Merge remote-tracking branch 'upstream/master' into os_ecdh

# Conflicts:
#	tests/api.c
This commit is contained in:
TakayukiMatsuo
2021-03-09 12:00:15 +09:00
55 changed files with 2838 additions and 1012 deletions
+170 -86
View File
@@ -182,7 +182,7 @@ find_package(Threads)
# Support for disabling all ASM
set(WOLFSSL_ASM_HELP_STRING "Enables option for assembly (default: enabled)")
option(WOLFSSL_ASM ${WOLFSSL_ASM_HELP_STRING} "yes")
add_option("WOLFSSL_ASM" ${WOLFSSL_ASM_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_ASM)
list(APPEND WOLFSSL_DEFINITIONS
@@ -192,7 +192,7 @@ endif()
# Single threaded
set(WOLFSSL_SINGLE_THREADED_HELP_STRING "Enable wolfSSL single threaded (default: disabled)")
option(WOLFSSL_SINGLE_THREADED ${WOLFSSL_SINGLE_THREADED_HELP_STRING} "no")
add_option("WOLFSSL_SINGLE_THREADED" ${WOLFSSL_SINGLE_THREADED_HELP_STRING} "no" "yes;no")
# TODO: Logic here isn't complete, yet (see AX_PTHREAD)
if(NOT WOLFSSL_SINGLE_THREADED)
@@ -209,7 +209,7 @@ endif()
# TLS v1.3
set(WOLFSSL_TLS13_HELP_STRING "Enable wolfSSL TLS v1.3 (default: enabled)")
option(WOLFSSL_TLS13 ${WOLFSSL_TLS13_HELP_STRING} "yes")
add_option("WOLFSSL_TLS13" ${WOLFSSL_TLS13_HELP_STRING} "yes" "yes;no")
if("${FIPS_VERSION}" STREQUAL "v1")
override_cache(WOLFSSL_TLS13 "no")
@@ -220,7 +220,7 @@ endif()
# RNG
set(WOLFSSL_RNG_HELP_STRING "Enable compiling and using RNG (default: enabled)")
option(WOLFSSL_RNG ${WOLFSSL_RNG_HELP_STRING} "yes")
add_option("WOLFSSL_RNG" ${WOLFSSL_RNG_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_RNG)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RNG")
@@ -247,7 +247,7 @@ endif()
# Harden, enable Timing Resistance and Blinding by default
set(WOLFSSL_HARDEN_HELP_STRING "Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)")
option(WOLFSSL_HARDEN ${WOLFSSL_HARDEN_HELP_STRING} "yes")
add_option("WOLFSSL_HARDEN" ${WOLFSSL_HARDEN_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_HARDEN)
list(APPEND WOLFSSL_DEFINITIONS "-DTFM_TIMING_RESISTANT" "-DECC_TIMING_RESISTANT")
@@ -279,7 +279,7 @@ set(WOLFSSL_SLOW_MATH "yes")
# AES-CBC
set(WOLFSSL_AESCBC_HELP_STRING "Enable wolfSSL AES-CBC support (default: enabled)")
option(WOLFSSL_AESCBC ${WOLFSSL_AESCBC_HELP_STRING} "yes")
add_option("WOLFSSL_AESCBC" ${WOLFSSL_AESCBC_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_AESCBC)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES_CBC")
@@ -287,8 +287,7 @@ endif()
# AES-GCM
set(WOLFSSL_AESGCM_HELP_STRING "Enable wolfSSL AES-GCM support (default: enabled)")
set(WOLFSSL_AESGCM "yes" CACHE STRING ${WOLFSSL_AESGCM_HELP_STRING})
set_property(CACHE WOLFSSL_AESGCM PROPERTY STRINGS "yes" "no" "table" "small" "word32")
add_option("WOLFSSL_AESGCM" ${WOLFSSL_AESGCM_HELP_STRING} "yes" "yes;no;table;small;word32")
# leanpsk and leantls don't need gcm
if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
@@ -331,9 +330,37 @@ endif()
# - RIPEMD
# - BLAKE2
# SHA224
set(SHA224_DEFAULT "no")
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
set(SHA224_DEFAULT "yes")
endif()
endif()
set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
add_option("WOLFSSL_SHA224" ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT} "yes;no")
# SHA3
set(SHA3_DEFAULT "no")
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
set(SHA3_DEFAULT "yes")
endif()
endif()
set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
add_option("WOLFSSL_SHA3" ${WOLFSSL_SHA3_HELP_STRING} ${SHA3_DEFAULT} "yes;no;small")
# SHAKE256
set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
add_option("WOLFSSL_SHAKE256" ${WOLFSSL_SHAKE256_HELP_STRING} "no" "yes;no;small")
# SHA512
set(WOLFSSL_SHA512_HELP_STRING "Enable wolfSSL SHA-512 support (default: enabled)")
option(WOLFSSL_SHA512 ${WOLFSSL_SHA512_HELP_STRING} "yes")
add_option("WOLFSSL_SHA512" ${WOLFSSL_SHA512_HELP_STRING} "yes" "yes;no")
# options that don't require sha512
if(WOLFSSL_LEAN_PSK OR
@@ -356,7 +383,7 @@ endif()
# SHA384
set(WOLFSSL_SHA384_HELP_STRING "Enable wolfSSL SHA-384 support (default: enabled)")
option(WOLFSSL_SHA384 ${WOLFSSL_SHA384_HELP_STRING} "yes")
add_option("WOLFSSL_SHA384" ${WOLFSSL_SHA384_HELP_STRING} "yes" "yes;no")
# options that don't require sha384
if(WOLFSSL_LEAN_PSK OR
@@ -387,7 +414,7 @@ endif()
# HKDF
set(WOLFSSL_HKDF_HELP_STRING "Enable HKDF (HMAC-KDF) support (default: disabled)")
option(WOLFSSL_HKDF ${WOLFSSL_HKDF_HELP_STRING} "no")
add_option("WOLFSSL_HKDF" ${WOLFSSL_HKDF_HELP_STRING} "no" "yes;no")
if(WOLFSSL_TLS13)
override_cache(WOLFSSL_HKDF "yes")
@@ -401,7 +428,7 @@ endif()
# DSA
set(WOLFSSL_DSA_HELP_STRING "Enable DSA (default: disabled)")
option(WOLFSSL_DSA ${WOLFSSL_DSA_HELP_STRING} "no")
add_option("WOLFSSL_DSA" ${WOLFSSL_DSA_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_DSA AND NOT WOLFSSL_OPENSSH)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_DSA")
@@ -409,12 +436,11 @@ endif()
# ECC Shamir
set(WOLFSSL_ECCSHAMIR_HELP_STRING "Enable ECC Shamir (default: enabled)")
option(WOLFSSL_ECCSHAMIR ${WOLFSSL_ECCSHAMIR_HELP_STRING} "yes")
add_option("WOLFSSL_ECCSHAMIR" ${WOLFSSL_ECCSHAMIR_HELP_STRING} "yes" "yes;no")
# ECC
set(WOLFSSL_ECC_HELP_STRING "Enable ECC (default: enabled)")
set(WOLFSSL_ECC "yes" CACHE STRING ${WOLFSSL_ECC_HELP_STRING})
set_property(CACHE WOLFSSL_ECC PROPERTY STRINGS "yes" "no" "nonblock")
add_option("WOLFSSL_ECC" ${WOLFSSL_ECC_HELP_STRING} "yes" "yes;no;nonblock")
# lean psk doesn't need ecc
if(WOLFSSL_LEAN_PSK)
@@ -441,18 +467,105 @@ endif()
# TODO: - ECC custom curves
# - Compressed key
# - CURVE25519
# - ED25519
# - CURVE448
# - ED448
# - FP ECC, fixed point cache ECC
# - ECC encrypt
# - PSK
# - Single PSK identity
# CURVE25519
set(WOLFSSL_CURVE25519_SMALL "no")
set(WOLFSSL_CURVE25519_HELP_STRING "Enable Curve25519 (default: disabled)")
add_option("WOLFSSL_CURVE25519" ${WOLFSSL_CURVE25519_HELP_STRING} "no" "yes;no;small;no128bit")
if(WOLFSSL_OPENSSH)
override_cache(WOLFSSL_CURVE25519 "yes")
endif()
if(WOLFSSL_CURVE25519)
if("${WOLFSSL_CURVE25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
list(APPEND WOLFSSL_DEFINITIONS "-DCURVE25519_SMALL")
set(WOLFSSL_CURVE25519_SMALL "yes")
endif()
if("${WOLFSSL_CURVE25519}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED25519_128BIT")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE25519")
set(WOLFSSL_FEMATH "yes")
endif()
# ED25519
set(WOLFSSL_ED25519_SMALL "no")
set(WOLFSSL_ED25519_HELP_STRING "Enable ED25519 (default: disabled)")
add_option("WOLFSSL_ED25519" ${WOLFSSL_ED25519_HELP_STRING} "no" "yes;no")
if(WOLFSSL_OPENSSH)
override_cache(WOLFSSL_ED25519 "yes")
endif()
if(WOLFSSL_ED25519 AND NOT WOLFSSL_32BIT)
if("${WOLFSSL_ED25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
list(APPEND WOLFSSL_DEFINITIONS "-DED25519_SMALL")
set(WOLFSSL_ED25519_SMALL "yes")
set(WOLFSSL_CURVE25519_SMALL "yes")
endif()
if(NOT WOLFSSL_SHA512)
message(FATAL_ERROR "cannot enable ed25519 without enabling sha512.")
endif()
set(WOLFSSL_FEMATH "yes")
set(WOLFSSL_GEMATH "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED25519")
endif()
# CURVE448
set(WOLFSSL_CURVE448_SMALL "no")
set(WOLFSSL_CURVE448_HELP_STRING "Enable Curve448 (default: disabled)")
add_option("WOLFSSL_CURVE448" ${WOLFSSL_CURVE448_HELP_STRING} "no" "yes;no;small")
if(WOLFSSL_CURVE448)
if("${WOLFSSL_CURVE448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
list(APPEND WOLFSSL_DEFINITIONS "-DCURVE448_SMALL")
set(WOLFSSL_CURVE448_SMALL "yes")
endif()
if("${WOLFSSL_CURVE448}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED448_128BIT")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE448")
set(WOLFSSL_FE448 "yes")
endif()
# ED448
set(WOLFSSL_ED448_SMALL "no")
set(WOLFSSL_ED448_HELP_STRING "Enable ED448 (default: disabled)")
add_option("WOLFSSL_ED448" ${WOLFSSL_ED448_HELP_STRING} "no" "yes;no;small")
if(WOLFSSL_ED448 AND NOT WOLFSSL_32BIT)
if("${WOLFSSL_ED448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
list(APPEND WOLFSSL_DEFINITIONS "-DED448_SMALL")
set(WOLFSSL_ED448_SMALL "yes")
set(WOLFSSL_CURVE448_SMALL "yes")
endif()
if(NOT WOLFSSL_SHA512)
message(FATAL_ERROR "cannot enable ed448 without enabling sha512.")
