.pem"; FILE *f; @@ -2826,6 +2826,176 @@ static void test_wolfSSL_PEM_read_bio(void) } +static void test_wolfSSL_BIO(void) +{ + #if defined(OPENSSL_EXTRA) + byte buffer[20]; + BIO* bio1; + BIO* bio2; + BIO* bio3; + char* bufPt; + int i; + + printf(testingFmt, "wolfSSL_BIO()"); + + for (i = 0; i < 20; i++) { + buffer[i] = i; + } + + /* Creating and testing type BIO_s_bio */ + AssertNotNull(bio1 = BIO_new(BIO_s_bio())); + AssertNotNull(bio2 = BIO_new(BIO_s_bio())); + AssertNotNull(bio3 = BIO_new(BIO_s_bio())); + + /* read/write before set up */ + AssertIntEQ(BIO_read(bio1, buffer, 2), WOLFSSL_BIO_UNSET); + AssertIntEQ(BIO_write(bio1, buffer, 2), WOLFSSL_BIO_UNSET); + + AssertIntEQ(BIO_set_write_buf_size(bio1, 20), SSL_SUCCESS); + AssertIntEQ(BIO_set_write_buf_size(bio2, 8), SSL_SUCCESS); + AssertIntEQ(BIO_make_bio_pair(bio1, bio2), SSL_SUCCESS); + + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); + XMEMCPY(bufPt, buffer, 10); + AssertIntEQ(BIO_write(bio1, buffer + 10, 10), 10); + /* write buffer full */ + AssertIntEQ(BIO_write(bio1, buffer, 10), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_flush(bio1), SSL_SUCCESS); + AssertIntEQ((int)BIO_ctrl_pending(bio1), 0); + + /* write the other direction with pair */ + AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); + XMEMCPY(bufPt, buffer, 8); + AssertIntEQ(BIO_write(bio2, buffer, 10), WOLFSSL_BIO_ERROR); + + /* try read */ + AssertIntEQ((int)BIO_ctrl_pending(bio1), 8); + AssertIntEQ((int)BIO_ctrl_pending(bio2), 20); + + AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); + for (i = 0; i < 20; i++) { + AssertIntEQ((int)bufPt[i], i); + } + AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); + for (i = 0; i < 8; i++) { + AssertIntEQ((int)bufPt[i], i); + } + AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR); + + /* new pair */ + AssertIntEQ(BIO_make_bio_pair(bio1, bio3), SSL_FAILURE); + BIO_free(bio2); /* free bio2 and automaticly remove from pair */ + AssertIntEQ(BIO_make_bio_pair(bio1, bio3), SSL_SUCCESS); + AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); + AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR); + + /* test wrap around... */ + AssertIntEQ(BIO_reset(bio1), 0); + AssertIntEQ(BIO_reset(bio3), 0); + + /* fill write buffer, read only small amount then write again */ + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + XMEMCPY(bufPt, buffer, 20); + AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4); + for (i = 0; i < 4; i++) { + AssertIntEQ(bufPt[i], i); + } + + /* try writing over read index */ + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); + XMEMSET(bufPt, 0, 4); + AssertIntEQ((int)BIO_ctrl_pending(bio3), 20); + + /* read and write 0 bytes */ + AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); + + /* should read only to end of write buffer then need to read again */ + AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16); + for (i = 0; i < 16; i++) { + AssertIntEQ(bufPt[i], buffer[4 + i]); + } + + AssertIntEQ(BIO_nread(bio3, NULL, 0), SSL_FAILURE); + AssertIntEQ(BIO_nread0(bio3, &bufPt), 4); + for (i = 0; i < 4; i++) { + AssertIntEQ(bufPt[i], 0); + } + + /* read index should not have advanced with nread0 */ + AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4); + for (i = 0; i < 4; i++) { + AssertIntEQ(bufPt[i], 0); + } + + /* write and fill up buffer checking reset of index state */ + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + XMEMCPY(bufPt, buffer, 20); + + /* test reset on data in bio1 write buffer */ + AssertIntEQ(BIO_reset(bio1), 0); + AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); + AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + XMEMCPY(bufPt, buffer, 20); + AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6); + for (i = 0; i < 6; i++) { + AssertIntEQ(bufPt[i], i); + } + + /* test case of writing twice with offset read index */ + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); + AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + + BIO_free(bio1); + BIO_free(bio3); + + /* BIOs with file pointers */ + #if !defined(NO_FILESYSTEM) + { + XFILE f1; + XFILE f2; + BIO* f_bio1; + BIO* f_bio2; + unsigned char cert[300]; + char testFile[] = "tests/bio_write_test.txt"; + char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n"; + + AssertNotNull(f_bio1 = BIO_new(BIO_s_file())); + AssertNotNull(f_bio2 = BIO_new(BIO_s_file())); + + AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); + AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); + + f1 = XFOPEN(svrCert, "rwb"); + AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), SSL_SUCCESS); + AssertIntEQ(BIO_write_filename(f_bio2, testFile), + SSL_SUCCESS); + + AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); + AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); + AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); + + AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), SSL_SUCCESS); + + BIO_free(f_bio1); + BIO_free(f_bio2); + } + #endif /* !defined(NO_FILESYSTEM) */ + + + printf(resultFmt, passed); + #endif +} + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2883,6 +3053,7 @@ void ApiTest(void) test_wolfSSL_BN(); test_wolfSSL_set_options(); test_wolfSSL_PEM_read_bio(); + test_wolfSSL_BIO(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8887b969f..02b783c5e 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -57,7 +57,8 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) { - WOLFSSL_EVP_CIPHER_CTX *ctx=XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx, + NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ctx){ WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new"); wolfSSL_EVP_CIPHER_CTX_init(ctx); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e4be17b18..44fdb36b4 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1249,7 +1249,9 @@ enum BIO_TYPE { BIO_BUFFER = 1, BIO_SOCKET = 2, BIO_SSL = 3, - BIO_MEMORY = 4 + BIO_MEMORY = 4, + BIO_BIO = 5, + BIO_FILE = 6 }; @@ -1261,15 +1263,22 @@ struct WOLFSSL_BIO_METHOD { /* wolfSSL BIO type */ struct WOLFSSL_BIO { - byte type; /* method type */ - byte close; /* close flag */ - byte eof; /* eof flag */ WOLFSSL* ssl; /* possible associated ssl */ - byte* mem; /* memory buffer */ - int memLen; /* memory buffer length */ - int fd; /* possible file descriptor */ + XFILE file; WOLFSSL_BIO* prev; /* previous in chain */ WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + byte* mem; /* memory buffer */ + int wrSz; /* write buffer size (mem) */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + int memLen; /* memory buffer length */ + int fd; /* possible file descriptor */ + int eof; /* eof flag */ + byte type; /* method type */ + byte close; /* close flag */ }; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f94be0a92..f26ad2cf3 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -236,7 +236,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define BIO_new wolfSSL_BIO_new #define BIO_free wolfSSL_BIO_free #define BIO_free_all wolfSSL_BIO_free_all +#define BIO_nread0 wolfSSL_BIO_nread0 +#define BIO_nread wolfSSL_BIO_nread #define BIO_read wolfSSL_BIO_read +#define BIO_nwrite0 wolfSSL_BIO_nwrite0 +#define BIO_nwrite wolfSSL_BIO_nwrite #define BIO_write wolfSSL_BIO_write #define BIO_push wolfSSL_BIO_push #define BIO_pop wolfSSL_BIO_pop @@ -517,6 +521,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr #define BIO_int_ctrl wolfSSL_BIO_int_ctrl #define BIO_reset wolfSSL_BIO_reset +#define BIO_s_file wolfSSL_BIO_s_file +#define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 23438c677..522d6759f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -519,29 +519,23 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); -WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); -WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); -WOLFSSL_API long wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); +WOLFSSL_API int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size); +WOLFSSL_API int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2); WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); -WOLFSSL_API long wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); -WOLFSSL_API long wolfSSL_BIO_reset(WOLFSSL_BIO *bio); +WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); -#if 0 -#ifndef NO_FILESYSTEM -WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); -WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp); -#endif -#endif - -WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); -WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); +WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); +WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); @@ -938,6 +932,14 @@ enum { /* ERR