endif()
set(WOLFSSL_FE448 "yes")
set(WOLFSSL_GE448 "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED448")
# EdDSA448 requires SHAKE256 which requires SHA-3
override_cache(WOLFSSL_SHAKE256 "yes")
endif()
# Error strings
set(WOLFSSL_ERROR_STRINGS_HELP_STRING "Enable error strings table (default: enabled)")
option(WOLFSSL_ERROR_STRINGS ${WOLFSSL_ERROR_STRINGS_HELP_STRING} "yes")
add_option("WOLFSSL_ERROR_STRINGS" ${WOLFSSL_ERROR_STRINGS_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_ERROR_STRINGS)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_STRINGS")
@@ -466,7 +579,7 @@ endif()
# Error queue
set(WOLFSSL_ERROR_QUEUE_HELP_STRING "Enables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)")
option(WOLFSSL_ERROR_QUEUE ${WOLFSSL_DISABLE_ERROR_QUEUE_HELP_STRING} "yes")
add_option("WOLFSSL_ERROR_QUEUE" ${WOLFSSL_ERROR_QUEUE_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_ERROR_QUEUE)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_QUEUE")
@@ -474,7 +587,7 @@ endif()
# Old TLS
set(WOLFSSL_OLD_TLS_HELP_STRING "Enable old TLS versions < 1.2 (default: enabled)")
option(WOLFSSL_OLD_TLS ${WOLFSSL_OLD_TLS_HELP_STRING} "yes")
add_option("WOLFSSL_OLD_TLS" ${WOLFSSL_OLD_TLS_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_OLD_TLS)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_OLD_TLS")
@@ -488,7 +601,7 @@ endif()
# TLSv1.2
set(WOLFSSL_TLSV12_HELP_STRING "Enable TLS versions 1.2 (default: enabled)")
option(WOLFSSL_TLSV12 ${WOLFSSL_TLSV12_HELP_STRING} "yes")
add_option("WOLFSSL_TLSV12" ${WOLFSSL_TLSV12_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_TLSV12)
list(APPEND WOLFSSL_DEFINITIONS
@@ -503,7 +616,7 @@ endif()
# Memory
set(WOLFSSL_MEMORY_HELP_STRING "Enable memory callbacks (default: enabled)")
option(WOLFSSL_MEMORY ${WOLFSSL_MEMORY_HELP_STRING} "yes")
add_option("WOLFSSL_MEMORY" ${WOLFSSL_MEMORY_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_MEMORY)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
@@ -521,7 +634,7 @@ endif()
# RSA
set(WOLFSSL_RSA_HELP_STRING "Enable RSA (default: enabled)")
option(WOLFSSL_RSA ${WOLFSSL_RSA_HELP_STRING} "yes")
add_option("WOLFSSL_RSA" ${WOLFSSL_RSA_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_RSA)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_RSA")
@@ -534,7 +647,7 @@ endif()
# OAEP
set(WOLFSSL_OAEP_HELP_STRING "Enable RSA OAEP (default: enabled)")
option(WOLFSSL_OAEP ${WOLFSSL_OAEP_HELP_STRING} "yes")
add_option("WOLFSSL_OAEP" ${WOLFSSL_OAEP_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_OAEP)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RSA_OAEP")
@@ -545,7 +658,7 @@ endif()
# RSA-PSS
set(WOLFSSL_RSA_PSS_HELP_STRING "Enable RSA-PSS (default: disabled)")
option(WOLFSSL_RSA_PSS ${WOLFSSL_RSA_PSS_HELP_STRING} "no")
add_option("WOLFSSL_RSA_PSS" ${WOLFSSL_RSA_PSS_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_RSA)
override_cache(WOLFSSL_RSA_PSS "no")
@@ -560,7 +673,7 @@ endif()
# DH
set(WOLFSSL_DH_HELP_STRING "Enable DH (default: enabled)")
option(WOLFSSL_DH ${WOLFSSL_DH_HELP_STRING} "yes")
add_option("WOLFSSL_DH" ${WOLFSSL_DH_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_OPENSSH)
override_cache(WOLFSSL_DH "yes")
@@ -581,7 +694,7 @@ endif()
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
set(WOLFSSL_ASN_HELP_STRING "Enable ASN (default: enabled)")
option(WOLFSSL_ASN ${WOLFSSL_ASN_HELP_STRING} "yes")
add_option("WOLFSSL_ASN" ${WOLFSSL_ASN_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_ASN)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ASN" "-DNO_CERTS")
@@ -626,7 +739,7 @@ endif()
# AES
set(WOLFSSL_AES_HELP_STRING "Enable AES (default: enabled)")
option(WOLFSSL_AES ${WOLFSSL_AES_HELP_STRING} "yes")
add_option("WOLFSSL_AES" ${WOLFSSL_AES_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_AES)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
@@ -655,7 +768,7 @@ endif()
# Coding
set(WOLFSSL_CODING_HELP_STRING "Enable coding base 16/64 (default: enabled)")
option(WOLFSSL_CODING ${WOLFSSL_CODING_HELP_STRING} "yes")
add_option("WOLFSSL_CODING" ${WOLFSSL_CODING_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_CODING)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CODING")
@@ -674,7 +787,7 @@ if("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
endif()
set(WOLFSSL_BASE64_ENCODE_HELP_STRING "Enable Base64 encoding (default: enabled on x86_64)")
option(WOLFSSL_BASE64_ENCODE ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT})
add_option("WOLFSSL_BASE64_ENCODE" ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT} "yes;no")
if(WOLFSSL_BASE64_ENCODE)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_BASE64_ENCODE")
@@ -684,7 +797,7 @@ endif()
# DES3
set(WOLFSSL_DES3_HELP_STRING "Enable DES3 (default: disabled)")
option(WOLFSSL_DES3 ${WOLFSSL_DES3_HELP_STRING} "no")
add_option("WOLFSSL_DES3" ${WOLFSSL_DES3_HELP_STRING} "no" "yes;no")
if(WOLFSSL_OPENSSH OR
WOLFSSL_QT OR
@@ -697,7 +810,7 @@ endif()
# ARC4
set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
option(WOLFSSL_ARC4 ${WOLFSSL_ARC4_HELP_STRING} "no")
add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
if(WOLFSSL_OPENSSH OR WOLFSSL_WPAS)
override_cache(WOLFSSL_ARC4 "yes")
@@ -715,7 +828,7 @@ endif()
# MD5
set(WOLFSSL_MD5_HELP_STRING "Enable MD5 (default: enabled)")
option(WOLFSSL_MD5 ${WOLFSSL_MD5_HELP_STRING} "yes")
add_option("WOLFSSL_MD5" ${WOLFSSL_MD5_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_MD5)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_MD5" "-DNO_OLD_TLS")
@@ -729,7 +842,7 @@ endif()
# SHA
set(WOLFSSL_SHA_HELP_STRING "Enable SHA (default: enabled)")
option(WOLFSSL_SHA ${WOLFSSL_SHA_HELP_STRING} "yes")
add_option("WOLFSSL_SHA" ${WOLFSSL_SHA_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_SHA)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_SHA" "-DNO_OLD_TLS")
@@ -748,7 +861,7 @@ endif()
# HC128
set(WOLFSSL_HC128_HELP_STRING "Enable HC-128 (default: disabled)")
option(WOLFSSL_HC128 ${WOLFSSL_HC128_HELP_STRING} "no")
add_option("WOLFSSL_HC128" ${WOLFSSL_HC128_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_HC128)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_HC128")
@@ -768,35 +881,11 @@ endif()
# - Selftest
# SHA224
set(SHA224_DEFAULT "no")
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
set(SHA224_DEFAULT "yes")
endif()
endif()
set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
option(WOLFSSL_SHA224 ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT})
if(WOLFSSL_SHA224)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA224")
endif()
# SHA3
set(SHA3_DEFAULT "no")
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
set(SHA3_DEFAULT "yes")
endif()
endif()
set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
set(WOLFSSL_SHA3 ${SHA3_DEFAULT} CACHE STRING ${WOLFSSL_SHA3_HELP_STRING})
set_property(CACHE WOLFSSL_SHA3 PROPERTY STRINGS "yes" "no" "small")
if("${WOLFSSL_SHA3}" STREQUAL "small")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3_SMALL")
override_cache(WOLFSSL_SHA3 "yes")
@@ -807,10 +896,6 @@ if(WOLFSSL_SHA3 AND NOT WOLFSSL_32BIT)
endif()
# SHAKE256
set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
set(WOLFSSL_SHAKE256 "no" CACHE STRING ${WOLFSSL_SHAKE256_HELP_STRING})
set_property(CACHE WOLFSSL_SHAKE256 PROPERTY STRINGS "yes" "no" "small")
if(NOT WOLFSSL_SHAKE256)
override_cache(WOLFSSL_SHAKE256 ${WOLFSSL_SHA3})
endif()
@@ -832,7 +917,7 @@ if(WOLFSSL_FIPS)
endif()
set(WOLFSSL_POLY1305_HELP_STRING "Enable wolfSSL POLY1305 support (default: enabled)")
option(WOLFSSL_POLY1305 ${WOLFSSL_POLY1305_HELP_STRING} ${POLY1305_DEFAULT})
add_option("WOLFSSL_POLY1305" ${WOLFSSL_POLY1305_HELP_STRING} ${POLY1305_DEFAULT} "yes;no")
# leanpsk and leantls don't need poly1305
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
@@ -852,8 +937,7 @@ if(WOLFSSL_FIPS)
endif()
set(WOLFSSL_CHACHA_HELP_STRING "Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups")
set(WOLFSSL_CHACHA ${CHACHA_DEFAULT} CACHE STRING ${WOLFSSL_CHACHA_HELP_STRING})
set_property(CACHE WOLFSSL_CHACHA PROPERTY STRINGS "yes" "no" "noasm")
add_option("WOLFSSL_CHACHA" ${WOLFSSL_CHACHA_HELP_STRING} ${CHACHA_DEFAULT} "yes;no;noasm")
# leanpsk and leantls don't need chacha
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
@@ -872,7 +956,7 @@ endif()
# Hash DRBG
set(WOLFSSL_HASH_DRBG_HELP_STRING "Enable Hash DRBG support (default: enabled)")
option(WOLFSSL_HASH_DRBG ${WOLFSSL_HASH_DRBG_HELP_STRING} "yes")
add_option("WOLFSSL_HASH_DRBG" ${WOLFSSL_HASH_DRBG_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_HASH_DRBG)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HASHDRBG")
@@ -894,7 +978,7 @@ else()
endif()
set(WOLFSSL_FILESYSTEM_HELP_STRING "Enable Filesystem support (default: enabled)")
option(WOLFSSL_FILESYSTEM ${WOLFSSL_FILESYSTEM_HELP_STRING} ${FILESYSTEM_DEFAULT})
add_option("WOLFSSL_FILESYSTEM" ${WOLFSSL_FILESYSTEM_HELP_STRING} ${FILESYSTEM_DEFAULT} "yes;no")
if(NOT WOLFSSL_FILESYSTEM)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_FILESYSTEM")
@@ -907,7 +991,7 @@ endif()
# Inline function support
set(WOLFSSL_INLINE_HELP_STRING "Enable inline functions (default: enabled)")
option(WOLFSSL_INLINE ${WOLFSSL_INLINE_HELP_STRING} "yes")
add_option("WOLFSSL_INLINE" ${WOLFSSL_INLINE_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_INLINE)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_INLINE")
@@ -933,7 +1017,7 @@ endif()
# Supported elliptic curves extensions
set(WOLFSSL_SUPPORTED_CURVES_HELP_STRING "Enable Supported Elliptic Curves (default: enabled)")
option(WOLFSSL_SUPPORTED_CURVES ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "yes")
add_option("WOLFSSL_SUPPORTED_CURVES" ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_SUPPORTED_CURVES)
if(NOT WOLFSSL_ECC AND NOT WOLFSSL_CURVE25519 AND NOT WOLFSSL_CURVE448)
@@ -972,7 +1056,7 @@ endif()
# Extended master secret extension
set(WOLFSSL_EXTENDED_MASTER_HELP_STRING "Enable Extended Master Secret (default: enabled)")
option(WOLFSSL_EXTENDED_MASTER ${WOLFSSL_EXTENDED_MASTER_HELP_STRING} "yes")
add_option("WOLFSSL_EXTENDED_MASTER" ${WOLFSSL_EXTENDED_MASTER_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_EXTENDED_MASTER)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_EXTENDED_MASTER")
@@ -998,7 +1082,7 @@ endif()
# Encrypt-then-mac
set(WOLFSSL_ENC_THEN_MAC_HELP_STRING "Enable Encryptr-Then-Mac extension (default: enabled)")
option(WOLFSSL_ENC_THEN_MAC ${WOLFSSL_ENC_THEN_MAC_HELP_STRING} "yes")
add_option("WOLFSSL_ENC_THEN_MAC" ${WOLFSSL_ENC_THEN_MAC_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_APACHE_HTTPD)
override_cache(WOLFSSL_ENC_THEN_MAC "no")
@@ -1015,7 +1099,7 @@ endif()
# stunnel Support
# TODO: rest of stunnel support
set(WOLFSSL_STUNNEL_HELP_STRING "Enable stunnel (default: disabled)")
option(WOLFSSL_STUNNEL ${WOLFSSL_STUNNEL_HELP_STRING} "no")
add_option("WOLFSSL_STUNNEL" ${WOLFSSL_STUNNEL_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_PSK AND
NOT WOLFSSL_LEAN_PSK AND
@@ -1029,7 +1113,7 @@ endif()
# MD4
set(WOLFSSL_MD4_HELP_STRING "Enable MD4 (default: disabled)")
option(WOLFSSL_MD4 ${WOLFSSL_MD4_HELP_STRING} "no")
add_option("WOLFSSL_MD4" ${WOLFSSL_MD4_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_MD4)
# turn on MD4 if using stunnel
@@ -1045,7 +1129,7 @@ endif()
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
set(WOLFSSL_PWDBASED_HELP_STRING "Enable PWDBASED (default: disabled)")
option(WOLFSSL_PWDBASED ${WOLFSSL_PWDBASED_HELP_STRING} "no")
add_option("WOLFSSL_PWDBASED" ${WOLFSSL_PWDBASED_HELP_STRING} "no" "yes;no")
if(NOT WOLFSSL_PWDBASED)
if(WOLFSSL_OPENSSLEXTRA OR
@@ -1079,7 +1163,7 @@ if(WOLFSSL_SP_MATH)
endif()
set(WOLFSSL_FAST_MATH_HELP_STRING "Enable fast math ops (default: enabled on x86_64/aarch64)")
option(WOLFSSL_FAST_MATH ${WOLFSSL_FAST_MATH_HELP_STRING} ${FASTMATH_DEFAULT})
add_option("WOLFSSL_FAST_MATH" ${WOLFSSL_FAST_MATH_HELP_STRING} ${FASTMATH_DEFAULT} "yes;no")
if(WOLFSSL_FAST_MATH)
# turn off fastmath if leanpsk on or asn off (w/o DH and ECC)
@@ -1113,7 +1197,7 @@ else()
endif()
set(WOLFSSL_EXAMPLES_HELP_STRING "Enable examples (default: enabled)")
option(WOLFSSL_EXAMPLES ${WOLFSSL_EXAMPLES_HELP_STRING} ${EXAMPLES_DEFAULT})
add_option("WOLFSSL_EXAMPLES" ${WOLFSSL_EXAMPLES_HELP_STRING} ${EXAMPLES_DEFAULT} "yes;no")
if(NOT WOLFSSL_FILESYSTEM OR
NOT WOLFSSL_INLINE OR
@@ -1129,7 +1213,7 @@ else()
endif()
set(WOLFSSL_CRYPT_TESTS_HELP_STRING "Enable Crypt Bench/Test (default: enabled)")
option(WOLFSSL_CRYPT_TESTS ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFAULT})
add_option("WOLFSSL_CRYPT_TESTS" ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFAULT} "yes;no")
# TODO: - LIBZ
# - PKCS#11
@@ -1146,7 +1230,7 @@ option(WOLFSSL_CRYPT_TESTS ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFA
# Asynchronous threading
set(WOLFSSL_ASYNC_THREADS_HELP_STRING "Enable Asynchronous Threading (default: enabled)")
option(WOLFSSL_ASYNC_THREADS ${WOLFSSL_ASYNC_THREADS_HELP_STRING} "yes")
add_option("WOLFSSL_ASYNC_THREADS" ${WOLFSSL_ASYNC_THREADS_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_ASYNC_CRYPT AND WOLFSSL_ASYNC_THREADS)
if(CMAKE_USE_PTHREADS_INIT)
@@ -1171,7 +1255,7 @@ endif()
# - AES key wrap
set(WOLFSSL_OLD_NAMES_HELP_STRING "Keep backwards compat with old names (default: enabled)")
option(WOLFSSL_OLD_NAMES ${WOLFSSL_OLD_NAMES_HELP_STRING} "yes")
add_option("WOLFSSL_OLD_NAMES" ${WOLFSSL_OLD_NAMES_HELP_STRING} "yes" "yes;no")
if(NOT WOLFSSL_OLD_NAMES AND NOT WOLFSSL_OPENSSL_COEXIST)
list(APPEND WOLFSSL_DEFINITIONS
@@ -1186,7 +1270,7 @@ endif()
# Support for enabling setting default DH parameters
set(WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING "Enables option for default dh parameters (default: disabled)")
option(WOLFSSL_DH_DEFAULT_PARAMS ${WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING} "no")
add_option("WOLFSSL_DH_DEFAULT_PARAMS" ${WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING} "no" "yes;no")
if(WOLFSSL_DH_DEFAULT_PARAMS OR NOT WOLFSSL_QT)
override_cache(WOLFSSL_DH_DEFAULT_PARAMS "yes")
@@ -1204,10 +1288,10 @@ else()
endif()
set(WOLFSSL_USER_SETTINGS_HELP_STRING "Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)")
option(WOLFSSL_USER_SETTINGS ${WOLFSSL_USER_SETTINGS_HELP_STRING} "no")
add_option("WOLFSSL_USER_SETTINGS" ${WOLFSSL_USER_SETTINGS_HELP_STRING} "no" "yes;no")
set(WOLFSSL_OPTFLAGS_HELP_STRING "Enable default optimization CFLAGS for the compiler (default: enabled)")
option(WOLFSSL_OPTFLAGS ${WOLFSSL_OPTFLAGS_HELP_STRING} "yes")
add_option("WOLFSSL_OPTFLAGS" ${WOLFSSL_OPTFLAGS_HELP_STRING} "yes" "yes;no")
# Generates the BUILD_* flags. These control what source files are included in
# the library. A series of AM_CONDITIONALs handle this in configure.ac.
@@ -1227,7 +1311,7 @@ endif()
add_definitions(${WOLFSSL_DEFINITIONS})
set(WOLFSSL_CONFIG_H_HELP_STRING "Enable generation of config.h and define HAVE_CONFIG_H (default: enabled)")
option(WOLFSSL_CONFIG_H ${WOLFSSL_CONFIG_H_HELP_STRING} "yes")
add_option("WOLFSSL_CONFIG_H" ${WOLFSSL_CONFIG_H_HELP_STRING} "yes" "yes;no")
if(WOLFSSL_CONFIG_H)
add_definitions("-DHAVE_CONFIG_H")
+4
View File
@@ -41,6 +41,7 @@ extern "C" {
#endif
#if defined(WOLFSSL_CRYPTOCELL)
/* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
#define AES_MAX_KEY_SIZE 128
#endif /* WOLFSSL_CRYPTOCELL*/
@@ -137,6 +138,9 @@ extern "C" {
#if 1
#define HAVE_ECC
#include <strings.h>
/* strings.h required for strncasecmp */
/* Manually define enabled curves */
#undef ECC_USER_CURVES
#define ECC_USER_CURVES
BIN
View File
Binary file not shown.
Binary file not shown.
+5
View File
@@ -177,4 +177,9 @@ echo "Step 22"
openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
check_result $?
# create crl and crl2 der files for unit test
echo "Step 23"
openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
exit 0
+3 -1
View File
@@ -10,7 +10,9 @@ EXTRA_DIST += \
certs/crl/crl2.pem \
certs/crl/caEccCrl.pem \
certs/crl/caEcc384Crl.pem \
certs/crl/wolfssl.cnf
certs/crl/wolfssl.cnf \
certs/crl/crl.der \
certs/crl/crl2.der
EXTRA_DIST += \
certs/crl/crl.revoked
+19
View File
@@ -1,3 +1,22 @@
function(add_option NAME HELP_STRING DEFAULT VALUES)
list(FIND VALUES ${DEFAULT} IDX)
if (${IDX} EQUAL -1)
message(FATAL_ERROR "Failed to add option ${NAME}. Default value "
"${DEFAULT} is not in list of possible values: ${VALUES}.")
endif()
if(DEFINED ${NAME})
list(FIND VALUES ${${NAME}} IDX)
if (${IDX} EQUAL -1)
message(FATAL_ERROR "Failed to set option ${NAME}. Value "
"${${NAME}} is not in list of possible values: ${VALUES}.")
endif()
endif()
set(${NAME} ${DEFAULT} CACHE STRING ${HELP_STRING})
set_property(CACHE ${NAME} PROPERTY STRINGS ${VALUES})
endfunction()
function(override_cache VAR VAL)
get_property(VAR_TYPE CACHE ${VAR} PROPERTY TYPE)
set(${VAR} ${VAL} CACHE ${VAR_TYPE} ${${VAR}_HELP_STRING} FORCE)
+85 -75
View File
@@ -14,30 +14,10 @@ AC_CONFIG_AUX_DIR([build-aux])
# want the default "-g -O2" that AC_PROG_CC sets automatically.
: ${CFLAGS=""}
# For reproducible builds, gate out from the build anything that might
# introduce semantically frivolous jitter, maximizing chance of
# identical object files.
AC_ARG_ENABLE([reproducible-build],
[AS_HELP_STRING([--enable-reproducible-builds],[Enable maximally reproducible build (default: disabled)])],
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
[ ENABLED_REPRODUCIBLE_BUILD=no ]
)
# Test ar for the "U" or "D" options. Should be checked before the libtool macros.
xxx_ar_flags=$(ar --help 2>&1)
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
then
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[: ${AR_FLAGS="Dcr"}])
else
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
fi
xxx_ranlib_flags=$(ranlib --help 2>&1)
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
then
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[: ${RANLIB="ranlib -D"}])
else
AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[: ${RANLIB="ranlib -U"}])
fi
# Capture user C_EXTRA_FLAGS from configure line.
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
# might still be using it.
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
AC_PROG_CC
AM_PROG_CC_C_O
@@ -69,11 +49,6 @@ WOLFSSL_LIBRARY_VERSION=28:1:4
# +- increment if interfaces have been added, removed or changed
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
# Capture user C_EXTRA_FLAGS from configure line.
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
# might still be using it.
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
gl_VISIBILITY
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
@@ -89,6 +64,49 @@ AC_CHECK_SIZEOF([long])
AC_CHECK_SIZEOF([time_t])
AC_CHECK_TYPES([__uint128_t])
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_all=yes
REPRODUCIBLE_BUILD_DEFAULT=yes
else
REPRODUCIBLE_BUILD_DEFAULT=no
fi
# For reproducible build, gate out from the build anything that might
# introduce semantically frivolous jitter, maximizing chance of
# identical object files.
AC_ARG_ENABLE([reproducible-build],
[AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])],
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
[ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ]
)
# Test ar for the "U" or "D" options. Should be checked before the libtool macros.
xxx_ar_flags=$(ar --help 2>&1)
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
then
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[: ${AR_FLAGS="Dcr"}])
else
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
fi
xxx_ranlib_flags=$(ranlib --help 2>&1)
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
then
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[: ${RANLIB="ranlib -D"}])
else
AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[: ${RANLIB="ranlib -U"}])
fi
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
AC_CHECK_LIB([network],[socket])
AC_C_BIGENDIAN
@@ -165,57 +183,45 @@ AC_ARG_ENABLE([fips],
[ENABLED_FIPS="no"])
AS_CASE([$ENABLED_FIPS],
["ready"],[
[ready],[
ENABLED_FIPS="yes"
FIPS_VERSION="v2"
FIPS_READY="yes"
],
["v2"],[
# FIPS v2
ENABLED_FIPS="yes"
FIPS_VERSION="v2"
[no],[
FIPS_VERSION="none"
ENABLED_FIPS="no"
],
["rand"],[
# FIPS Rand
[rand|v1|v2],[
FIPS_VERSION="$ENABLED_FIPS"
ENABLED_FIPS="yes"
FIPS_VERSION="rand"
],
["no"],[FIPS_VERSION="none"],
[yes],
[
# FIPS v1
ENABLED_FIPS="yes"
FIPS_VERSION="v1"
],
[
AC_MSG_ERROR([Invalid value for --enable-fips \"$ENABLED_FIPS\" (allowed: ready, rand, v1, v2)])
])
case "$FIPS_VERSION" in
none) if test -s wolfcrypt/src/fips.c || test -s ctaocrypt/src/fips.c; then
AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
fi
;;
v1) if ! test -s ctaocrypt/src/fips.c; then
AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
fi
;;
*) if ! test -s wolfcrypt/src/fips.c; then
AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
fi
;;
esac
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_all=yes
fi
AS_CASE([$FIPS_VERSION],
[none],
[
AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c -o -s $srcdir/ctaocrypt/src/fips.c ],
[AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
],
[v1],
[
AS_IF([ ! test -s $srcdir/ctaocrypt/src/fips.c],
[AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])])
],
[
AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
[AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
]
)
# Linux Kernel Module
AC_ARG_ENABLE([linuxkm],
@@ -383,6 +389,7 @@ then
test "$enable_enckeys" = "" && enable_enckeys=yes
test "$enable_hashflags" = "" && enable_hashflags=yes
test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
test "$enable_base64encode" = "" && enable_base64encode=yes
test "$enable_arc4" = "" && enable_arc4=yes
test "$enable_des3" = "" && enable_des3=yes
test "$enable_nullcipher" = "" && enable_nullcipher=yes
@@ -2595,7 +2602,7 @@ AC_ARG_ENABLE([anon],
[ ENABLED_ANON=no ]
)
if test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_WPAS" = "xyes" || test "$ENABLED_NGINX" = "yes"
then
ENABLED_ANON=yes
fi
@@ -5259,7 +5266,7 @@ if test "$ENABLED_SP_ASM" = "yes"; then
fi
fi
;;
*x86_64*)
*x86_64*|*amd64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
ENABLED_SP_X86_64_ASM=yes
@@ -5618,7 +5625,7 @@ AC_ARG_ENABLE([oldnames],
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
fi
@@ -6525,13 +6532,16 @@ echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Single Precision: $ENABLED_SP"
if test "$ENABLED_SP_MATH_ALL" != "no"
then
echo " * SP math implementation: all"
elif test "$ENABLED_SP_MATH" != "no"
then
echo " * SP math implementation: restricted"
ENABLED_SP_MATH_DESC="all"
else
echo " * SP math implementation: no"
if test "$ENABLED_SP_MATH" != "no"
then
ENABLED_SP_MATH_DESC="restricted"
else
ENABLED_SP_MATH_DESC="no"
fi
fi
echo " * SP math implementation: $ENABLED_SP_MATH_DESC"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo " * PKCS#11: $ENABLED_PKCS11"
echo " * PKCS#12: $ENABLED_PKCS12"
+3
View File
@@ -466,6 +466,9 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
+3
View File
@@ -2501,6 +2501,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
do {
err = 0; /* reset error */
ret = SSL_accept(ssl);
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
if (ret != WOLFSSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
+3 -3
View File
@@ -257,7 +257,7 @@ if [ "$early_data" = "yes" ]; then
grep 'Session Ticket' $client_out_file
session_ticket=$?
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 2 ]; then
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
@@ -280,11 +280,11 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
RESULT=$?
remove_ready_file
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
if [ $early_data_cnt -ne 2 -a $early_data_cnt -ne 4 ]; then
if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 4 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
do_cleanup
exit 1
fi
+25
View File
@@ -1439,6 +1439,31 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
return 0;
}
/* wolfSSL_BIO_tell is provided as compatible API with
* BIO_tell which returns the current file position of a file related BIO.
* Returns the current file position on success and -1 for failure.
* Returns 0 for a BIOs except file related BIO.
*/
int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
{
int pos;
WOLFSSL_ENTER("wolfSSL_BIO_tell");
if (bio == NULL) {
return -1;
}
if (bio->type != WOLFSSL_BIO_FILE) {
return 0;
}
pos = (int)XFTELL((XFILE)bio->ptr);
if (pos < 0)
return -1;
else
return pos;
}
#endif /* NO_FILESYSTEM */
+41 -19
View File
@@ -1800,6 +1800,15 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef OPENSSL_EXTRA
/* setup WOLFSSL_X509_STORE */
ctx->x509_store.cm = ctx->cm;
/* WOLFSSL_X509_VERIFY_PARAM */
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ctx->param memory error");
return MEMORY_E;
}
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
#endif
#endif
@@ -1828,7 +1837,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#endif
#ifdef HAVE_WOLF_EVENT
ret = wolfEventQueue_Init(&ctx->event_queue);
if (ret == 0)
ret = wolfEventQueue_Init(&ctx->event_queue);
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_EARLY_DATA
@@ -1947,6 +1957,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->alpn_cli_protos = NULL;
}
if (ctx->param) {
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
}
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH
@@ -2291,7 +2304,7 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
word16 havePSK, word16 haveDH, word16 haveNTRU,
word16 haveECDSAsig, word16 haveECC,
word16 haveStaticECC, int side)
word16 haveStaticECC, word16 haveAnon, int side)
{
word16 idx = 0;
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
@@ -2313,6 +2326,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
(void)side;
(void)haveRSA; /* some builds won't read */
(void)haveRSAsig; /* non ecc builds won't read */
(void)haveAnon; /* anon ciphers optional */
if (suites == NULL) {
WOLFSSL_MSG("InitSuites pointer error");
@@ -2532,14 +2546,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
if (tls1_2 && haveDH) {
if (tls1_2 && haveDH && haveAnon) {
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
}
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveDH) {
if (tls1_2 && haveDH && haveAnon) {
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
}
@@ -3393,15 +3407,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap)
(void)heap;
if (name != NULL) {
XMEMSET(name, 0, sizeof(WOLFSSL_X509_NAME));
name->name = name->staticName;
name->dynamicName = 0;
name->sz = 0;
name->heap = heap;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(name->entry, 0, sizeof(name->entry));
name->x509 = NULL;
name->entrySz = 0;
#endif /* OPENSSL_EXTRA */
}
}
@@ -5209,13 +5217,15 @@ int InitSSL_Suites(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
else {
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
TRUE, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@@ -18917,6 +18927,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case NO_CERT_ERROR:
return "TLS1.3 No Certificate Set Error";
case TOO_MUCH_EARLY_DATA:
return "Too much early data";
default :
return "unknown error number";
}
@@ -27529,7 +27542,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
/* suite size */
@@ -27859,7 +27873,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
#ifdef OPENSSL_EXTRA
@@ -27921,7 +27936,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
}
#endif
@@ -31122,16 +31138,22 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
#ifdef HAVE_SNI
int SNI_Callback(WOLFSSL* ssl)
{
int ad = 0;
int sniRet = 0;
/* Stunnel supports a custom sni callback to switch an SSL's ctx
* when SNI is received. Call it now if exists */
if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
WOLFSSL_MSG("Calling custom sni callback");
if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
== alert_fatal) {
sniRet = ssl->ctx->sniRecvCb(ssl, &ad, ssl->ctx->sniRecvCbArg);
if (sniRet == alert_fatal) {
WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
SendAlert(ssl, alert_fatal, unrecognized_name);
SendAlert(ssl, alert_fatal, ad);
return FATAL_ERROR;
}
else if (sniRet == alert_warning) {
WOLFSSL_MSG("Error in custom sni callback. Warning alert");
SendAlert(ssl, alert_warning, ad);
}
}
return 0;
}
+17 -3
View File
@@ -75,7 +75,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap)
{
CertStatus *status, *next;
if (entry == NULL)
if (entry == NULL || !entry->ownStatus)
return;
WOLFSSL_ENTER("FreeOcspEntry");
@@ -371,6 +371,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
XMEMCPY(status, newSingle->status, sizeof(CertStatus));
status->next = entry->status;
entry->status = status;
entry->ownStatus = 1;
entry->totalStatus++;
}
}
@@ -598,7 +599,9 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
(void)dgst;
cm = wolfSSL_CertManagerNew();
if (cm == NULL)
if (cm == NULL
|| subject == NULL || subject->derCert == NULL
|| issuer == NULL || issuer->derCert == NULL)
return NULL;
ret = AllocDer(&derCert, issuer->derCert->length,
@@ -628,6 +631,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
XMEMSET(certStatus, 0, sizeof(CertStatus));
certId->status = certStatus;
certId->ownStatus = 1;
InitDecodedCert(&cert, subject->derCert->buffer,
subject->derCert->length, NULL);
@@ -797,6 +801,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
XMEMSET(resp->single, 0, sizeof(OcspEntry));
resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_OCSP_STATUS);
resp->single->ownStatus = 1;
if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
@@ -876,6 +881,7 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
else {
XMEMCPY(bs->single, response->single, sizeof(OcspEntry));
XMEMCPY(bs->source, response->source, response->maxIdx);
bs->single->ownStatus = 0;
}
return bs;
}
@@ -912,11 +918,19 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
WOLFSSL_OCSP_CERTID *cid)
{
if (req == NULL || cid == NULL)
if (req == NULL || cid == NULL || cid->status == NULL)
return NULL;
XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE);
XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE);
if (cid->status->serialSz > req->serialSz) {
if (req->serial != NULL)
XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
req->serial = (byte*)XMALLOC(cid->status->serialSz,
req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (req->serial == NULL)
return NULL;
}
XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz);
req->serialSz = cid->status->serialSz;
+876 -171
View File
File diff suppressed because it is too large Load Diff
+14 -1
View File
@@ -9107,9 +9107,17 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (length != 0)
return BUFFER_E;
if (ssl->earlyData == expecting_early_data)
if (ssl->earlyData == expecting_early_data) {
if (ssl->options.maxEarlyDataSz != 0)
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
else
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
return TLSX_EarlyData_Use(ssl, 0);
}
ssl->earlyData = early_data_ext;
return 0;
}
if (msgType == encrypted_extensions) {
@@ -9122,6 +9130,11 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (ssl->options.pskIdIndex != 1)
return PSK_KEY_ERROR;
if (ssl->options.side == WOLFSSL_CLIENT_END) {
/* the extension from server comes in */
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
}
return TLSX_EarlyData_Use(ssl, 1);
}
if (msgType == session_ticket) {
+36 -5
View File
@@ -8132,7 +8132,7 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
for (i = 0; i < count; i++) {
/* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups
* are valid */
if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, groups[i]))
if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i]))
!= WOLFSSL_SUCCESS) {
TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
return ret;
@@ -8167,7 +8167,7 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
for (i = 0; i < count; i++) {
/* Call to wolfSSL_UseSupportedCurve also checks if input groups
* are valid */
if ((ret = wolfSSL_UseSupportedCurve(ssl, groups[i]))
if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i]))
!= WOLFSSL_SUCCESS) {
TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
return ret;
@@ -8217,7 +8217,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
@@ -8254,7 +8255,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side);
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
}
#endif
@@ -8654,11 +8656,25 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
ret = wolfSSL_connect_TLSv13(ssl);
if (ret != WOLFSSL_SUCCESS)
return WOLFSSL_FATAL_ERROR;
/* on client side, status is set to rejected */
/* until sever accepts the early data extension. */
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
}
if (ssl->options.handShakeState == CLIENT_HELLO_COMPLETE) {
#ifdef OPENSSL_EXTRA
/* when processed early data exceeds max size */
if (ssl->session.maxEarlyDataSz > 0 &&
(ssl->earlyDataSz + sz > ssl->session.maxEarlyDataSz)) {
ssl->error = TOO_MUCH_EARLY_DATA;
return WOLFSSL_FATAL_ERROR;
}
#endif
ret = SendData(ssl, data, sz);
if (ret > 0)
if (ret > 0) {
*outSz = ret;
/* store amount of processed early data from client */
ssl->earlyDataSz += ret;
}
}
#else
return SIDE_ERROR;
@@ -8722,6 +8738,21 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
ret = WOLFSSL_FATAL_ERROR;
return ret;
}
/* Returns early data status
*
* ssl The SSL/TLS object.