Constants */ ERR_TXT_STRING = 1 }; +/* bio misc */ +enum { + WOLFSSL_BIO_ERROR = -1, + WOLFSSL_BIO_UNSET = -2, + WOLFSSL_BIO_SIZE = 17000 /* default BIO write size if not set */ +}; + + WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*, const char**, int *); @@ -1906,6 +1908,12 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, #endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA + +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); +WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); +#endif + WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); @@ -1939,6 +1947,7 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, @@ -1965,7 +1974,6 @@ struct WOLFSSL_X509_NAME_ENTRY { WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); -WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); From ed5ff77e4f33f7be2c907df189ad098ae24b924b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 8 Dec 2016 11:10:08 -0700 Subject: [PATCH 68/86] account for BIO with no filesystem and rebase commits --- src/bio.c | 5 ++++- src/ssl.c | 14 +++++++++++--- wolfcrypt/src/wc_port.c | 4 ++++ wolfssl/internal.h | 2 ++ wolfssl/ssl.h | 5 ++++- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/src/bio.c b/src/bio.c index 39f160a63..aa02a9ada 100644 --- a/src/bio.c +++ b/src/bio.c @@ -333,9 +333,11 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } switch (bio->type) { + #ifndef NO_FILESYSTEM case BIO_FILE: XREWIND(bio->file); return 0; + #endif case BIO_BIO: bio->rdIdx = 0; @@ -412,7 +414,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) return SSL_FAILURE; } -#endif /* NO_FILESYSTEM */ + int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) { @@ -429,6 +431,7 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) return 0; } +#endif /* NO_FILESYSTEM */ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) diff --git a/src/ssl.c b/src/ssl.c index c31de34ff..0a6177259 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10055,6 +10055,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } +#ifndef NO_FILESYSTEM WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) { static WOLFSSL_BIO_METHOD file_meth; @@ -10064,6 +10065,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return &file_meth; } +#endif WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void) @@ -10077,7 +10079,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } - const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { static WOLFSSL_BIO_METHOD meth; @@ -10213,11 +10215,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) CloseSocket(bio->fd); } + #ifndef NO_FILESYSTEM if (bio->type == BIO_FILE && bio->close == BIO_CLOSE) { if (bio->file) { XFCLOSE(bio->file); } } + #endif if (bio->mem) XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); @@ -10266,12 +10270,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return wolfSSL_BIO_BIO_read(bio, buf, len); } + #ifndef NO_FILESYSTEM if (bio && bio->type == BIO_FILE) { return (int)XFREAD(buf, 1, len, bio->file); } + #endif /* already got eof, again is error */ - if (front->eof) + if (bio && front->eof) return SSL_FATAL_ERROR; while(bio && ((ssl = bio->ssl) == 0) ) @@ -10324,12 +10330,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return wolfSSL_BIO_BIO_write(bio, data, len); } + #ifndef NO_FILESYSTEM if (bio && bio->type == BIO_FILE) { return (int)XFWRITE(data, 1, len, bio->file); } + #endif /* already got eof, again is error */ - if (front->eof) + if (bio && front->eof) return SSL_FATAL_ERROR; while(bio && ((ssl = bio->ssl) == 0) ) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2afb5645f..434248fd7 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -43,6 +43,10 @@ #include #endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 44fdb36b4..d6709dd9d 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1264,7 +1264,9 @@ struct WOLFSSL_BIO_METHOD { /* wolfSSL BIO type */ struct WOLFSSL_BIO { WOLFSSL* ssl; /* possible associated ssl */ +#ifndef NO_FILESYSTEM XFILE file; +#endif WOLFSSL_BIO* prev; /* previous in chain */ WOLFSSL_BIO* next; /* next in chain */ WOLFSSL_BIO* pair; /* BIO paired with */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 522d6759f..b8f377ebc 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -519,9 +519,12 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +#ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); +#endif + WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); -WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); From aabe456592a07c085102067be7990e89d4fce33a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 8 Dec 2016 19:05:35 -0700 Subject: [PATCH 69/86] sanity checks, remove some magic numbers, TLS read ahead --- examples/client/client.c | 7 + src/internal.c | 49 ++++++- src/ssl.c | 297 +++++++++++++++++++++++---------------- tests/api.c | 15 +- wolfcrypt/src/evp.c | 4 +- wolfssl/internal.h | 3 + wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 16 ++- 8 files changed, 262 insertions(+), 130 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index f2984ca93..34aaf7565 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1288,6 +1288,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif + #if defined(OPENSSL_EXTRA) + if (wolfSSL_CTX_get_read_ahead(ctx) != 0) { + err_sys("bad read ahead default value"); + } + /* wolfSSL_CTX_set_read_ahead(ctx, 1); use not recommended */ + #endif + ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); diff --git a/src/internal.c b/src/internal.c index 53d2be619..09a482d5e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3332,6 +3332,10 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #endif +#ifdef OPENSSL_EXTRA + ssl->readAhead = ctx->readAhead; +#endif + return SSL_SUCCESS; } @@ -9380,6 +9384,15 @@ static int GetInputData(WOLFSSL *ssl, word32 size) return MEMORY_E; } +#ifdef OPENSSL_EXTRA + /* if read ahead then try to read the full buffer size */ + if (ssl->readAhead != 0 && ssl->options.usingNonblock) { + if (maxLength > inSz) { + inSz = maxLength; + } + } +#endif /* OPENSSL_EXTRA */ + /* Put buffer data at start if not there */ if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) XMEMMOVE(ssl->buffers.inputBuffer.buffer, @@ -9491,7 +9504,7 @@ int ProcessReply(WOLFSSL* ssl) int ret = 0, type, readSz; int atomicUser = 0; word32 startIdx = 0; -#ifdef WOLFSSL_DTLS +#if defined(WOLFSSL_DTLS) || defined(OPENSSL_EXTRA) int used; #endif @@ -9522,6 +9535,18 @@ int ProcessReply(WOLFSSL* ssl) /* get header or return error */ if (!ssl->options.dtls) { + #ifdef OPENSSL_EXTRA + (void)used; + if (ssl->readAhead != 0 && ssl->options.usingNonblock) { + /* read ahead may already have header */ + used = ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx; + if (used < readSz) + if ((ret = GetInputData(ssl, readSz)) < 0) + return ret; + } + else + #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, readSz)) < 0) return ret; } else { @@ -9578,6 +9603,17 @@ int ProcessReply(WOLFSSL* ssl) /* get sz bytes or return error */ if (!ssl->options.dtls) { + #ifdef OPENSSL_EXTRA + if (ssl->readAhead != 0 && ssl->options.usingNonblock) { + /* read ahead may already have */ + used = ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx; + if (used < ssl->curSize) + if ((ret = GetInputData(ssl, ssl->curSize)) < 0) + return ret; + } + else + #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; } else { @@ -9639,6 +9675,17 @@ int ProcessReply(WOLFSSL* ssl) /* get sz bytes or return error */ if (!ssl->options.dtls) { + #ifdef OPENSSL_EXTRA + if (ssl->readAhead != 0 && ssl->options.usingNonblock) { + /* read ahead may already have header */ + used = ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx; + if (used < ssl->curSize) + if ((ret = GetInputData(ssl, ssl->curSize)) < 0) + return ret; + } + else + #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; } else { diff --git a/src/ssl.c b/src/ssl.c index 0a6177259..c0582e09c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6352,79 +6352,6 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) } - -#if !defined(NO_WOLFSSL_SERVER) -size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, - size_t outSz) -{ - size_t size; - - /* return max size of buffer */ - if (outSz == 0) { - return RAN_LEN; - } - - if (ssl == NULL || out == NULL) { - return 0; - } - - if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { - WOLFSSL_MSG("Arrays struct not saved after handshake"); - return 0; - } - - if (outSz > RAN_LEN) { - size = RAN_LEN; - } - else { - size = outSz; - } - - XMEMCPY(out, ssl->arrays->serverRandom, size); - return size; -} -#endif /* !defined(NO_WOLFSSL_SERVER) */ - - -#if !defined(NO_WOLFSSL_CLIENT) -/* Return the amount of random bytes copied over