* returns WOLFSSL_EARLY_DATA_ACCEPTED if the data was accepted
* WOLFSSL_EARLY_DATA_REJECTED if the data was rejected
* WOLFSSL_EARLY_DATA_NOT_SENT if no early data was sent
*/
int wolfSSL_get_early_data_status(const WOLFSSL* ssl)
{
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
return ssl->earlyDataStatus;
}
#endif
#ifdef HAVE_SECRET_CALLBACK
+752 -100
View File
File diff suppressed because it is too large Load Diff
+1
View File
@@ -5611,6 +5611,7 @@ exit:
(void)times;
(void)desc;
(void)start;
(void)name;
}
+1 -1
View File
@@ -4798,7 +4798,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out,
const unsigned char* addt,
const unsigned char* ivec, unsigned char *tag,
word32 nbytes, word32 abytes, word32 ibytes,
wrd32 tbytes, const unsigned char* key, int nr)
word32 tbytes, const unsigned char* key, int nr)
{
int i, j ,k;
__m128i ctr1;
+106 -265
View File
@@ -7121,8 +7121,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
{
int ret = 0;
(void)verify;
switch (sigOID) {
#if defined(WOLFSSL_MD2)
case CTC_MD2wRSA:
@@ -7210,6 +7208,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
WOLFSSL_MSG("Hash for Signature has unsupported type");
}
(void)buf;
(void)bufSz;
(void)sigOID;
(void)digest;
(void)digestSz;
(void)typeH;
(void)verify;
return ret;
}
#endif /* !NO_ASN_CRYPT */
@@ -12413,16 +12419,6 @@ static int CopyValidity(byte* output, Cert* cert)
#endif
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
/* Get Which Name from index */
const char* GetOneCertName(CertName* name, int idx)
{
@@ -13004,281 +13000,126 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
*
* returns length on success
*/
static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
byte type)
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
byte type)
{
word32 idx = 0;
/* bottom up */
byte firstLen[1 + MAX_LENGTH_SZ];
byte secondLen[MAX_LENGTH_SZ];
byte sequence[MAX_SEQ_SZ];
byte set[MAX_SET_SZ];
if (nameStr) {
/* bottom up */
byte firstLen[1 + MAX_LENGTH_SZ];
byte secondLen[MAX_LENGTH_SZ];
byte sequence[MAX_SEQ_SZ];
byte set[MAX_SET_SZ];
int strLen;
int thisLen;
int firstSz, secondSz, seqSz, setSz;
int strLen = (int)XSTRLEN(nameStr);
int thisLen = strLen;
int firstSz, secondSz, seqSz, setSz;
if (strLen == 0) { /* no user data for this item */
name->used = 0;
return 0;
}
/* Restrict country code size */
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
WOLFSSL_MSG("Country code size error");
return ASN_COUNTRY_SIZE_E;
}
secondSz = SetLength(strLen, secondLen);
thisLen += secondSz;
switch (type) {
case ASN_EMAIL_NAME: /* email */
thisLen += EMAIL_JOINT_LEN;
firstSz = EMAIL_JOINT_LEN;
break;
case ASN_DOMAIN_COMPONENT:
thisLen += PILOT_JOINT_LEN;
firstSz = PILOT_JOINT_LEN;
break;
default:
thisLen++; /* str type */
thisLen += JOINT_LEN;
firstSz = JOINT_LEN + 1;
}
thisLen++; /* id type */
firstSz = SetObjectId(firstSz, firstLen);
thisLen += firstSz;
seqSz = SetSequence(thisLen, sequence);
thisLen += seqSz;
setSz = SetSet(thisLen, set);
thisLen += setSz;
if (thisLen > (int)sizeof(name->encoded)) {
return BUFFER_E;
}
/* store it */
idx = 0;
/* set */
XMEMCPY(name->encoded, set, setSz);
idx += setSz;
/* seq */
XMEMCPY(name->encoded + idx, sequence, seqSz);
idx += seqSz;
/* asn object id */
XMEMCPY(name->encoded + idx, firstLen, firstSz);
idx += firstSz;
switch (type) {
case ASN_EMAIL_NAME:
{
const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x09, 0x01, 0x16 };
/* email joint id */
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
idx += (int)sizeof(EMAIL_OID);
}
break;
case ASN_DOMAIN_COMPONENT:
{
const byte PILOT_OID[] = { 0x09, 0x92, 0x26, 0x89,
0x93, 0xF2, 0x2C, 0x64, 0x01
};
XMEMCPY(name->encoded + idx, PILOT_OID,
sizeof(PILOT_OID));
idx += (int)sizeof(PILOT_OID);
/* id type */
name->encoded[idx++] = type;
/* str type */
name->encoded[idx++] = nameType;
}
break;
default:
name->encoded[idx++] = 0x55;
name->encoded[idx++] = 0x04;
/* id type */
name->encoded[idx++] = type;
/* str type */
name->encoded[idx++] = nameType;
}
/* second length */
XMEMCPY(name->encoded + idx, secondLen, secondSz);
idx += secondSz;
/* str value */
XMEMCPY(name->encoded + idx, nameStr, strLen);
idx += strLen;
name->type = type;
name->totalLen = idx;
name->used = 1;
}
else
if (nameStr == NULL) {
name->used = 0;
return 0;
}
thisLen = strLen = (int)XSTRLEN(nameStr);
if (strLen == 0) { /* no user data for this item */
name->used = 0;
return 0;
}
return idx;
}
/* Restrict country code size */
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
WOLFSSL_MSG("Country code size error");
return ASN_COUNTRY_SIZE_E;
}
secondSz = SetLength(strLen, secondLen);
thisLen += secondSz;
switch (type) {
case ASN_EMAIL_NAME: /* email */
thisLen += EMAIL_JOINT_LEN;
firstSz = EMAIL_JOINT_LEN;
break;
case ASN_DOMAIN_COMPONENT:
thisLen += PILOT_JOINT_LEN;
firstSz = PILOT_JOINT_LEN;
break;
/* Guarded by either
* A) WOLFSSL_WPAS_SMALL is on or
* B) (OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_CERT_GEN +
* (WOLFSSL_CERT_REQ or WOLFSSL_CERT_EXT or OPENSSL_EXTRA) has been
* defined
*/
#if defined(WOLFSSL_WPAS_SMALL) || \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
defined(OPENSSL_EXTRA))
/* Converts from NID_* value to wolfSSL value if needed */
static int ConvertNIDToWolfSSL(int nid)
{
switch (nid) {
case NID_commonName : return ASN_COMMON_NAME;
case NID_surname : return ASN_SUR_NAME;
case NID_countryName: return ASN_COUNTRY_NAME;
case NID_localityName: return ASN_LOCALITY_NAME;
case NID_stateOrProvinceName: return ASN_STATE_NAME;
case NID_organizationName: return ASN_ORG_NAME;
case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
case NID_emailAddress: return ASN_EMAIL_NAME;
case NID_serialNumber: return ASN_SERIAL_NUMBER;
case NID_businessCategory: return ASN_BUS_CAT;
case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
default:
WOLFSSL_MSG("Attribute NID not found");
return -1;
thisLen++; /* str type */
thisLen += JOINT_LEN;
firstSz = JOINT_LEN + 1;
}
}
thisLen++; /* id type */
firstSz = SetObjectId(firstSz, firstLen);
thisLen += firstSz;
seqSz = SetSequence(thisLen, sequence);
thisLen += seqSz;
setSz = SetSet(thisLen, set);
thisLen += setSz;
/* Converts the x509 name structure into DER format.
*
* out pointer to either a pre setup buffer or a pointer to null for
* creating a dynamic buffer. In the case that a pre-existing buffer is
* used out will be incremented the size of the DER buffer on success.
*
* returns the size of the buffer on success, or negative value with failure
*/
int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
{
int totalBytes = 0, i, idx;
byte temp[MAX_SEQ_SZ];
byte *output, *local = NULL;
#ifdef WOLFSSL_SMALL_STACK
EncodedName* names = NULL;
#else
EncodedName names[MAX_NAME_ENTRIES];
#endif
if (out == NULL || name == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (names == NULL)
return MEMORY_E;
#endif
XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES);
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
WOLFSSL_X509_NAME_ENTRY* entry;
int ret;
entry = wolfSSL_X509_NAME_get_entry(name, i);
if (entry != NULL && entry->set == 1) {
const char* nameStr;
int type;
WOLFSSL_ASN1_STRING* data;
data = wolfSSL_X509_NAME_ENTRY_get_data(entry);
if (data == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Error getting entry data");
return WOLFSSL_FATAL_ERROR;
}
nameStr = (const char*)wolfSSL_ASN1_STRING_data(data);
type = wolfSSL_ASN1_STRING_type(data);
switch (type) {
case MBSTRING_UTF8:
type = CTC_UTF8;
break;
case V_ASN1_PRINTABLESTRING:
type = CTC_PRINTABLE;
break;
default:
WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default");
type = CTC_UTF8;
}
ret = wc_EncodeName(&names[i], nameStr, type,
ConvertNIDToWolfSSL(entry->nid));
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("EncodeName failed");
return WOLFSSL_FATAL_ERROR;
}
totalBytes += ret;
}
}
/* header */
idx = SetSequence(totalBytes, temp);
if (totalBytes + idx > ASN_NAME_MAX) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
if (thisLen > (int)sizeof(name->encoded)) {
return BUFFER_E;
}
/* check if using buffer passed in */
if (*out == NULL) {
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL,
DYNAMIC_TYPE_OPENSSL);
if (*out == NULL) {
return MEMORY_E;
/* store it */
idx = 0;
/* set */
XMEMCPY(name->encoded, set, setSz);
idx += setSz;
/* seq */
XMEMCPY(name->encoded + idx, sequence, seqSz);
idx += seqSz;
/* asn object id */
XMEMCPY(name->encoded + idx, firstLen, firstSz);
idx += firstSz;
switch (type) {
case ASN_EMAIL_NAME:
{
const byte EMAIL_OID[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16
};
/* email joint id */
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
idx += (int)sizeof(EMAIL_OID);
break;
}
}
output = *out;
idx = SetSequence(totalBytes, output);
totalBytes += idx;
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
if (names[i].used) {
XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
idx += names[i].totalLen;
case ASN_DOMAIN_COMPONENT:
{
const byte PILOT_OID[] = {
0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01
};
XMEMCPY(name->encoded + idx, PILOT_OID, sizeof(PILOT_OID));
idx += (int)sizeof(PILOT_OID);
/* id type */
name->encoded[idx++] = type;
/* str type */
name->encoded[idx++] = nameType;
break;
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
/* used existing buffer passed in, so increment pointer */
if (local == NULL) {
*out += totalBytes;
default:
name->encoded[idx++] = 0x55;
name->encoded[idx++] = 0x04;
/* id type */
name->encoded[idx++] = type;
/* str type */
name->encoded[idx++] = nameType;
}
return totalBytes;
/* second length */
XMEMCPY(name->encoded + idx, secondLen, secondSz);
idx += secondSz;
/* str value */
XMEMCPY(name->encoded + idx, nameStr, strLen);
idx += strLen;
name->type = type;
name->totalLen = idx;
name->used = 1;
return idx;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
/* encode CertName into output, return total bytes written */
int SetName(byte* output, word32 outputSz, CertName* name)
+39 -41
View File
@@ -1178,7 +1178,8 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order);
#endif
@@ -3799,8 +3800,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
}
/* Verify domain params supplied */
if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
wc_ecc_is_valid_idx(public_key->idx) == 0) {
if (wc_ecc_is_valid_idx(private_key->idx) == 0 || private_key->dp == NULL ||
wc_ecc_is_valid_idx(public_key->idx) == 0 || public_key->dp == NULL) {
return ECC_BAD_ARG_E;
}
@@ -3824,7 +3825,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
err = CRYS_ECDH_SVDP_DH(&public_key->ctx.pubKey,
&private_key->ctx.privKey,
out,
outlen,
(uint32_t*)outlen,
&tempBuff);
if (err != SA_SILIB_RET_OK){
@@ -4101,7 +4102,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
}
/* Verify domain params supplied */
if (wc_ecc_is_valid_idx(private_key->idx) == 0) {
if (wc_ecc_is_valid_idx(private_key->idx) == 0 || private_key->dp == NULL) {
WOLFSSL_MSG("wc_ecc_is_valid_idx failed");
return ECC_BAD_ARG_E;
}
@@ -4168,7 +4169,7 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
return BAD_FUNC_ARG;
/* is the IDX valid ? */
if (wc_ecc_is_valid_idx(curve_idx) != 1) {
if (wc_ecc_is_valid_idx(curve_idx) == 0) {
return ECC_BAD_ARG_E;
}
@@ -4542,7 +4543,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
}
#elif defined(WOLFSSL_CRYPTOCELL)
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
raw_size = (word32)(key->dp->size)*2 + 1;
/* generate first key pair */
@@ -4563,7 +4564,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
err = CRYS_ECPKI_ExportPublKey(&key->ctx.pubKey,
CRYS_EC_PointUncompressed,
&ucompressed_key[0],
&raw_size);
(uint32_t*)&raw_size);
if (err == SA_SILIB_RET_OK && key->pubkey.x && key->pubkey.y) {
err = mp_read_unsigned_bin(key->pubkey.x,
@@ -4577,7 +4578,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
if (err == MP_OKAY) {
err = CRYS_ECPKI_ExportPrivKey(&key->ctx.privKey,
ucompressed_key,
&raw_size);
(uint32_t*)&raw_size);
}
if (err == SA_SILIB_RET_OK) {
@@ -4993,7 +4994,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
(byte*)in,
msgLenInBytes,
out,
&raw_sig_size);
(uint32_t*)&raw_sig_size);
if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECDSA_Sign failed");
@@ -5248,7 +5249,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
}
/* is the IDX valid ? */
if (wc_ecc_is_valid_idx(key->idx) != 1) {
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
return ECC_BAD_ARG_E;
}
@@ -6409,7 +6410,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
*res = 0;
/* is the IDX valid ? */
if (wc_ecc_is_valid_idx(key->idx) != 1) {
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
return ECC_BAD_ARG_E;
}
@@ -7209,9 +7210,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
if (key->type == ECC_PRIVATEKEY_ONLY)
return ECC_PRIVATEONLY_E;
if (key->type == 0 ||
wc_ecc_is_valid_idx(key->idx) == 0 ||
key->dp == NULL) {
if (key->type == 0 || wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL){
return ECC_BAD_ARG_E;
}
@@ -7656,7 +7655,8 @@ int wc_ecc_check_key(ecc_key* key)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL)
err = 0; /* consider key check success on ATECC508/608A */
err = 0; /* consider key check success on ATECC508/608A and CryptoCell */
(void)err;
#else
#ifdef USE_ECC_B_PARAM
@@ -7751,9 +7751,8 @@ int wc_ecc_check_key(ecc_key* key)
#endif
FREE_CURVE_SPECS();
return err;
#endif /* WOLFSSL_ATECC508A */
return err;
#else
return WC_KEY_SIZE_E;
#endif /* !WOLFSSL_SP_MATH */
@@ -7770,7 +7769,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
#endif
int keysize = 0;
byte pointType;
#ifdef WOLFSSL_CRYPTOCELL
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
#endif
if (in == NULL || key == NULL)
return BAD_FUNC_ARG;
@@ -7950,7 +7952,20 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
#ifdef WOLFSSL_SILABS_SE_ACCEL
err = silabs_ecc_import(key, keysize);
#endif
#ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)in-1, /* re-adjust */
inLen+1, /* original input */
&key->ctx.pubKey,
&tempBuff);
if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
}
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (err == MP_OKAY)
err = wc_ecc_check_key(key);
@@ -7988,7 +8003,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
return BAD_FUNC_ARG;
}
if (wc_ecc_is_valid_idx(key->idx) == 0) {
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
return ECC_BAD_ARG_E;
}
keySz = key->dp->size;
@@ -8079,7 +8094,6 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
int ret;
#ifdef WOLFSSL_CRYPTOCELL
const CRYS_ECPKI_Domain_t* pDomain;
CRYS_ECPKI_BUILD_TempData_t tempBuff;
#endif
if (key == NULL || priv == NULL)
return BAD_FUNC_ARG;
@@ -8110,21 +8124,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
return ret;
#ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
if (pub != NULL && pub[0] != '\0') {
/* create public key from external key buffer */
ret = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)pub,
pubSz,
&key->ctx.pubKey,
&tempBuff);
if (ret != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
return ret;
}
}
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* import private key */
if (priv != NULL && priv[0] != '\0') {
@@ -8396,7 +8396,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
}
if (err == MP_OKAY) {
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
@@ -8552,7 +8552,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
/* key size in octets */
int wc_ecc_size(ecc_key* key)
{
if (key == NULL)
if (key == NULL || key->dp == NULL)
return 0;
return key->dp->size;
@@ -11356,9 +11356,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
if (key->type == ECC_PRIVATEKEY_ONLY)
return ECC_PRIVATEONLY_E;
if (key->type == 0 ||
wc_ecc_is_valid_idx(key->idx) == 0 ||
key->dp == NULL) {
if (key->type == 0 || wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL){
return ECC_BAD_ARG_E;
}
+13
View File
@@ -4302,6 +4302,8 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
int res, ix, oldused;
mp_digit *tmpa, *tmpc, mu;
if (b > MP_DIGIT_MAX) return MP_VAL;
/* grow c as required */
if (c->alloc < a->used + 1) {
if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
@@ -5039,6 +5041,11 @@ int mp_lcm (mp_int * a, mp_int * b, mp_int * c)
int res;
mp_int t1, t2;
/* LCM of 0 and any number is undefined as 0 is not in the set of values
* being used. */
if (mp_iszero (a) == MP_YES || mp_iszero (b) == MP_YES) {
return MP_VAL;
}
if ((res = mp_init_multi (&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
return res;
@@ -5083,6 +5090,10 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
/* either zero than gcd is the largest */
if (mp_iszero (a) == MP_YES) {
/* GCD of 0 and 0 is undefined as all integers divide 0. */
if (mp_iszero (b) == MP_YES) {
return MP_VAL;
}
return mp_abs (b, c);
}
if (mp_iszero (b) == MP_YES) {
@@ -5218,9 +5229,11 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
*/
if (y < radix) {
if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
mp_zero(a);
return res;
}
if ((res = mp_add_d (a, (mp_digit) y, a)) != MP_OKAY) {
mp_zero(a);
return res;
}
} else {
+14 -1
View File
@@ -550,7 +550,20 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
return ret;
}
#ifdef OPENSSL_EXTRA
/* Apply MD5 transformation to the data */
/* @param md5 a pointer to wc_MD5 structure */
/* @param data data to be applied MD5 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Md5Transform(wc_Md5* md5, const byte* data)
{
/* sanity check */
if (md5 == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return Transform(md5, data);
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
int wc_Md5SetFlags(wc_Md5* md5, word32 flags)
{
+21 -3
View File
@@ -4917,16 +4917,27 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
der = pkcs7->der;
pkcs7->der = NULL;
#endif
contentDynamic = pkcs7->contentDynamic;
version = pkcs7->version;
if (ret == 0) {
byte isDynamic = pkcs7->isDynamic;
#ifndef NO_PKCS7_STREAM
PKCS7State* stream = pkcs7->stream;
pkcs7->stream = NULL;
#endif
/* Save dynamic content before freeing PKCS7 struct */
if (pkcs7->contentDynamic != NULL) {
contentDynamic = (byte*)XMALLOC(contentSz,
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (contentDynamic == NULL) {
ret = MEMORY_E;
break;
}
XMEMCPY(contentDynamic, pkcs7->contentDynamic,
contentSz);
}
/* Free pkcs7 resources but not the structure itself */
pkcs7->isDynamic = 0;
wc_PKCS7_Free(pkcs7);
@@ -4934,11 +4945,18 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* This will reset PKCS7 structure and then set the
* certificate */
ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
/* Restore pkcs7->contentDynamic from above, will be
* freed by application with wc_PKCS7_Free() */
if (contentDynamic != NULL) {
pkcs7->contentDynamic = contentDynamic;
contentDynamic = NULL;
}
#ifndef NO_PKCS7_STREAM
pkcs7->stream = stream;
#endif
}
pkcs7->contentDynamic = contentDynamic;
pkcs7->version = version;
#ifdef ASN_BER_TO_DER
pkcs7->der = der;
+23 -7
View File
@@ -2236,19 +2236,35 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(INTIME_RTOS)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
uint32_t randval;
word32 len;
if (output == NULL) {
return BUFFER_E;
}
/* Note: Investigate better solution */
/* no return to check */
arc4random_buf(output, sz);
#ifdef INTIMEVER
/* If INTIMEVER exists then it is INTIME RTOS v6 or later */
#define INTIME_RAND_FUNC arc4random
len = 4;
#else
/* v5 and older */
#define INTIME_RAND_FUNC rand
srand(time(0));
len = 2; /* don't use all 31 returned bits */
#endif
return ret;
while (sz > 0) {
if (sz < len)
len = sz;
randval = INTIME_RAND_FUNC();
XMEMCPY(output, &randval, len);
output += len;
sz -= len;
}
(void)os;
return 0;
}
#elif defined(WOLFSSL_WICED)
+21 -2
View File
@@ -773,13 +773,31 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
return ret;
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA1 transformation to the data */
/* @param sha a pointer to wc_Sha structure */
/* @param data data to be applied SHA1 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_ShaTransform(wc_Sha* sha, const unsigned char* data)
{
/* sanity check */
if (sha == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return (Transform(sha, data));
}
#endif
#endif /* USE_SHA_SOFTWARE_IMPL */
#if !defined(WOLFSSL_IMXRT_DCP)
int wc_InitSha(wc_Sha* sha)
{
return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
}
#endif /* !defined(WOLFSSL_IMXRT_DCP) */
void wc_ShaFree(wc_Sha* sha)
{
@@ -808,7 +826,8 @@ void wc_ShaFree(wc_Sha* sha)
#endif /* !WOLFSSL_TI_HASH */
#endif /* HAVE_FIPS */
#ifndef WOLFSSL_TI_HASH
#if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)
#if !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || \
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
int wc_ShaGetHash(wc_Sha* sha, byte* hash)
@@ -873,7 +892,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
return ret;
}
#endif /* defined(WOLFSSL_RENESAS_TSIP_CRYPT) ... */
#endif /* !WOLFSSL_TI_HASH */
#endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+13 -2
View File
@@ -130,8 +130,6 @@ where 0 <= L < 2^64.
#elif defined(WOLFSSL_CRYPTOCELL)
/* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */
#elif defined(WOLFSSL_IMXRT_DCP)
#elif defined(WOLFSSL_PSOC6_CRYPTO)
@@ -1295,6 +1293,19 @@ static int InitSha256(wc_Sha256* sha256)
return InitSha256(sha256); /* reset state */
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA256 transformation to the data */
/* @param sha a pointer to wc_Sha256 structure */
/* @param data data to be applied SHA256 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
{
if (sha == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return (Transform_Sha256(sha, data));
}
#endif
#endif /* XTRANSFORM */
#ifdef WOLFSSL_SHA224
+51
View File
@@ -916,7 +916,58 @@ void wc_Sha512Free(wc_Sha512* sha512)
wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA512 transformation to the data */
/* @param sha a pointer to wc_Sha512 structure */
/* @param data data to be applied SHA512 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
{
int ret ;
/* back up buffer */
#if defined(WOLFSSL_SMALL_STACK)
word64* buffer;
buffer = (word64*) XMALLOC(sizeof(word64) * 16, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
return MEMORY_E;
#else
word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
#endif
/* sanity check */
if (sha == NULL || data == NULL) {
#if defined(WOLFSSL_SMALL_STACK)
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_FUNC_ARG;
}
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
Sha512_SetTransform();
#endif
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
{
ByteReverseWords64((word64*)data, (word64*)data,
WC_SHA512_BLOCK_SIZE);
}
#endif
XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
ret = Transform_Sha512(sha);
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
#if defined(WOLFSSL_SMALL_STACK)
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#endif /* WOLFSSL_SHA512 */
/* -------------------------------------------------------------------------- */
+15 -8
View File
@@ -48,6 +48,13 @@
/* Signature wrapper disabled check */
#ifndef NO_SIG_WRAPPER
#ifdef WOLFSSL_CRYPTOCELL
extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
extern int cc310_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
#endif
#if !defined(NO_RSA) && !defined(NO_ASN)
static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
word32 hash_len, word32* hash_enc_len)
@@ -178,12 +185,12 @@ int wc_SignatureVerifyHash(
#ifndef NO_RSA
#ifdef WOLFSSL_CRYPTOCELL
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
cc310_hashModeRSA(hash_type, 0));
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
(RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
cc310_hashModeRSA(hash_type, 1));
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
(RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
}
#else
@@ -400,12 +407,12 @@ int wc_SignatureGenerateHash_ex(
/* use expected signature size (incoming sig_len could be larger buffer */
*sig_len = wc_SignatureGetSize(sig_type, key, key_len);
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 0));
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
(RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
}
else {
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
cc310_hashModeRSA(hash_type, 1));
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
(RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
}
#else
/* Create signature using provided RSA key */
+36 -20
View File
@@ -2481,7 +2481,7 @@ int sp_cond_swap_ct(sp_int * a, sp_int * b, int c, int m)
}
FREE_SP_INT(t, NULL);
return MP_OKAY;
return err;
}
#endif /* HAVE_ECC && ECC_TIMING_RESISTANT && !WC_NO_CACHE_RESISTANT */
@@ -2996,7 +2996,7 @@ int sp_cmp_d(sp_int* a, sp_int_digit d)
#endif
#if defined(WOLFSSL_SP_INT_NEGATIVE) || !defined(NO_PWDBASED) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || defined(HAVE_ECC) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
/* Add a one digit number to the multi-precision number.
*
@@ -4142,7 +4142,7 @@ static int sp_cmp_mag_ct(sp_int* a, sp_int* b, int len)
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
/* Add two value and reduce: r = (a + b) % m
*
* r = a + b (mod m) - constant time (|a| < m and |b| < m and positive)
* r = a + b (mod m) - constant time (a < m and b < m, a, b and m are positive)
*
* Assumes a, b, m and r are not NULL.
*
@@ -4193,7 +4193,7 @@ int sp_addmod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
/* Sub b from a and reduce: r = (a - b) % m
* Result is always positive.
*
* r = a - b (mod m) - constant time (a < n and b < m and positive)
* r = a - b (mod m) - constant time (a < m and b < m, a, b and m are positive)
*
* Assumes a, b, m and r are not NULL.