or error case. - * ssl : ssl struct after handshake - * out : buffer to hold random bytes - * outSz : either 0 (return max buffer sz) or size of out buffer - * - * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information. - */ -size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, - size_t outSz) -{ - size_t size; - - /* return max size of buffer */ - if (outSz == 0) { - return RAN_LEN; - } - - if (ssl == NULL || out == NULL) { - return 0; - } - - if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { - WOLFSSL_MSG("Arrays struct not saved after handshake"); - return 0; - } - - if (outSz > RAN_LEN) { - size = RAN_LEN; - } - else { - size = outSz; - } - - XMEMCPY(out, ssl->arrays->clientRandom, size); - return size; -} -#endif /* !defined(NO_WOLFSSL_CLIENT) */ - #ifdef HAVE_ECC /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ @@ -9981,6 +9908,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } +#ifndef NO_CERTS void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) { if (ctx == NULL || str == NULL) { @@ -10022,6 +9950,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ctx->error_depth; return SSL_FATAL_ERROR; } +#endif WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -10120,9 +10049,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); - b->ssl = ssl; - b->close = (byte)closeF; + + if (b != NULL) { + b->ssl = ssl; + b->close = closeF; /* add to ssl for bio free if SSL_free called before/instead of free_all? */ + } return 0; } @@ -10131,8 +10063,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF) { WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); - b->fd = fd; - b->close = (byte)closeF; + + if (b != NULL) { + b->fd = fd; + b->close = closeF; + } return SSL_SUCCESS; } @@ -10539,6 +10474,79 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA +#if !defined(NO_WOLFSSL_SERVER) +size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, + size_t outSz) +{ + size_t size; + + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; + } + + if (ssl == NULL || out == NULL) { + return 0; + } + + if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + return 0; + } + + if (outSz > RAN_LEN) { + size = RAN_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ssl->arrays->serverRandom, size); + return size; +} +#endif /* !defined(NO_WOLFSSL_SERVER) */ + + +#if !defined(NO_WOLFSSL_CLIENT) +/* Return the amount of random bytes copied over or error case. + * ssl : ssl struct after handshake + * out : buffer to hold random bytes + * outSz : either 0 (return max buffer sz) or size of out buffer + * + * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information. + */ +size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, + size_t outSz) +{ + size_t size; + + /* return max size of buffer */ + if (outSz == 0) { + return RAN_LEN; + } + + if (ssl == NULL || out == NULL) { + return 0; + } + + if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) { + WOLFSSL_MSG("Arrays struct not saved after handshake"); + return 0; + } + + if (outSz > RAN_LEN) { + size = RAN_LEN; + } + else { + size = outSz; + } + + XMEMCPY(out, ssl->arrays->clientRandom, size); + return size; +} +#endif /* !defined(NO_WOLFSSL_CLIENT) */ + + unsigned long wolfSSLeay(void) { return SSLEAY_VERSION_NUMBER; @@ -11100,7 +11108,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_128_CBC); ctx->cipherType = AES_128_CBC_TYPE; ctx->keyLen = 16; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11120,7 +11128,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_192_CBC); ctx->cipherType = AES_192_CBC_TYPE; ctx->keyLen = 24; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11140,7 +11148,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_256_CBC); ctx->cipherType = AES_256_CBC_TYPE; ctx->keyLen = 32; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11161,7 +11169,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_128_CTR); ctx->cipherType = AES_128_CTR_TYPE; ctx->keyLen = 16; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11181,7 +11189,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_192_CTR); ctx->cipherType = AES_192_CTR_TYPE; ctx->keyLen = 24; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11201,7 +11209,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_256_CTR); ctx->cipherType = AES_256_CTR_TYPE; ctx->keyLen = 32; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11222,7 +11230,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_128_ECB); ctx->cipherType = AES_128_ECB_TYPE; ctx->keyLen = 16; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11237,7 +11245,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_192_ECB); ctx->cipherType = AES_192_ECB_TYPE; ctx->keyLen = 24; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11253,7 +11261,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_AES_256_ECB); ctx->cipherType = AES_256_ECB_TYPE; ctx->keyLen = 32; - ctx->block_size = 16; + ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11271,7 +11279,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_DES_CBC); ctx->cipherType = DES_CBC_TYPE; ctx->keyLen = 8; - ctx->block_size = 8; + ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11290,7 +11298,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_DES_ECB); ctx->cipherType = DES_ECB_TYPE; ctx->keyLen = 8; - ctx->block_size = 8; + ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11307,7 +11315,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_DES_EDE3_CBC); ctx->cipherType = DES_EDE3_CBC_TYPE; ctx->keyLen = 24; - ctx->block_size = 8; + ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -11329,7 +11337,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG(EVP_DES_EDE3_ECB); ctx->cipherType = DES_EDE3_ECB_TYPE; ctx->keyLen = 24; - ctx->block_size = 8; + ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -13148,6 +13156,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( } +#ifndef NO_ASN WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) { WOLFSSL_ASN1_OBJECT* obj; @@ -13206,6 +13215,7 @@ void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) } XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } +#endif /* NO_ASN */ int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, @@ -14316,15 +14326,6 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) return 0; } -/*** TBC ***/ -WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, - WOLFSSL_BIGNUM *bn) -{ - (void)ai; - (void)bn; - return 0; -} - void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) { @@ -14689,6 +14690,7 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) } +#ifndef NO_CERTS long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) { byte* chain; @@ -14746,6 +14748,19 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) } +long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg) +{ + if (ctx == NULL || ctx->cm == NULL) { + return SSL_FAILURE; + } + + ctx->cm->ocspIOCtx = arg; + return SSL_SUCCESS; +} + +#endif /* NO_CERTS */ + + /*** TBC ***/ WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) { @@ -14753,33 +14768,40 @@ WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) return 0; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) + +int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) { - (void)ctx; - return 0; + if (ctx == NULL) { + return SSL_FAILURE; + } + + return ctx->readAhead; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) + +int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v) { - (void)ctx; - return 0; + if (ctx == NULL) { + return SSL_FAILURE; + } + + ctx->readAhead = v; + + return SSL_SUCCESS; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) + +long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx, + void* arg) { - (void)ctx; - return 0; + if (ctx == NULL) { + return SSL_FAILURE; + } + + ctx->userPRFArg = arg; + return SSL_SUCCESS; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} #ifndef NO_DES3 void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, @@ -15972,7 +15994,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) { (void)bn; - WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented"); + WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY"); return (char*)""; } @@ -16457,8 +16479,10 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) #endif /* NO_RSA */ -#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)) \ - || !defined(NO_DSA) || defined(HAVE_ECC) +/* these defines are to make sure the functions SetIndividualExternal is not + * declared and then not used. */ +#if !defined(NO_ASN) || !defined(NO_DSA) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)) static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi) { WOLFSSL_MSG("Entering SetIndividualExternal"); @@ -16507,6 +16531,34 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) } +#ifndef NO_ASN +WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, + WOLFSSL_BIGNUM *bn) +{ + mp_int mpi; + word32 idx = 0; + int ret; + + WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN"); + + if (ai == NULL) { + return NULL; + } + + if ((ret = GetInt(&mpi, ai->data, &idx, sizeof(ai->data))) != 0) { + /* expecting ASN1 format for INTEGER */ + WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret); + return NULL; + } + + if (SetIndividualExternal(&bn, &mpi) != SSL_SUCCESS) { + return NULL; + } + + return bn; +} +#endif /* !NO_ASN */ + #if !defined(NO_DSA) && !defined(NO_DH) WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) { @@ -20153,6 +20205,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/ + #ifndef NO_CERTS WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { WOLFSSL_X509* x509 = NULL; @@ -20205,6 +20258,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) * root CA. */ return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); } + #endif /* ifndef NO_CERTS */ #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) @@ -20397,6 +20451,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) } +#ifndef NO_CERTS int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); @@ -20409,6 +20464,8 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, PRIVATEKEY_TYPE); } +#endif /* !NO_CERTS */ + void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { diff --git a/tests/api.c b/tests/api.c index a2fe23374..2281b2f0b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2719,22 +2719,28 @@ static void test_wolfSSL_X509_STORE_set_flags(void) static void test_wolfSSL_BN(void) { - #if defined(OPENSSL_EXTRA) + #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) BIGNUM* a; BIGNUM* b; BIGNUM* c; BIGNUM* d; + ASN1_INTEGER ai; unsigned char value[1]; printf(testingFmt, "wolfSSL_BN()"); - AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(c = BN_new()); AssertNotNull(d = BN_new()); value[0] = 0x03; - AssertNotNull(BN_bin2bn(value, sizeof(value), a)); + + /* at the moment hard setting since no set function */ + ai.data[0] = 0x02; /* tag for ASN_INTEGER */ + ai.data[1] = 0x01; /* length of integer */ + ai.data[2] = value[0]; + + AssertNotNull(a = ASN1_INTEGER_to_BN(&ai, NULL)); value[0] = 0x02; AssertNotNull(BN_bin2bn(value, sizeof(value), b)); @@ -2757,7 +2763,7 @@ static void test_wolfSSL_BN(void) BN_clear_free(d); printf(resultFmt, passed); - #endif /* defined(OPENSSL_EXTRA) */ + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ } @@ -2882,6 +2888,7 @@ static void test_wolfSSL_BIO(void) AssertIntEQ((int)bufPt[i], i); } AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1); /* new pair */ AssertIntEQ(BIO_make_bio_pair(bio1, bio3), SSL_FAILURE); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 02b783c5e..fc309d1a9 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -484,7 +484,9 @@ WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *ciph WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) { - ctx->flags = flags; + if (ctx != NULL) { + ctx->flags = flags; + } } WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d6709dd9d..25cbebc4c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2013,6 +2013,8 @@ struct WOLFSSL_CTX { pem_password_cb passwd_cb; void* userdata; WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ + byte readAhead; + void* userPRFArg; /* passed to prf callback */ #endif /* OPENSSL_EXTRA */ #ifdef HAVE_STUNNEL void* ex_data[MAX_EX_DATA]; @@ -2765,6 +2767,7 @@ struct WOLFSSL { WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ unsigned long peerVerifyRet; + byte readAhead; #ifdef HAVE_PK_CALLBACKS void* loggingCtx; /* logging callback argument */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f26ad2cf3..423868ff0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -525,6 +525,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd +#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b8f377ebc..adc682391 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -119,6 +119,13 @@ typedef unsigned char* WOLFSSL_BUF_MEM; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME +struct WOLFSSL_ASN1_INTEGER { + /* size can be increased set at 20 for tag, length then to hold at least 16 + * byte type */ + unsigned char data[20]; + /* ASN_INTEGER | LENGTH | hex of number */ +}; + typedef char WOLFSSL_EVP_MD; typedef struct WOLFSSL_EVP_PKEY { int type; /* openssh dereference */ @@ -701,10 +708,11 @@ WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( + WOLFSSL_CTX*, void* arg); WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); From 724e50c4fda091ac5c79dafd42d4e07597e009a2 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 8 Dec 2016 19:23:14 -0700 Subject: [PATCH 70/86] cast flag to byte type from int --- src/ssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c0582e09c..b9ef03a54 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10052,7 +10052,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (b != NULL) { b->ssl = ssl; - b->close = closeF; + b->close = (byte)closeF; /* add to ssl for bio free if SSL_free called before/instead of free_all? */ } @@ -10066,7 +10066,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (b != NULL) { b->fd = fd; - b->close = closeF; + b->close = (byte)closeF; } return SSL_SUCCESS; @@ -14785,7 +14785,7 @@ int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v) return SSL_FAILURE; } - ctx->readAhead = v; + ctx->readAhead = (byte)v; return SSL_SUCCESS; } From 091fc1014784a7b39af7325e5965defd49ec5160 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 9 Dec 2016 13:16:17 -0700 Subject: [PATCH 71/86] adjust read ahead, some sanity checks and rebase --- examples/client/client.c | 4 +++- src/internal.c | 45 +--------------------------------------- tests/api.c | 2 ++ wolfcrypt/src/evp.c | 8 +++---- 4 files changed, 10 insertions(+), 49 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 34aaf7565..e0cc24125 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1292,7 +1292,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_CTX_get_read_ahead(ctx) != 0) { err_sys("bad read ahead default value"); } - /* wolfSSL_CTX_set_read_ahead(ctx, 1); use not recommended */ + if (wolfSSL_CTX_set_read_ahead(ctx, 1) != SSL_SUCCESS) { + err_sys("error setting read ahead value"); + } #endif ssl = wolfSSL_new(ctx); diff --git a/src/internal.c b/src/internal.c index 09a482d5e..67264caf0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9384,15 +9384,6 @@ static int GetInputData(WOLFSSL *ssl, word32 size) return MEMORY_E; } -#ifdef OPENSSL_EXTRA - /* if read ahead then try to read the full buffer size */ - if (ssl->readAhead != 0 && ssl->options.usingNonblock) { - if (maxLength > inSz) { - inSz = maxLength; - } - } -#endif /* OPENSSL_EXTRA */ - /* Put buffer data at start if not there */ if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) XMEMMOVE(ssl->buffers.inputBuffer.buffer, @@ -9504,7 +9495,7 @@ int ProcessReply(WOLFSSL* ssl) int ret = 0, type, readSz; int atomicUser = 0; word32 startIdx = 0; -#if defined(WOLFSSL_DTLS) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_DTLS) int used; #endif @@ -9535,18 +9526,6 @@ int ProcessReply(WOLFSSL* ssl) /* get header or return error */ if (!ssl->options.dtls) { - #ifdef OPENSSL_EXTRA - (void)used; - if (ssl->readAhead != 0 && ssl->options.usingNonblock) { - /* read ahead may already have header */ - used = ssl->buffers.inputBuffer.length - - ssl->buffers.inputBuffer.idx; - if (used < readSz) - if ((ret = GetInputData(ssl, readSz)) < 0) - return ret; - } - else - #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, readSz)) < 0) return ret; } else { @@ -9603,17 +9582,6 @@ int ProcessReply(WOLFSSL* ssl) /* get sz bytes or return error */ if (!ssl->options.dtls) { - #ifdef OPENSSL_EXTRA - if (ssl->readAhead != 0 && ssl->options.usingNonblock) { - /* read ahead may already have */ - used = ssl->buffers.inputBuffer.length - - ssl->buffers.inputBuffer.idx; - if (used < ssl->curSize) - if ((ret = GetInputData(ssl, ssl->curSize)) < 0) - return ret; - } - else - #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; } else { @@ -9675,17 +9643,6 @@ int ProcessReply(WOLFSSL* ssl) /* get sz bytes or return error */ if (!ssl->options.dtls) { - #ifdef OPENSSL_EXTRA - if (ssl->readAhead != 0 && ssl->options.usingNonblock) { - /* read ahead may already have header */ - used = ssl->buffers.inputBuffer.length - - ssl->buffers.inputBuffer.idx; - if (used < ssl->curSize) - if ((ret = GetInputData(ssl, ssl->curSize)) < 0) - return ret; - } - else - #endif /* OPENSSL_EXTRA */ if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; } else { diff --git a/tests/api.c