*
@@ -4482,7 +4482,7 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
if (r != NULL) {
sp_set(r, 1);
#ifdef WOLFSSL_SP_INT_NEGATIVE
r->sign = aSign;
r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
#endif /* WOLFSSL_SP_INT_NEGATIVE */
}
done = 1;
@@ -4491,11 +4491,14 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
/* a is greater than d but same bit length */
if (rem != NULL) {
_sp_sub_off(a, d, rem, 0);
#ifdef WOLFSSL_SP_INT_NEGATIVE
rem->sign = aSign;
#endif
}
if (r != NULL) {
sp_set(r, 1);
#ifdef WOLFSSL_SP_INT_NEGATIVE
r->sign = aSign;
r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
#endif /* WOLFSSL_SP_INT_NEGATIVE */
}
done = 1;
@@ -4681,7 +4684,7 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
{
int err = MP_OKAY;
#ifdef WOLFSSL_SP_INT_NEGATIVE
DECL_SP_INT(t, (m == NULL) ? 1 : m->used);
DECL_SP_INT(t, (a == NULL) ? 1 : a->used + 1);
#endif /* WOLFSSL_SP_INT_NEGATIVE */
if ((a == NULL) || (m == NULL) || (r == NULL)) {
@@ -4695,11 +4698,11 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
#else
ALLOC_SP_INT(t, m->used, err, NULL);
if (err == MP_OKAY) {
sp_init_size(t, m->used);
sp_init_size(t, a->used + 1);
err = sp_div(a, m, NULL, t);
}
if (err == MP_OKAY) {
if (t->sign != m->sign) {
if ((!sp_iszero(t)) && (t->sign != m->sign)) {
err = sp_add(t, m, r);
}
else {
@@ -8013,7 +8016,7 @@ static int _sp_exptmod_ex(sp_int* b, sp_int* e, int bits, sp_int* m, sp_int* r)
#endif
/* Ensure base is less than exponent. */
if (_sp_cmp(b, m) != MP_LT) {
if (_sp_cmp_abs(b, m) != MP_LT) {
err = sp_mod(b, m, t[0]);
if ((err == MP_OKAY) && sp_iszero(t[0])) {
sp_set(r, 0);
@@ -8113,7 +8116,7 @@ static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
sp_init_size(t[3], m->used * 2 + 1);
/* Ensure base is less than exponent. */
if (_sp_cmp(b, m) != MP_LT) {
if (_sp_cmp_abs(b, m) != MP_LT) {
err = sp_mod(b, m, t[0]);
if ((err == MP_OKAY) && sp_iszero(t[0])) {
sp_set(r, 0);
@@ -8248,7 +8251,7 @@ static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
sp_init_size(tr, m->used * 2 + 1);
/* Ensure base is less than exponent. */
if (_sp_cmp(b, m) != MP_LT) {
if (_sp_cmp_abs(b, m) != MP_LT) {
err = sp_mod(b, m, t[1]);
if ((err == MP_OKAY) && sp_iszero(t[1])) {
sp_set(r, 0);
@@ -8767,7 +8770,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
sp_init_size(bm, m->used * 2 + 1);
/* Ensure base is less than exponent. */
if (_sp_cmp(b, m) != MP_LT) {
if (_sp_cmp_abs(b, m) != MP_LT) {
err = sp_mod(b, m, bm);
if ((err == MP_OKAY) && sp_iszero(bm)) {
sp_set(r, 0);
@@ -8980,7 +8983,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
sp_init_size(t[1], m->used * 2 + 1);
/* Ensure base is less than exponent. */
if (_sp_cmp(b, m) != MP_LT) {
if (_sp_cmp_abs(b, m) != MP_LT) {
err = sp_mod(b, m, t[0]);
if ((err == MP_OKAY) && sp_iszero(t[0])) {
sp_set(r, 0);
@@ -12491,6 +12494,7 @@ int sp_tohex(sp_int* a, char* str)
i = a->used - 1;
#ifndef WC_DISABLE_RADIX_ZERO_PAD
/* Find highest non-zero byte in most-significant word. */
for (j = SP_WORD_SIZE - 8; j >= 0; j -= 8) {
if (((a->dp[i] >> j) & 0xff) != 0) {
break;
@@ -12500,8 +12504,10 @@ int sp_tohex(sp_int* a, char* str)
--i;
}
}
/* Start with high nibble of byte. */
j += 4;
#else
/* Find highest non-zero nibble in most-significant word. */
for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
if (((a->dp[i] >> j) & 0xf) != 0) {
break;
@@ -12512,6 +12518,7 @@ int sp_tohex(sp_int* a, char* str)
}
}
#endif /* WC_DISABLE_RADIX_ZERO_PAD */
/* Most-significant word. */
for (; j >= 0; j -= 4) {
*(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
}
@@ -12660,16 +12667,16 @@ int sp_radix_size(sp_int* a, int radix, int* size)
}
else {
int nibbles = (sp_count_bits(a) + 3) / 4;
#ifdef WOLFSSL_SP_INT_NEGATIVE
if (a->sign == MP_NEG) {
nibbles++;
}
#endif /* WOLFSSL_SP_INT_NEGATIVE */
#ifndef WC_DISABLE_RADIX_ZERO_PAD
if (nibbles & 1) {
nibbles++;
}
#endif /* WC_DISABLE_RADIX_ZERO_PAD */
#ifdef WOLFSSL_SP_INT_NEGATIVE
if (a->sign == MP_NEG) {
nibbles++;
}
#endif /* WOLFSSL_SP_INT_NEGATIVE */
/* One more for \0 */
*size = nibbles + 1;
}
@@ -13230,9 +13237,11 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng)
}
#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
/* Calculates the Greatest Common Denominator (GCD) of a and b into r.
*
* a and b are positive integers.
*
* @param [in] a SP integer of first operand.
* @param [in] b SP integer of second operand.
@@ -13250,6 +13259,7 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
err = MP_VAL;
}
else if (sp_iszero(a)) {
/* GCD of 0 and 0 is undefined as all integers divide 0. */
if (sp_iszero(b)) {
err = MP_VAL;
}
@@ -13341,6 +13351,8 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
/* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r.
*
* a and b are positive integers.
*
* @param [in] a SP integer of first operand.
* @param [in] b SP integer of second operand.
@@ -13360,6 +13372,10 @@ int sp_lcm(sp_int* a, sp_int* b, sp_int* r)
if ((a == NULL) || (b == NULL) || (r == NULL)) {
err = MP_VAL;
}
/* LCM of 0 and any number is undefined as 0 is not in the set of values
* being used.
*/
if ((err == MP_OKAY) && (mp_iszero(a) || mp_iszero(b))) {
err = MP_VAL;
}
+30 -25
View File
@@ -990,7 +990,7 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c)
fp_init(t);
err = fp_div(a, b, NULL, t);
if (err == FP_OKAY) {
if (t->sign != b->sign) {
if (!fp_iszero(t) && (t->sign != b->sign)) {
err = fp_add(t, b, c);
} else {
fp_copy(t, c);
@@ -5210,6 +5210,12 @@ int fp_lcm(fp_int *a, fp_int *b, fp_int *c)
fp_int *t;
#endif
/* LCM of 0 and any number is undefined as 0 is not in the set of values
* being used. */
if (fp_iszero(a) == FP_YES || fp_iszero(b) == FP_YES) {
return FP_VAL;
}
#ifdef WOLFSSL_SMALL_STACK
t = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_BIGINT);
if (t == NULL) {
@@ -5249,6 +5255,11 @@ int fp_gcd(fp_int *a, fp_int *b, fp_int *c)
fp_int *u, *v, *r;
#endif
/* GCD of 0 and 0 is undefined as all integers divide 0. */
if (fp_iszero(a) == FP_YES && fp_iszero(b) == FP_YES) {
return FP_VAL;
}
/* either zero than gcd is the largest */
if (fp_iszero (a) == FP_YES && fp_iszero (b) == FP_NO) {
fp_abs (b, c);
@@ -5317,32 +5328,26 @@ int fp_gcd(fp_int *a, fp_int *b, fp_int *c)
int fp_add_d(fp_int *a, fp_digit b, fp_int *c)
{
#ifndef WOLFSSL_SMALL_STACK
fp_int tmp;
int err;
fp_init(&tmp);
fp_set(&tmp, b);
err = fp_add(a, &tmp, c);
return err;
fp_int tmp[1];
#else
int i;
fp_word t = b;
int err = FP_OKAY;
fp_copy(a, c);
for (i = 0; t != 0 && i < FP_SIZE && i < c->used; i++) {
t += c->dp[i];
c->dp[i] = (fp_digit)t;
t >>= DIGIT_BIT;
}
if (i == c->used && i < FP_SIZE && t != 0) {
c->dp[i] = t;
c->used++;
}
if (i == FP_SIZE && t != 0) {
err = FP_VAL;
}
return err;
fp_int* tmp;
#endif
int err;
#ifdef WOLFSSL_SMALL_STACK
tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (tmp == NULL)
return FP_MEM;
#endif
fp_init(tmp);
fp_set(tmp, b);
err = fp_add(a, tmp, c);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return err;
}
/* external compatibility */
+154 -87
View File
@@ -290,7 +290,7 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"");
#include <wolfssl/openssl/des.h>
#endif
#if defined(NO_FILESYSTEM)
#if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
#define USE_CERT_BUFFERS_2048
@@ -422,7 +422,8 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256)
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
/* skip for ATECC508/608A, cannot import private key buffers */
WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
#endif
@@ -849,10 +850,12 @@ initDefaultName();
test_pass("SHAKE256 test passed!\n");
#endif
#ifndef NO_HASH_WRAPPER
if ( (ret = hash_test()) != 0)
return err_sys("Hash test failed!\n", ret);
else
test_pass("Hash test passed!\n");
#endif
#ifdef WOLFSSL_RIPEMD
if ( (ret = ripemd_test()) != 0)
@@ -1177,7 +1180,8 @@ initDefaultName();
test_pass("ECC Enc test passed!\n");
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256)
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
/* skip for ATECC508/608A, cannot import private key buffers */
if ( (ret = ecc_test_buffers()) != 0)
return err_sys("ECC buffer test failed!\n", ret);
@@ -3384,7 +3388,7 @@ exit:
}
#endif
#ifndef NO_HASH_WRAPPER
WOLFSSL_TEST_SUBROUTINE int hash_test(void)
{
wc_HashAlg hash;
@@ -3689,6 +3693,7 @@ WOLFSSL_TEST_SUBROUTINE int hash_test(void)
return 0;
}
#endif /* !NO_HASH_WRAPPER */
#if !defined(NO_HMAC) && !defined(NO_MD5)
WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
@@ -6249,8 +6254,8 @@ WOLFSSL_TEST_SUBROUTINE int des_test(void)
sizeof(key), WC_HASH_TYPE_NONE);
if (ret == 0)
return -5009;
}
#endif /* !NO_PWDBASED */
}
#endif
return 0;
@@ -7623,9 +7628,11 @@ static int aes_key_size_test(void)
#endif
byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
#ifndef WOLFSSL_CRYPTOCELL
byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
#endif
byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
@@ -7702,7 +7709,8 @@ static int aes_key_size_test(void)
if (ret != 0 || keySize != sizeof(key16))
ERROR_OUT(-5310, out);
#endif
#ifndef WOLFSSL_CRYPTOCELL
/* Cryptocell only supports AES-128 key size */
ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_192
if (ret != 0)
@@ -7728,7 +7736,7 @@ static int aes_key_size_test(void)
if (ret != 0 || keySize != sizeof(key32))
ERROR_OUT(-5314, out);
#endif
#endif /* !WOLFSSL_CRYPTOCELL */
out:
#ifdef WOLFSSL_SMALL_STACK
@@ -11823,12 +11831,11 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
#endif
#if defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
#ifdef HAVE_PKCS8
#if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
#endif
#endif /* HAVE_ECC_KEY_EXPORT */
@@ -14439,7 +14446,9 @@ static int rsa_keygen_test(WC_RNG* rng)
#endif
int ret;
byte* der = NULL;
#ifndef WOLFSSL_CRYPTOCELL
word32 idx = 0;
#endif
int derSz = 0;
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
int keySz = 1024;
@@ -14499,8 +14508,9 @@ static int rsa_keygen_test(WC_RNG* rng)
if (ret != 0) {
ERROR_OUT(-7875, exit_rsa);
}
#ifndef WOLFSSL_CRYPTOCELL
idx = 0;
#if !defined(WOLFSSL_CRYPTOCELL)
/* The private key part of the key gen pairs from cryptocell can't be exported */
ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
if (ret != 0) {
@@ -14554,21 +14564,12 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
RsaKey caKey[1];
#endif
#endif
#if !defined(NO_ASN) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) \
|| defined(WOLFSSL_PUBLIC_MP)
word32 idx = 0;
#endif
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
const char inStr[] = TEST_STRING;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
const word32 plainSz = RSA_TEST_BYTES;
#endif
#if (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(WOLFSSL_PUBLIC_MP)
byte* res;
#endif
#ifndef NO_SIG_WRAPPER
int modLen;
#endif
@@ -14586,8 +14587,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#endif
#endif
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
@@ -14598,7 +14597,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#endif
XMEMCPY(in, inStr, inLen);
#endif
#ifdef WOLFSSL_SMALL_STACK
if (key == NULL)
@@ -14733,7 +14731,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
goto exit_rsa;
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WC_NO_RNG)
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@@ -14809,9 +14808,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
TEST_SLEEP();
#elif defined(WOLFSSL_PUBLIC_MP)
(void)outSz;
(void)inLen;
(void)res;
{
static byte signature_2048[] = {
0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
@@ -14852,8 +14848,9 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
}
#endif
#if (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(WOLFSSL_PUBLIC_MP)
#if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
defined(WOLFSSL_PUBLIC_MP))
idx = (word32)ret;
XMEMSET(plain, 0, plainSz);
do {
@@ -15264,8 +15261,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
}
FreeDecodedCert(cert);
#else
(void)bytes;
#endif
#ifdef WOLFSSL_CERT_EXT
@@ -15628,50 +15623,52 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
exit_rsa:
#ifdef WOLFSSL_SMALL_STACK
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
if (keypub != NULL) {
wc_FreeRsaKey(keypub);
XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#if defined(HAVE_NTRU)
#endif
#if defined(HAVE_NTRU)
if (caKey != NULL) {
wc_FreeRsaKey(caKey);
XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#ifdef WOLFSSL_TEST_CERT
#endif
#ifdef WOLFSSL_TEST_CERT
if (cert != NULL)
XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#else
wc_FreeRsaKey(key);
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
wc_FreeRsaKey(keypub);
#endif
#if defined(HAVE_NTRU)
#endif
#if defined(HAVE_NTRU)
wc_FreeRsaKey(caKey);
#endif
#endif
#endif
#endif /* WOLFSSL_SMALL_STACK */
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
FREE_VAR(in, HEAP_HINT);
FREE_VAR(out, HEAP_HINT);
FREE_VAR(plain, HEAP_HINT);
#endif
(void)res;
(void)bytes;
(void)in;
(void)out;
(void)plain;
(void)inLen;
(void)outSz;
(void)plainSz;
/* ret can be greater then 0 with certgen but all negative values should
* be returned and treated as an error */
@@ -16056,6 +16053,7 @@ static int dh_test_check_pubvalue(void)
#define FFDHE_KEY_SIZE (2048/8)
#endif
#ifndef WC_NO_RNG
static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
{
int ret;
@@ -16214,7 +16212,7 @@ done:
return ret;
}
#endif /* !WC_NO_RNG */
#endif /* HAVE_FFDHE */
WOLFSSL_TEST_SUBROUTINE int dh_test(void)
@@ -16222,7 +16220,9 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
int ret;
word32 bytes;
word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
#ifndef WC_NO_RNG
WC_RNG rng;
#endif
int keyInit = 0;
#define DH_TEST_TMP_SIZE 1024
@@ -16231,28 +16231,34 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
#else
#define DH_TEST_BUF_SIZE 512
#endif
#ifndef WC_NO_RNG
word32 agreeSz = DH_TEST_BUF_SIZE;
word32 agreeSz2 = DH_TEST_BUF_SIZE;
#endif
#ifdef WOLFSSL_SMALL_STACK
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
DhKey key[1];
DhKey key2[1];
byte tmp[DH_TEST_TMP_SIZE];
#endif
#ifndef WC_NO_RNG
#ifdef WOLFSSL_SMALL_STACK
byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((tmp == NULL) || (priv == NULL) || (pub == NULL) ||
(priv2 == NULL) || (pub2 == NULL) || (agree == NULL) ||
(agree2 == NULL))
if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
agree == NULL || agree2 == NULL) {
ERROR_OUT(-8100, done);
}
#else
DhKey key[1];
DhKey key2[1];
byte tmp[DH_TEST_TMP_SIZE];
byte priv[DH_TEST_BUF_SIZE];
byte pub[DH_TEST_BUF_SIZE];
byte priv2[DH_TEST_BUF_SIZE];
@@ -16260,6 +16266,13 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
byte agree[DH_TEST_BUF_SIZE];
byte agree2[DH_TEST_BUF_SIZE];
#endif