b/tests/api.c index 2281b2f0b..3022d7b92 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2991,6 +2991,8 @@ static void test_wolfSSL_BIO(void) AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), SSL_SUCCESS); + AssertIntEQ(BIO_reset(f_bio2), 0); + AssertIntEQ(BIO_seek(f_bio2, 4), 0); BIO_free(f_bio1); BIO_free(f_bio2); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index fc309d1a9..36c8bb07b 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -78,7 +78,7 @@ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc){ + if (ctx && ctx->enc){ WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); } @@ -89,7 +89,7 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc){ + if (ctx && ctx->enc){ WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex"); return wolfSSL_EVP_CipherFinal(ctx, out, outl); } @@ -100,7 +100,7 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc) + if (ctx && ctx->enc) return 0; else{ WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); @@ -111,7 +111,7 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - if (ctx->enc) + if (ctx && ctx->enc) return 0; else{ WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex"); From 95ea74a91e2855eb12db1822ee2e5e2cdeaf6e7a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 9 Dec 2016 16:07:19 -0700 Subject: [PATCH 72/86] sanity checks and one function return type for better compatibility --- src/ssl.c | 10 +++++++++- wolfssl/ssl.h | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b9ef03a54..6b05c120c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13376,6 +13376,10 @@ char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len) WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) { + if (ssl == NULL) { + return NULL; + } + /* sessions are stored statically, no need for reference count */ return wolfSSL_get_session(ssl); } @@ -14601,8 +14605,12 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * } -unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) +long wolfSSL_get_verify_result(const WOLFSSL *ssl) { + if (ssl == NULL) { + return SSL_FAILURE; + } + return ssl->peerVerifyRet; } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index adc682391..c3ea3bd5c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -729,7 +729,7 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); -WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl); +WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L From ccc72d72c2194c6ea26068edfc01ec01351dede6 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 9 Dec 2016 18:07:31 -0700 Subject: [PATCH 73/86] change argument to pointer. In most cases NULL is used for this argument, as was the case in previous ports --- src/ssl.c | 10 +++++----- wolfssl/openssl/pem.h | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 6b05c120c..9ce4b7c3c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17861,7 +17861,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg) + pem_password_cb* cb, void* arg) { byte* keyDer; int pemSz; @@ -18075,7 +18075,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg) + pem_password_cb* cb, void* arg) { (void)bio; (void)rsa; @@ -19318,7 +19318,7 @@ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x) int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg) + pem_password_cb* cb, void* arg) { (void)bio; (void)ecc; @@ -19493,7 +19493,7 @@ int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *ecc, int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg) + pem_password_cb* cb, void* arg) { (void)bio; (void)dsa; @@ -19673,7 +19673,7 @@ int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x) #endif /* #ifndef NO_DSA */ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** key, pem_password_cb cb, void* arg) + WOLFSSL_EVP_PKEY** key, pem_password_cb* cb, void* arg) { (void)bio; (void)key; diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 9f0ec25bb..60624aa5c 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -20,7 +20,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg); + pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -47,7 +47,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg); + pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, @@ -68,7 +68,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg); + pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, const EVP_CIPHER* cipher, @@ -88,13 +88,13 @@ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY**, - pem_password_cb cb, + pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - pem_password_cb cb, void* arg); + pem_password_cb* cb, void* arg); WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); From 1326fe1b0d12c60f50dd2c8129bb9facf64d8a9e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Sat, 10 Dec 2016 10:10:46 -0700 Subject: [PATCH 74/86] return values of DES set key and return block size for EVP block_size getter function --- src/ssl.c | 36 +++++++++++++++++++++--------------- tests/api.c | 6 +++--- wolfcrypt/src/evp.c | 21 ++++++++++++--------- wolfssl/openssl/des.h | 4 ++-- 4 files changed, 38 insertions(+), 29 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9ce4b7c3c..5a09d1959 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14812,13 +14812,15 @@ long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx, #ifndef NO_DES3 -void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, +/* 0 on success */ +int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) { #ifdef WOLFSSL_CHECK_DESKEY - wolfSSL_DES_set_key_checked(myDes, key); + return wolfSSL_DES_set_key_checked(myDes, key); #else wolfSSL_DES_set_key_unchecked(myDes, key); + return 0; #endif } @@ -14836,12 +14838,14 @@ static int DES_check(word32 mask, word32 mask2, unsigned char* key) } -/* check that the key is odd parity and is not a weak key */ -void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, +/* check that the key is odd parity and is not a weak key + * returns -1 if parity is wrong, -2 if weak/null key and 0 on success */ +int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) { if (myDes == NULL || key == NULL) { WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_set_key_checked"); + return -2; } else { word32 i, mask, mask2; @@ -14850,7 +14854,7 @@ void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, /* sanity check before call to DES_check */ if (sz != (sizeof(word32) * 2)) { WOLFSSL_MSG("Unexpected WOLFSSL_DES_key_schedule size"); - return; + return -2; } /* check odd parity */ @@ -14865,7 +14869,7 @@ void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, ((c >> 6) & 0x01) ^ ((c >> 7) & 0x01)) != 1) { WOLFSSL_MSG("Odd parity test fail"); - return; + return -1; } } @@ -14876,25 +14880,25 @@ void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, mask = 0x01010101; mask2 = 0x01010101; if (DES_check(mask, mask2, *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE; if (DES_check(mask, mask2, *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1; if (DES_check(mask, mask2, *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E; if (DES_check(mask, mask2, *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } /* semi-weak *key check (list from same Nist paper) */ @@ -14902,39 +14906,41 @@ void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, if (DES_check(mask, mask2, *key) || DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0x01E001E0; mask2 = 0x01F101F1; if (DES_check(mask, mask2, *key) || DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0x01FE01FE; mask2 = 0x01FE01FE; if (DES_check(mask, mask2, *key) || DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0x1FE01FE0; mask2 = 0x0EF10EF1; if (DES_check(mask, mask2, *key) || DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE; if (DES_check(mask, mask2, *key) || DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { WOLFSSL_MSG("Weak key found"); - return; + return -2; } /* passed tests, now copy over key */ XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock)); + + return 0; } } diff --git a/tests/api.c b/tests/api.c index 3022d7b92..3cd7e0005 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2241,12 +2241,12 @@ static void test_wolfSSL_DES(void) /* check, check of odd parity */ XMEMSET(key, 4, sizeof(DES_key_schedule)); key[0] = 3; /*set even parity*/ XMEMSET(myDes, 5, sizeof(const_DES_cblock)); - DES_set_key_checked(&myDes, &key); + AssertIntEQ(DES_set_key_checked(&myDes, &key), -1); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* set odd parity for success case */ key[0] = 4; - DES_set_key_checked(&myDes, &key); + AssertIntEQ(DES_set_key_checked(&myDes, &key), 0); for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } @@ -2254,7 +2254,7 @@ static void test_wolfSSL_DES(void) /* check weak key */ XMEMSET(key, 1, sizeof(DES_key_schedule)); XMEMSET(myDes, 5, sizeof(const_DES_cblock)); - DES_set_key_checked(&myDes, &key); + AssertIntEQ(DES_set_key_checked(&myDes, &key), -2); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* now do unchecked copy of a weak key over */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 36c8bb07b..a393d2acf 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -417,19 +417,22 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) if (cipher == NULL) return BAD_FUNC_ARG; switch (cipherType(cipher)) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: return 16; - case AES_192_CBC_TYPE: return 24; - case AES_256_CBC_TYPE: return 32; + case AES_128_CBC_TYPE: + case AES_192_CBC_TYPE: + case AES_256_CBC_TYPE: + return AES_BLOCK_SIZE; #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: return 16; - case AES_192_CTR_TYPE: return 24; - case AES_256_CTR_TYPE: return 32; + case AES_128_CTR_TYPE: + case AES_192_CTR_TYPE: + case AES_256_CTR_TYPE: + return AES_BLOCK_SIZE; #endif #if !defined(NO_AES) && defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: return 16; - case AES_192_ECB_TYPE: return 24; - case AES_256_ECB_TYPE: return 32; + case AES_128_ECB_TYPE: + case AES_192_ECB_TYPE: + case AES_256_ECB_TYPE: + return AES_BLOCK_SIZE; #endif #ifndef NO_DES3 case DES_CBC_TYPE: return 8; diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h index 042551196..d154b72be 100644 --- a/wolfssl/openssl/des.h +++ b/wolfssl/openssl/des.h @@ -53,9 +53,9 @@ enum { }; -WOLFSSL_API void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, +WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key); -WOLFSSL_API void wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, +WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key); WOLFSSL_API void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock*, WOLFSSL_DES_key_schedule*); From 4f317a9a1d9ccf00a9aa858ac06131f889d620ca Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Sat, 10 Dec 2016 12:57:03 -0700 Subject: [PATCH 75/86] wolfSSL_EVP_CipherInit_ex handle ENGINE argument and add a sanity check --- src/ssl.c | 5 +++++ wolfcrypt/src/evp.c | 11 +++++++++++ wolfssl/openssl/evp.h | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 5a09d1959..bbd642545 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11677,6 +11677,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_MD* type) { WOLFSSL_ENTER("EVP_DigestInit"); + + if (ctx == NULL || type == NULL) { + return BAD_FUNC_ARG; + } + if (XSTRNCMP(type, "SHA256", 6) == 0) { ctx->macType = SHA256; wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index a393d2acf..c4b43f415 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -86,6 +86,17 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, return 0; } + +WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, + WOLFSSL_ENGINE *impl, + unsigned char* key, unsigned char* iv, + int enc) +{ + (void)impl; + return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc); +} + WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index de11375a0..1c9335fd9 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -174,6 +174,7 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { } WOLFSSL_EVP_CIPHER_CTX; typedef int WOLFSSL_ENGINE ; +typedef WOLFSSL_ENGINE ENGINE; WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); @@ -360,7 +361,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length #define EVP_CipherInit wolfSSL_EVP_CipherInit -#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit +#define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex #define EVP_EncryptInit wolfSSL_EVP_EncryptInit #define EVP_EncryptInit_ex wolfSSL_EVP_EncryptInit_ex #define EVP_DecryptInit wolfSSL_EVP_DecryptInit From f60cb08c29b1c658f4856072a91c1d086459e691 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 12 Dec 2016 10:39:15 -0700 Subject: [PATCH 76/86] macro and tests for get_passwd_cb functions --- src/ssl.c | 6 +++--- tests/api.c | 3 +++ wolfssl/openssl/ssl.h | 4 ++-- wolfssl/ssl.h | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index bbd642545..5d81e51cb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12102,14 +12102,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return 0; } - WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb( + WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb( WOLFSSL_CTX *ctx) { - if (ctx == NULL) { + if (ctx == NULL || ctx->passwd_cb == NULL) { return NULL; } - return ctx->passwd_cb; + return &(ctx->passwd_cb); } diff --git a/tests/api.c b/tests/api.c index 3cd7e0005..45c79c7c6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2623,6 +2623,9 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void) AssertNotNull(x509); AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); + AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); + SSL_CTX_free(ctx); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 423868ff0..d0b114c10 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -652,8 +652,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback #define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_servername_callback #define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg -#define SSL_CTX_get_default_passwd_cb wolfSSL_SSL_CTX_get_default_passwd_cb -#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_SSL_CTX_get_default_passwd_cb_userdata #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 @@ -662,6 +660,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #endif /* HAVE_STUNNEL */ +#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb +#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata /* certificate extension NIDs */ #define NID_basic_constraints 133 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c3ea3bd5c..5db4f8270 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1963,7 +1963,7 @@ WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); From c77a18f0ec8a2e2521c923d1fecf1b52dafdf829 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 13 Dec 2016 13:45:51 +0900 Subject: [PATCH 77/86] add EVP_CIPHER_CTX_mode --- src/ssl.c | 15 +++++++++++++++ wolfcrypt/src/evp.c | 6 ++++++ wolfssl/openssl/evp.h | 16 +++++++++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5d81e51cb..5d0561bd8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11107,6 +11107,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_128_CBC); ctx->cipherType = AES_128_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 16; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11127,6 +11128,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_192_CBC); ctx->cipherType = AES_192_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11147,6 +11149,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_256_CBC); ctx->cipherType = AES_256_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 32; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11168,6 +11171,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_128_CTR); ctx->cipherType = AES_128_CTR_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 16; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11188,6 +11192,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_192_CTR); ctx->cipherType = AES_192_CTR_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 24; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11208,6 +11213,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_256_CTR); ctx->cipherType = AES_256_CTR_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 32; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11229,6 +11235,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_128_ECB); ctx->cipherType = AES_128_ECB_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 16; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11244,6 +11251,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_192_ECB); ctx->cipherType = AES_192_ECB_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11260,6 +11268,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG(EVP_AES_256_ECB); ctx->cipherType = AES_256_ECB_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 32; ctx->block_size = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11278,6 +11287,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { WOLFSSL_MSG(EVP_DES_CBC); ctx->cipherType = DES_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 8; ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11297,6 +11307,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { WOLFSSL_MSG(EVP_DES_ECB); ctx->cipherType = DES_ECB_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 8; ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11314,6 +11325,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { WOLFSSL_MSG(EVP_DES_EDE3_CBC); ctx->cipherType = DES_EDE3_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11336,6 +11348,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { WOLFSSL_MSG(EVP_DES_EDE3_ECB); ctx->cipherType = DES_EDE3_ECB_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; ctx->block_size = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) @@ -11353,6 +11366,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XSTRNCMP(type, "ARC4", 4) == 0)) { WOLFSSL_MSG("ARC4"); ctx->cipherType = ARC4_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_STREAM_CIPHER; if (ctx->keyLen == 0) /* user may have already set */ ctx->keyLen = 16; /* default to 128 */ if (key) @@ -11365,6 +11379,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { WOLFSSL_MSG(EVP_IDEA_CBC); ctx->cipherType = IDEA_CBC_TYPE; + ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = IDEA_KEY_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c4b43f415..fb9e56edc 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -75,6 +75,12 @@ WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) } } +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + if (ctx == NULL) return 0; + return ctx->flags & WOLFSSL_EVP_CIPH_MODE; +} + WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 1c9335fd9..a90bdd66a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -284,10 +284,20 @@ WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *ciph WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); +WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); -#define WOLFSSL_EVP_CIPH_MODE 0xF0007 +#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER +#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE +#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE +#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE +#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE +#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE +#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE +#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE + +#define WOLFSSL_EVP_CIPH_MODE 0x0007 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 #define WOLFSSL_EVP_CIPH_ECB_MODE 0x1 #define WOLFSSL_EVP_CIPH_CBC_MODE 0x2 @@ -298,8 +308,6 @@ WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); #define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 #define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 -#define wolfSSL_EVP_CIPHER_CTX_flags(c) wolfSSL_EVP_CIPHER_flags(WOLFSSL_EVP_CIPHER_CTX_cipher(c)) - /* end OpenSSH compat */ typedef WOLFSSL_EVP_MD EVP_MD; @@ -360,6 +368,8 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_iv_length wolfSSL_EVP_CIPHER_CTX_iv_length #define EVP_CIPHER_CTX_key_length wolfSSL_EVP_CIPHER_CTX_key_length #define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode + #define EVP_CipherInit wolfSSL_EVP_CipherInit #define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex #define EVP_EncryptInit wolfSSL_EVP_EncryptInit From 6c90f097ca4ddc55449c8ab7260c52ae75e8b490 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 28 Dec 2016 15:40:34 -0700 Subject: [PATCH 78/86] remove extra white space --- tests/api.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 45c79c7c6..1cd7c84ec 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3002,7 +3002,6 @@ static void test_wolfSSL_BIO(void) } #endif /* !defined(NO_FILESYSTEM) */ - printf(resultFmt, passed); #endif } From a854320a96e091bb121a578d971e73aee9cc1180 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 28 Dec 2016 16:28:02 -0800 Subject: [PATCH 79/86] Revert changes to aes.c roll_auth. --- wolfcrypt/src/aes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index a5ebc19c3..c1f1f74e8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4464,12 +4464,12 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) word32 remainder; /* encode the length in */ - if (inSz <= 0xFEFF) { /* 16-bit */ + if (inSz <= 0xFEFF) { authLenSz = 2; out[0] ^= ((inSz & 0xFF00) >> 8); out[1] ^= (inSz & 0x00FF); } - else if (inSz <= 0xFFFFFF) { /* 24-bit */ + else if (inSz <= 0xFFFFFFFF) { authLenSz = 6; out[0] ^= 0xFF; out[1] ^= 0xFE; out[2] ^= ((inSz & 0xFF000000) >> 24); From e75fddd49eaebe0cd3d46f4a35f578f41bfc7c2b Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 28 Dec 2016 16:31:41 -0800 Subject: [PATCH 80/86] =?UTF-8?q?Moving=20macType=20below=20hash=20in=20WO?= =?UTF-8?q?LFSSL=5FEVP=5FMD=5FCTX=20(instead=20of=20ALIGN16)=20to=20resolv?= =?UTF-8?q?e=2016-bit=20alignment=20crash=20I=20was=20seeing=20on=20CentOS?= =?UTF-8?q?=20due=20to=20size=20change=20of=20=E2=80=9CWOLFSSL=5FHasher?= =?UTF-8?q?=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfssl/openssl/evp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index a72027f9b..e13d1fa4f 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -101,8 +101,8 @@ typedef union { typedef struct WOLFSSL_EVP_MD_CTX { + WOLFSSL_Hasher hash; unsigned char macType; - ALIGN16 WOLFSSL_Hasher hash; } WOLFSSL_EVP_MD_CTX; From 19ee499c9655c2c95cc1041559359d344de372f5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 28 Dec 2016 16:47:14 -0800 Subject: [PATCH 81/86] =?UTF-8?q?Fix=20to=20improve=20fp=5Fcopy=20performa?= =?UTF-8?q?nce=20without=20ALT=5FECC=5FSIZE=20defined.=20This=20change=20i?= =?UTF-8?q?s=20required=20for=20async=20because=20we=20can=E2=80=99t=20mem?= =?UTF-8?q?cpy/memset=20the=20entire=20fp=5Fint.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/tfm.c | 34 ++++++++++++++++++++++++---------- wolfssl/wolfcrypt/tfm.h | 4 ++-- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index bafcc8029..499c6a6c0 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2348,18 +2348,32 @@ int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d) void fp_copy(fp_int *a, fp_int *b) { - if (a != b && b->size >= a->used) { - int x, oldused; - oldused = b->used; + /* if source and destination are different */ + if (a != b) { +#ifdef ALT_ECC_SIZE + /* verify a will fit in b */ + if (b->size >= a->used) { + int x, oldused; + oldused = b->used; + b->used = a->used; + b->sign = a->sign; + + XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit)); + + /* zero any excess digits on the destination that we didn't write to */ + for (x = b->used; x < oldused; x++) { + b->dp[x] = 0; + } + } + else { + /* TODO: Handle error case */ + } +#else + /* all dp's are same size, so do straight copy */ b->used = a->used; b->sign = a->sign; - - XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit)); - - /* zero any excess digits on the destination that we didn't write to */ - for (x = b->used; x < oldused; x++) { - b->dp[x] = 0; - } + XMEMCPY(b->dp, a->dp, FP_SIZE * sizeof(fp_digit)); +#endif } } diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 688c07cc2..ea7f80e9b 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -283,8 +283,8 @@ /* a FP type */ typedef struct fp_int { - int used, - sign; + int used; + int sign; int size; fp_digit dp[FP_SIZE]; #ifdef WOLFSSL_ASYNC_CRYPT From 5abfe9d1cf012cd299d0eef91d05e85362a8466e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 29 Dec 2016 11:05:10 -0700 Subject: [PATCH 82/86] random port for MinGW with unit tests --- tests/api.c | 23 ++++++++++++++++++----- wolfssl/test.h | 2 ++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/api.c b/tests/api.c index 26eea6794..e20303cb2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -529,7 +529,6 @@ static void test_wolfSSL_SetTmpDH_buffer(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - printf("SUCCESS4\n"); #endif } @@ -637,8 +636,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) ctx = wolfSSL_CTX_new(method); #if defined(USE_WINDOWS_API) - /* Generate random port for testing */ - port = GetRandomPort(); + port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ @@ -885,8 +883,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) ((func_args*)args)->return_code = TEST_FAIL; #if defined(USE_WINDOWS_API) - /* Generate random port for testing */ - port = GetRandomPort(); + port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ @@ -1149,6 +1146,11 @@ static void test_wolfSSL_read_write(void) StartTCP(); InitTcpReady(&ready); +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + server_args.signal = &ready; client_args.signal = &ready; @@ -1186,6 +1188,11 @@ static void test_wolfSSL_dtls_export(void) InitTcpReady(&ready); +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + /* set using dtls */ XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); @@ -1241,6 +1248,12 @@ static void test_wolfSSL_client_server(callback_functions* client_callbacks, /* RUN Server side */ InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + server_args.signal = &ready; client_args.signal = &ready; start_thread(run_wolfssl_server, &server_args, &serverThread); diff --git a/wolfssl/test.h b/wolfssl/test.h index e0a3c1a0e..b0b751785 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -664,6 +664,8 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, static INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) { + (void)sctp; + if (udp) *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP); #ifdef WOLFSSL_SCTP From c82372cf781d1e4951cd4f3fb402960ffccc4d41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 2 Jan 2017 14:59:00 -0200 Subject: [PATCH 83/86] removes request->nonceSz check to fully validate response->nonce. --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5d7b4b0ae..b767f03bc 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9955,7 +9955,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) /* Nonces are not critical. The responder may not necessarily add * the nonce to the response. */ - if (req->nonceSz && resp->nonceSz != 0) { + if (resp->nonceSz != 0) { cmp = req->nonceSz - resp->nonceSz; if (cmp != 0) { From 7c7b1233f77e350beaff2b6f5f03f2fd18e11447 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 4 Jan 2017 11:00:08 -0800 Subject: [PATCH 84/86] Additional enums needed for compatibility with openssl for paho c mqtt client SSLSocket.c layer. --- wolfssl/ssl.h | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5db4f8270..282a4b060 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -806,6 +806,9 @@ enum { SSL_CB_ALERT = 7, SSL_CB_READ = 8, SSL_CB_HANDSHAKE_DONE = 9, + /* additional SSL_CB_* enums not used in wolfSSL */ + SSL_CB_HANDSHAKE_START, + SSL_CB_EXIT, SSL_MODE_ENABLE_PARTIAL_WRITE = 2, @@ -819,6 +822,7 @@ enum { X509_LU_X509 = 9, X509_LU_CRL = 12, + X509_V_OK = 0, X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, X509_V_ERR_CRL_HAS_EXPIRED = 15, @@ -830,7 +834,39 @@ enum { X509_V_ERR_CERT_HAS_EXPIRED = 21, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, X509_V_ERR_CERT_REJECTED = 23, - X509_V_OK = 0, + /* additional X509_V_ERR_* enums not used in wolfSSL */ + X509_V_ERR_UNABLE_TO_GET_CRL, + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, + X509_V_ERR_CERT_SIGNATURE_FAILURE, + X509_V_ERR_CRL_NOT_YET_VALID, + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, + X509_V_ERR_OUT_OF_MEM, + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, + X509_V_ERR_INVALID_CA, + X509_V_ERR_PATH_LENGTH_EXCEEDED, + X509_V_ERR_INVALID_PURPOSE, + X509_V_ERR_CERT_UNTRUSTED, + X509_V_ERR_SUBJECT_ISSUER_MISMATCH, + X509_V_ERR_AKID_SKID_MISMATCH, + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, + X509_V_ERR_KEYUSAGE_NO_CERTSIGN, + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, + X509_V_ERR_INVALID_NON_CA, + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, + X509_V_ERR_INVALID_EXTENSION, + X509_V_ERR_INVALID_POLICY_EXTENSION, + X509_V_ERR_NO_EXPLICIT_POLICY, + X509_V_ERR_UNNESTED_RESOURCE, XN_FLAG_SPC_EQ = (1 << 23), XN_FLAG_ONELINE = 0, From fc6217e4f6b5e285069126adfbd5d1e8395644f5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 4 Jan 2017 12:14:09 -0800 Subject: [PATCH 85/86] Added stubs for the set_msg_callback functions. Cleanup of the SSL_ST_* and SSL_CB_* enums. --- src/ssl.c | 31 +++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 10 +++++++--- wolfssl/ssl.h | 35 ++++++++++++++++++++++++++--------- 3 files changed, 64 insertions(+), 12 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 6397d65ab..1d7bbf6db 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21602,4 +21602,35 @@ int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags) #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef OPENSSL_EXTRA +int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) +{ + WOLFSSL_STUB("SSL_CTX_set_msg_callback"); + (void)ctx; + (void)cb; + return SSL_FAILURE; +} +int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) +{ + WOLFSSL_STUB("SSL_set_msg_callback"); + (void)ssl; + (void)cb; + return SSL_FAILURE; +} +int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) +{ + WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg"); + (void)ctx; + (void)arg; + return SSL_FAILURE; +} +int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) +{ + WOLFSSL_STUB("SSL_set_msg_callback_arg"); + (void)ssl; + (void)arg; + return SSL_FAILURE; +} +#endif + #endif /* WOLFCRYPT_ONLY */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d0b114c10..f89c3608c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -476,7 +476,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; -#define SSL_CB_HANDSHAKE_START 0x10 #define X509_NAME_free wolfSSL_X509_NAME_free #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey @@ -603,8 +602,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #ifdef HAVE_STUNNEL #include -/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/ -#define SSL_CB_ACCEPT_LOOP 0x2001 #define SSL2_VERSION 0x0002 #define SSL3_VERSION 0x0300 #define TLS1_VERSION 0x0301 @@ -681,6 +678,13 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_inhibit_any_policy 168 /* 2.5.29.54 */ #define NID_tlsfeature 92 /* id-pe 24 */ + +#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback +#define SSL_set_msg_callback wolfSSL_set_msg_callback +#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg +#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 282a4b060..dc74b6b19 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -800,15 +800,22 @@ enum { EVP_R_BAD_DECRYPT = 2, - SSL_CB_LOOP = 4, - SSL_ST_CONNECT = 5, - SSL_ST_ACCEPT = 6, - SSL_CB_ALERT = 7, - SSL_CB_READ = 8, - SSL_CB_HANDSHAKE_DONE = 9, - /* additional SSL_CB_* enums not used in wolfSSL */ - SSL_CB_HANDSHAKE_START, - SSL_CB_EXIT, + SSL_ST_CONNECT = 0x1000, + SSL_ST_ACCEPT = 0x2000, + + SSL_CB_LOOP = 0x01, + SSL_CB_EXIT = 0x02, + SSL_CB_READ = 0x04, + SSL_CB_WRITE = 0x08, + SSL_CB_HANDSHAKE_START = 0x10, + SSL_CB_HANDSHAKE_DONE = 0x20, + SSL_CB_ALERT = 0x4000, + SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ), + SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE), + SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP), + SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT), + SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP), + SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT), SSL_MODE_ENABLE_PARTIAL_WRITE = 2, @@ -2173,6 +2180,16 @@ WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int WOLF_EVENT_FLAG flags, int* eventCount); #endif /* WOLFSSL_ASYNC_CRYPT */ +#ifdef OPENSSL_EXTRA +typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, + const void *buf, size_t len, WOLFSSL *ssl, void *arg); + +WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb); +WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb); +WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg); +WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); +#endif + #ifdef __cplusplus } /* extern "C" */ From 147a7d509658640bfb273da38330bd071181577a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 5 Jan 2017 10:21:14 -0700 Subject: [PATCH 86/86] adjust dynamic types with PKCS12 parse --- src/ssl.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ff297b4f7..fde1fac45 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13762,7 +13762,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WC_DerCertList* current = certList; *ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)), - heap, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_X509); if (*ca == NULL) { if (pk != NULL) { XFREE(pk, heap, DYNAMIC_TYPE_PKCS); @@ -13788,7 +13788,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_X509* x509; x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_X509); InitX509(x509, 1, heap); InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { @@ -13852,7 +13852,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* Decode cert and place in X509 struct */ if (certData != NULL) { *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_X509); if (*cert == NULL) { if (pk != NULL) { XFREE(pk, heap, DYNAMIC_TYPE_PKCS); @@ -13888,8 +13888,9 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* get key type */ ret = BAD_STATE_E; if (pk != NULL) { /* decode key if present */ + /* using dynamic type public key because of wolfSSL_EVP_PKEY_free */ *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), - heap, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_PUBLIC_KEY); if (*pkey == NULL) { wolfSSL_X509_free(*cert); *cert = NULL; if (ca != NULL) { @@ -13928,7 +13929,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; XFREE(pk, heap, DYNAMIC_TYPE_PKCS); return 0; } @@ -13939,7 +13940,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0; @@ -13956,7 +13957,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0;