#endif /* !WC_NO_RNG */
#ifdef WOLFSSL_SMALL_STACK
if (key == NULL || key2 == NULL || tmp == NULL) {
ERROR_OUT(-8100, done);
}
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
@@ -16298,7 +16311,10 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
privSz = DH_TEST_BUF_SIZE;
privSz2 = DH_TEST_BUF_SIZE;
#ifndef WC_NO_RNG
XMEMSET(&rng, 0, sizeof(rng));
#endif
/* Use API for coverage. */
ret = wc_InitDhKey(key);
if (ret != 0) {
@@ -16339,6 +16355,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
}
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
@@ -16383,6 +16400,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
ERROR_OUT(-8115, done);
}
#endif /* !WC_NO_RNG */
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
@@ -16444,6 +16462,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
}
#endif /* WOLFSSL_DH_EXTRA */
#ifndef WC_NO_RNG
ret = dh_generate_test(&rng);
if (ret != 0)
ERROR_OUT(-8126, done);
@@ -16451,6 +16470,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
ret = dh_fips_generate_test(&rng);
if (ret != 0)
ERROR_OUT(-8127, done);
#endif /* !WC_NO_RNG */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ret = dh_test_check_pubvalue();
@@ -16458,6 +16478,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
ERROR_OUT(-8128, done);
#endif
#ifndef WC_NO_RNG
/* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */
#ifdef HAVE_FFDHE_2048
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
@@ -16469,12 +16490,13 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
if (ret != 0)
ERROR_OUT(-8130, done);
#endif
#endif /* !WC_NO_RNG */
wc_FreeDhKey(key);
keyInit = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK)
!defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
/* Test Check Key */
ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
NULL, 0, 0, &rng);
@@ -16485,7 +16507,9 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
done:
#ifndef WC_NO_RNG
wc_FreeRng(&rng);
#endif
#ifdef WOLFSSL_SMALL_STACK
if (key) {
@@ -16517,6 +16541,11 @@ done:
wc_FreeDhKey(key2);
#endif
(void)privSz;
(void)pubSz;
(void)pubSz2;
(void)privSz2;
return ret;
#undef DH_TEST_BUF_SIZE
#undef DH_TEST_TMP_SIZE
@@ -20646,7 +20675,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key pub[1];
#endif
byte exportBuf[ECC_BUFSIZE];
@@ -20774,7 +20803,8 @@ static int ecc_test_make_pub(WC_RNG* rng)
}
#endif
#ifdef HAVE_ECC_SIGN
#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
tmpSz = ECC_BUFSIZE;
ret = 0;
do {
@@ -20819,7 +20849,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
#endif /* HAVE_ECC_SIGN */
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
/* now test private only key with creating a shared secret */
x = ECC_BUFSIZE;
ret = wc_ecc_export_private_only(key, exportBuf, &x);
@@ -20875,7 +20905,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
ERROR_OUT(-9870, done);
}
TEST_SLEEP();
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
ret = 0;
@@ -20903,7 +20933,7 @@ done:
return ret;
}
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
static int ecc_test_key_decode(WC_RNG* rng, int keySize)
{
int ret;
@@ -20984,7 +21014,7 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize)
#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
#endif /* HAVE_ECC_KEY_IMPORT */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
static int ecc_test_key_gen(WC_RNG* rng, int keySize)
{
int ret = 0;
@@ -21085,7 +21115,7 @@ done:
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
int curve_id, const ecc_set_type* dp)
{
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
@@ -21095,7 +21125,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
word32 x = 0;
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
word32 y;
#endif
@@ -21109,18 +21139,20 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
#endif /* HAVE_ECC_SIGN */
int ret;
#ifdef WOLFSSL_SMALL_STACK
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
*userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
*pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key userA[1],
userB[1],
pubKey[1];
ecc_key userA[1];
ecc_key userB[1];
ecc_key pubKey[1];
#endif
#ifndef WC_NO_RNG
int curveSize;
#endif
#ifdef DECLARE_VAR_IS_HEAP_ALLOC
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
if (sharedA == NULL || sharedB == NULL)
ERROR_OUT(-9900, done);
@@ -21173,6 +21205,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
}
#endif
#ifndef WC_NO_RNG
ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -21290,7 +21323,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
wc_ecc_set_flags(userA, 0);
wc_ecc_set_flags(userB, 0);
#endif /* HAVE_ECC_CDH */
#endif /* WOLFSSL_ATECC508A */
#endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
#ifdef HAVE_ECC_KEY_EXPORT
x = ECC_KEY_EXPORT_BUF_SIZE;
@@ -21367,15 +21400,20 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
TEST_SLEEP();
#endif /* HAVE_ECC_DHE */
#endif /* HAVE_COMP_KEY */
#endif /* WOLFSSL_ATECC508A */
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
#endif /* !WC_NO_RNG */
#endif /* HAVE_ECC_KEY_IMPORT */
#endif /* HAVE_ECC_KEY_EXPORT */
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))
#ifdef HAVE_ECC_SIGN
/* ECC w/out Shamir has issue with all 0 digest */
/* WC_BIGINT doesn't have 0 len well on hardware */
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT)
/* Cryptocell has issues with all 0 digest */
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
!defined(WOLFSSL_CRYPTOCELL)
/* test DSA sign hash with zeros */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = 0;
@@ -21412,7 +21450,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
TEST_SLEEP();
}
#endif /* HAVE_ECC_VERIFY */
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
/* test DSA sign hash with sequence (0,1,2,3,4,...) */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
@@ -21451,13 +21489,16 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
}
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WOLFSSL_ATECC508) && \
!defined(WOLFSSL_ATECC608A)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A)
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_private_only(userA, exportBuf, &x);
if (ret != 0)
ERROR_OUT(-9942, done);
#else
(void)exportBuf;
#endif /* HAVE_ECC_KEY_EXPORT */
done:
@@ -21493,6 +21534,10 @@ done:
FREE_VAR(digest, HEAP_HINT);
#endif
(void)keySize;
(void)curve_id;
(void)rng;
return ret;
}
@@ -21526,7 +21571,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(NO_ASN_CRYPT)
!defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
ret = ecc_test_key_decode(rng, keySize);
if (ret < 0) {
if (ret == ECC_CURVE_OID_E) {
@@ -21539,7 +21584,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
}
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
ret = ecc_test_key_gen(rng, keySize);
if (ret < 0) {
if (ret == ECC_CURVE_OID_E) {
@@ -22053,7 +22098,7 @@ done:
}
#endif
#ifdef HAVE_ECC_DHE
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
{
int ret;
@@ -22099,7 +22144,7 @@ static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
TEST_SLEEP();
return 0;
}
#endif /* HAVE_ECC_DHE */
#endif /* HAVE_ECC_DHE && !WC_NO_RNG */
#endif
static int ecc_def_curve_test(WC_RNG *rng)
@@ -22110,6 +22155,9 @@ static int ecc_def_curve_test(WC_RNG *rng)
#else
ecc_key key[1];
#endif
#ifdef WC_NO_RNG
word32 idx = 0;
#endif
#ifdef WOLFSSL_SMALL_STACK
if (key == NULL)
@@ -22130,9 +22178,16 @@ static int ecc_def_curve_test(WC_RNG *rng)
goto done;
}
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#else
/* use test ECC key */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
(word32)sizeof_ecc_key_der_256);
(void)rng;
#endif
if (ret != 0) {
ret = -10092;
@@ -22158,7 +22213,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
if (ret < 0)
goto done;
#endif
#ifdef HAVE_ECC_DHE
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
@@ -22729,16 +22784,26 @@ static int ecc_test_allocator(WC_RNG* rng)
{
int ret = 0;
ecc_key* key;
#ifdef WC_NO_RNG
word32 idx = 0;
#endif
key = wc_ecc_key_new(HEAP_HINT);
if (key == NULL) {
ERROR_OUT(-10150, exit);
}
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
if (ret != 0) {
ERROR_OUT(-10151, exit);
}
#else
/* use test ECC key */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
(word32)sizeof_ecc_key_der_256);
(void)rng;
#endif
exit:
wc_ecc_key_free(key);
@@ -23599,6 +23664,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
if (ret != 0)
ERROR_OUT(-10423, done);
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
@@ -23615,6 +23681,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
ERROR_OUT(-10425, done);
}
#endif
#endif /* !WC_NO_RNG */
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
{
+4
View File
@@ -295,14 +295,18 @@
<ClCompile Include="wolfcrypt\src\cmac.c" />
<ClCompile Include="wolfcrypt\src\coding.c" />
<ClCompile Include="wolfcrypt\src\curve25519.c" />
<ClCompile Include="wolfcrypt\src\curve448.c" />
<ClCompile Include="wolfcrypt\src\cpuid.c" />
<ClCompile Include="wolfcrypt\src\des3.c" />
<ClCompile Include="wolfcrypt\src\dh.c" />
<ClCompile Include="wolfcrypt\src\dsa.c" />
<ClCompile Include="wolfcrypt\src\ecc.c" />
<ClCompile Include="wolfcrypt\src\ed25519.c" />
<ClCompile Include="wolfcrypt\src\ed448.c" />
<ClCompile Include="wolfcrypt\src\error.c" />
<ClCompile Include="wolfcrypt\src\fe_448.c" />
<ClCompile Include="wolfcrypt\src\fe_operations.c" />
<ClCompile Include="wolfcrypt\src\ge_448.c" />
<ClCompile Include="wolfcrypt\src\ge_low_mem.c" />
<ClCompile Include="wolfcrypt\src\ge_operations.c" />
<ClCompile Include="wolfcrypt\src\hash.c" />
+2 -1
View File
@@ -170,7 +170,8 @@ enum wolfSSL_ErrorCodes {
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */
+8 -5
View File
@@ -59,6 +59,9 @@
#ifdef HAVE_POLY1305
#include <wolfssl/wolfcrypt/poly1305.h>
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif
#ifdef HAVE_CAMELLIA
#include <wolfssl/wolfcrypt/camellia.h>
#endif
@@ -1870,7 +1873,7 @@ WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int haveRSAsig, int haveAnon,
int tls1_2, int keySz);
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
word16, word16, word16, word16, word16, int);
word16, word16, word16, word16, word16, word16, int);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
@@ -2834,6 +2837,7 @@ struct WOLFSSL_CTX {
byte sessionCtxSz;
byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
CallbackInfoState* CBIS; /* used to get info about SSL state */
WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
#endif
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
@@ -2931,10 +2935,10 @@ struct WOLFSSL_CTX {
TicketEncCbCtx ticketKeyCtx;
#endif
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
#endif
#endif
#ifdef ATOMIC_USER
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
@@ -3534,9 +3538,7 @@ typedef struct Options {
#ifdef HAVE_POLY1305
word16 oldPoly:1; /* set when to use old rfc way of poly*/
#endif
#ifdef HAVE_ANON
word16 haveAnon:1; /* User wants to allow Anon suites */
#endif
#ifdef HAVE_SESSION_TICKET
word16 createTicket:1; /* Server to create new Ticket */
word16 useTicket:1; /* Use Ticket not session cache */
@@ -4365,11 +4367,12 @@ struct WOLFSSL {
#ifdef WOLFSSL_EARLY_DATA
EarlyDataState earlyData;
word32 earlyDataSz;
byte earlyDataStatus;
#endif
#ifdef OPENSSL_ALL
long verifyCallbackResult;
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#if defined(OPENSSL_EXTRA)
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
#endif
+1
View File
@@ -68,6 +68,7 @@
#define BIO_set_fp wolfSSL_BIO_set_fp
#define BIO_get_fp wolfSSL_BIO_get_fp
#define BIO_seek wolfSSL_BIO_seek
#define BIO_tell wolfSSL_BIO_tell
#define BIO_write_filename wolfSSL_BIO_write_filename
#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return
+2 -1
View File
@@ -52,13 +52,14 @@ typedef struct WOLFSSL_MD5_CTX {
WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
typedef WOLFSSL_MD5_CTX MD5_CTX;
#define MD5_Init wolfSSL_MD5_Init
#define MD5_Update wolfSSL_MD5_Update
#define MD5_Final wolfSSL_MD5_Final
#define MD5_Transform wolfSSL_MD5_Transform
#ifdef OPENSSL_EXTRA_BSD
#define MD5Init wolfSSL_MD5_Init
+27 -6
View File
@@ -52,12 +52,14 @@ typedef struct WOLFSSL_SHA_CTX {
WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*,
const unsigned char *data);
/* SHA1 points to above, shouldn't use SHA0 ever */
WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*,
const unsigned char *data);
enum {
SHA_DIGEST_LENGTH = 20
};
@@ -68,6 +70,13 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA_Init wolfSSL_SHA_Init
#define SHA_Update wolfSSL_SHA_Update
#define SHA_Final wolfSSL_SHA_Final
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* SHA is only available in non-fips mode or fips version > 2 mode
* because of SHA enum in FIPS build. */
#define SHA wolfSSL_SHA1
#endif
#define SHA1_Init wolfSSL_SHA1_Init
#define SHA1_Update wolfSSL_SHA1_Update
@@ -99,6 +108,13 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
#define SHA224_Init wolfSSL_SHA224_Init
#define SHA224_Update wolfSSL_SHA224_Update
#define SHA224_Final wolfSSL_SHA224_Final
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* SHA224 is only available in non-fips mode or fips version > 2 mode
* because of SHA224 enum in FIPS build. */
#define SHA224 wolfSSL_SHA224
#endif
#endif /* WOLFSSL_SHA224 */
@@ -113,9 +129,10 @@ typedef struct WOLFSSL_SHA256_CTX {
WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
unsigned long);
unsigned long);
WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*,
const unsigned char *data);
enum {
SHA256_DIGEST_LENGTH = 32
};
@@ -126,6 +143,8 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
#define SHA256_Init wolfSSL_SHA256_Init
#define SHA256_Update wolfSSL_SHA256_Update
#define SHA256_Final wolfSSL_SHA256_Final
#define SHA256_Transform wolfSSL_SHA256_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
@@ -171,9 +190,10 @@ typedef struct WOLFSSL_SHA512_CTX {
WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
unsigned long);
unsigned long);
WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*,
const unsigned char*);
enum {
SHA512_DIGEST_LENGTH = 64
};
@@ -184,6 +204,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
#define SHA512_Init wolfSSL_SHA512_Init
#define SHA512_Update wolfSSL_SHA512_Update
#define SHA512_Final wolfSSL_SHA512_Final
#define SHA512_Transform wolfSSL_SHA512_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS
* build. */
+21
View File
@@ -410,6 +410,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_free wolfSSL_X509_free
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
#define X509_digest wolfSSL_X509_digest
#define X509_pubkey_digest wolfSSL_X509_pubkey_digest
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
@@ -558,6 +559,12 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS
#define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT
#define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE
#define X509_VP_FLAG_RESET_FLAGS WOLFSSL_VPARAM_RESET_FLAGS
#define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED
#define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
@@ -605,6 +612,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags
#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
#define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1
#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
@@ -622,6 +630,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
#define X509_CRL_verify wolfSSL_X509_CRL_verify
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define X509_load_crl_file wolfSSL_X509_load_crl_file
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
@@ -1071,6 +1080,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_min_proto_version wolfSSL_CTX_set_min_proto_version
#define SSL_CTX_set_max_proto_version wolfSSL_CTX_set_max_proto_version
#define SSL_CTX_get_min_proto_version wolfSSL_CTX_get_min_proto_version
#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts
@@ -1127,6 +1137,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL3_AD_BAD_CERTIFICATE bad_certificate
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name
#define SSL_AD_NO_RENEGOTIATION no_renegotiation
#define SSL_AD_INTERNAL_ERROR 80
#define ASN1_STRFLGS_ESC_MSB 4
@@ -1167,6 +1180,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL3_AL_FATAL 2
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
#define SSL_TLSEXT_ERR_ALERT_WARNING alert_warning
#define SSL_TLSEXT_ERR_NOACK alert_warning
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
@@ -1306,6 +1320,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define SSL_CTX_get0_param wolfSSL_CTX_get0_param
#define SSL_CTX_set1_param wolfSSL_CTX_set1_param
#define SSL_get_srp_username wolfSSL_get_srp_username
#define ERR_NUM_ERRORS 16
@@ -1317,6 +1333,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#if defined(WOLFSSL_EARLY_DATA)
#define SSL_get_early_data_status wolfSSL_get_early_data_status
#endif
#endif /* OPENSSL_EXTRA */
/* cipher suites for compatibility */
+31 -4
View File
@@ -563,8 +563,16 @@ struct WOLFSSL_X509_STORE {
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_VPARAM_DEFAULT 0x1
#define WOLFSSL_VPARAM_OVERWRITE 0x2
#define WOLFSSL_VPARAM_RESET_FLAGS 0x4
#define WOLFSSL_VPARAM_LOCKED 0x8
#define WOLFSSL_VPARAM_ONCE 0x10
struct WOLFSSL_X509_VERIFY_PARAM {
time_t check_time;
unsigned int inherit_flags;
unsigned long flags;
char hostName[WOLFSSL_HOST_NAME_MAX];
unsigned int hostFlags;
@@ -878,7 +886,9 @@ WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
#endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm);
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
@@ -938,6 +948,11 @@ WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
#ifdef WOLFSSL_EARLY_DATA
#define WOLFSSL_EARLY_DATA_NOT_SENT 0
#define WOLFSSL_EARLY_DATA_REJECTED 1
#define WOLFSSL_EARLY_DATA_ACCEPTED 2
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
unsigned int sz);
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
@@ -945,6 +960,7 @@ WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
int sz, int* outSz);
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
int* outSz);
WOLFSSL_API int wolfSSL_get_early_data_status(const WOLFSSL* ssl);
#endif /* WOLFSSL_EARLY_DATA */
#endif /* WOLFSSL_TLS13 */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
@@ -1338,6 +1354,7 @@ WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
WOLFSSL_API int wolfSSL_BIO_tell(WOLFSSL_BIO* bio);
WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
@@ -1545,6 +1562,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* p
unsigned int nameSz);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(
WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
const WOLFSSL_X509_VERIFY_PARAM* from);
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
#endif
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
@@ -2116,8 +2137,8 @@ WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
const unsigned char*, unsigned int);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
#endif
@@ -2255,6 +2276,8 @@ WOLFSSL_API WOLFSSL_X509*
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **crl);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
#endif
@@ -3480,6 +3503,8 @@ WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx,
WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx);
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
WOLFSSL_API int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len);
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
@@ -3554,6 +3579,7 @@ WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
@@ -3615,6 +3641,7 @@ WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
@@ -3990,9 +4017,9 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
const WOLFSSL_ASN1_INTEGER *a);
#ifdef HAVE_SESSION_TICKET
WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
typedef int (*ticketCompatCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc);
WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, ticketCompatCb);
#endif
#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+26
View File
@@ -4088,4 +4088,30 @@ static WC_INLINE word16 GetRandomPort(void)
return port;
}
#ifdef WOLFSSL_EARLY_DATA
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
{
int earlyData_status;
earlyData_status = wolfSSL_get_early_data_status(ssl);
if (earlyData_status < 0) return;
printf("Early Data was ");
switch(earlyData_status) {
case WOLFSSL_EARLY_DATA_NOT_SENT:
printf("not sent.\n");
break;
case WOLFSSL_EARLY_DATA_REJECTED:
printf("rejected.\n");
break;
case WOLFSSL_EARLY_DATA_ACCEPTED:
printf("accepted\n");
break;
default:
printf("unknown...\n");
}
}
#endif /* WOLFSSL_EARLY_DATA */
#endif /* wolfSSL_TEST_H */
+12
View File
@@ -977,6 +977,14 @@ struct DecodedCert {
#endif
};
/* ASN Encoded Name field */
typedef struct EncodedName {
int nameLen; /* actual string value length */
int totalLen; /* total encoded length */
int type; /* type of name */
int used; /* are we actually using this one */
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
} EncodedName;
#ifdef NO_SHA
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
@@ -1163,6 +1171,8 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
@@ -1390,6 +1400,8 @@ struct OcspEntry
byte* rawCertId; /* raw bytes of the CertID */
int rawCertIdSize; /* num bytes in raw CertID */
/* option bits - using 32-bit for alignment */
word32 ownStatus:1; /* do we need to free the status
* response list */
word32 isDynamic:1; /* was dynamically allocated */
};
+6 -1
View File
@@ -88,7 +88,7 @@ enum wc_HashFlags {
#endif
};
#ifndef NO_HASH_WRAPPER
typedef union {
#ifndef NO_MD5
wc_Md5 md5;
@@ -112,6 +112,7 @@ typedef union {
wc_Sha3 sha3;
#endif
} wc_HashAlg;
#endif /* !NO_HASH_WRAPPER */
/* Find largest possible digest size
Note if this gets up to the size of 80 or over check smallstack build */
@@ -151,6 +152,8 @@ WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType);
#ifndef NO_HASH_WRAPPER
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
@@ -215,6 +218,8 @@ WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32);
#endif
#endif /* WOLFSSL_SHA3 */
#endif /* !NO_HASH_WRAPPER */
enum max_prf {
#ifdef HAVE_FFDHE_8192
MAX_PRF_HALF = 516, /* Maximum half secret len */
+2 -1
View File
@@ -227,7 +227,8 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
/* ---> Basic Manipulations <--- */
#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
#define mp_isone(a) \
(((((a)->used == 1)) && ((a)->dp[0] == 1u)) ? MP_YES : MP_NO)
(((((a)->used == 1)) && ((a)->dp[0] == 1u) && ((a)->sign == MP_ZPOS)) \
? MP_YES : MP_NO)
#define mp_iseven(a) \
(((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO)
#define mp_isodd(a) \
+7 -1
View File
@@ -42,9 +42,12 @@
extern "C" {
#endif
#if !defined(NO_OLD_MD5_NAME)
#define MD5 WC_MD5
#endif
#ifndef NO_OLD_WC_NAMES
#define Md5 wc_Md5
#define MD5 WC_MD5
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
@@ -109,6 +112,9 @@ WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
WOLFSSL_API void wc_Md5Free(wc_Md5*);
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*);
#endif
WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*);
WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
@@ -89,11 +89,13 @@ uint64_t wc_esp32elapsedTime();
/* RAW hash function APIs are not implemented with esp32 hardware acceleration*/
#define WOLFSSL_NO_HASH_RAW
#define SHA_CTX ETS_SHAContext
#if ESP_IDF_VERSION_MAJOR >= 4
#include "esp32/rom/sha.h"
#else
#include "rom/sha.h"
#endif
#undef SHA_CTX
typedef enum {
ESP32_SHA_INIT = 0,
+46 -46
View File
@@ -1,47 +1,47 @@
/* port/ti/ti_ccm.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* port/ti/ti_ccm.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLF_CRYPT_TI_CCM_H
#define WOLF_CRYPT_TI_CCM_H
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
int wolfSSL_TI_CCMInit(void) ;
#ifndef SINGLE_THREADED
void wolfSSL_TI_lockCCM(void) ;
void wolfSSL_TI_unlockCCM(void) ;
#else
#define wolfSSL_TI_lockCCM()
#define wolfSSL_TI_unlockCCM()
#endif
#endif
#endif
#ifndef WOLF_CRYPT_TI_CCM_H
#define WOLF_CRYPT_TI_CCM_H
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
int wolfSSL_TI_CCMInit(void) ;
#ifndef SINGLE_THREADED
void wolfSSL_TI_lockCCM(void) ;
void wolfSSL_TI_unlockCCM(void) ;
#else
#define wolfSSL_TI_lockCCM()
#define wolfSSL_TI_unlockCCM()
#endif
#endif
#endif
+13 -5
View File
@@ -1796,7 +1796,9 @@ extern void uITRON4_free(void *p) ;
/* ECC Configs */
#ifdef HAVE_ECC
/* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
#ifndef NO_ECC_SIGN
#if !defined(NO_ECC_SIGN) && \
(!defined(ECC_TIMING_RESISTANT) || \
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
#undef HAVE_ECC_SIGN
#define HAVE_ECC_SIGN
#endif
@@ -1808,7 +1810,7 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_ECC_CHECK_KEY
#define HAVE_ECC_CHECK_KEY
#endif
#ifndef NO_ECC_DHE
#if !defined(NO_ECC_DHE) && !defined(WC_NO_RNG)
#undef HAVE_ECC_DHE
#define HAVE_ECC_DHE
#endif
@@ -2094,8 +2096,9 @@ extern void uITRON4_free(void *p) ;
#if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
#error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
#endif
#if !defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
#error static memory requires fast math please define USE_FAST_MATH
#if !defined(WOLFSSL_SP_NO_MALLOC) && \
!defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
#error The static memory option is only supported for fast math or SP with no malloc
#endif
#ifdef WOLFSSL_SMALL_STACK
#error static memory does not support small stack please undefine
@@ -2271,9 +2274,14 @@ extern void uITRON4_free(void *p) ;
#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
/* added to have compatibility with SHA256() */
#if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)
#if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
#define NO_OLD_SHA_NAMES
#endif
#if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
#define NO_OLD_MD5_NAME
#endif
#endif
/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
+3
View File
@@ -169,6 +169,9 @@ WOLFSSL_API void wc_ShaFree(wc_Sha*);
WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
+7 -2
View File
@@ -198,7 +198,9 @@ WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*);
#endif
WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
@@ -216,9 +218,12 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#if !defined(NO_OLD_SHA_NAMES)
#define SHA224 WC_SHA224
#endif
#ifndef NO_OLD_WC_NAMES
#define Sha224 wc_Sha224
#define SHA224 WC_SHA224
#define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
#define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE
+3
View File
@@ -180,6 +180,9 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
#endif
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
#endif
#endif /* WOLFSSL_SHA512 */
#if defined(WOLFSSL_SHA384)
+11 -6
View File
@@ -655,9 +655,9 @@ typedef struct sp_ecc_ctx {
#endif
/** Radix is base 10 or decimal. */
#define MP_RADIX_DEC 10
#define MP_RADIX_DEC 10
/** Radix is base 16 or hexadecimal. */
#define MP_RADIX_HEX 16
#define MP_RADIX_HEX 16
/** Result of comparison is that the first number is greater than second. */
#define MP_GT 1
@@ -666,16 +666,21 @@ typedef struct sp_ecc_ctx {
/** Result of comparison is that the first number is less than second. */
#define MP_LT -1
/* ERROR VALUES */
/** Error value on success. */
#define MP_OKAY 0
#define MP_OKAY 0
/** Error value when dynamic memory allocation fails. */
#define MP_MEM -2
#define MP_MEM -2
/** Error value when value passed is not able to be used. */
#define MP_VAL -3
#define MP_VAL -3
/** Error value when non-blocking operation is returning after partial
* completion.
*/
#define FP_WOULDBLOCK -4
#define FP_WOULDBLOCK -4
/* Unused error. Defined for backward compatability. */
#define MP_NOT_INF -5
/* Unused error. Defined for backward compatability. */
#define MP_RANGE MP_NOT_INF
/* Number of bits in each word/digit. */
#define DIGIT_BIT SP_WORD_SIZE
+1 -1
View File
@@ -246,7 +246,7 @@ WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);
*
* The public ephemeral value is known as:
* A at the client side. A = g ^ a % N
* B at the server side. B = (k * v + (g ˆ b % N)) % N
* B at the server side. B = (k * v + (g ^ b % N)) % N
* This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
*
* @param[in,out] srp the Srp structure.
+9 -6
View File
@@ -422,13 +422,16 @@ MP_API void fp_free(fp_int* a);
/* zero/one/even/odd/neg/word ? */
#define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO)
#define fp_isone(a) \
((((a)->used == 1) && ((a)->dp[0] == 1)) ? FP_YES : FP_NO)
#define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
#define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
#define fp_isneg(a) (((a)->sign != 0) ? FP_YES : FP_NO)
#define fp_isword(a, w) \
((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \
((((a)->used == 1) && ((a)->dp[0] == 1) && ((a)->sign == FP_ZPOS)) \
? FP_YES : FP_NO)
#define fp_iseven(a) \
(((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
#define fp_isodd(a) \
(((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
#define fp_isneg(a) (((a)->sign != FP_ZPOS) ? FP_YES : FP_NO)
#define fp_isword(a, w) \
(((((a)->used == 1) && ((a)->dp[0] == w)) || \
((w == 0) && ((a)->used == 0))) ? FP_YES : FP_NO)
/* set to a small digit */
void fp_set(fp_int *a, fp_digit b);