mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-09 09:20:52 +02:00
Merge remote-tracking branch 'upstream/master' into os_ecdh
# Conflicts: # tests/api.c
This commit is contained in:
+170
-86
@@ -182,7 +182,7 @@ find_package(Threads)
|
||||
|
||||
# Support for disabling all ASM
|
||||
set(WOLFSSL_ASM_HELP_STRING "Enables option for assembly (default: enabled)")
|
||||
option(WOLFSSL_ASM ${WOLFSSL_ASM_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ASM" ${WOLFSSL_ASM_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_ASM)
|
||||
list(APPEND WOLFSSL_DEFINITIONS
|
||||
@@ -192,7 +192,7 @@ endif()
|
||||
|
||||
# Single threaded
|
||||
set(WOLFSSL_SINGLE_THREADED_HELP_STRING "Enable wolfSSL single threaded (default: disabled)")
|
||||
option(WOLFSSL_SINGLE_THREADED ${WOLFSSL_SINGLE_THREADED_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_SINGLE_THREADED" ${WOLFSSL_SINGLE_THREADED_HELP_STRING} "no" "yes;no")
|
||||
|
||||
# TODO: Logic here isn't complete, yet (see AX_PTHREAD)
|
||||
if(NOT WOLFSSL_SINGLE_THREADED)
|
||||
@@ -209,7 +209,7 @@ endif()
|
||||
|
||||
# TLS v1.3
|
||||
set(WOLFSSL_TLS13_HELP_STRING "Enable wolfSSL TLS v1.3 (default: enabled)")
|
||||
option(WOLFSSL_TLS13 ${WOLFSSL_TLS13_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_TLS13" ${WOLFSSL_TLS13_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if("${FIPS_VERSION}" STREQUAL "v1")
|
||||
override_cache(WOLFSSL_TLS13 "no")
|
||||
@@ -220,7 +220,7 @@ endif()
|
||||
|
||||
# RNG
|
||||
set(WOLFSSL_RNG_HELP_STRING "Enable compiling and using RNG (default: enabled)")
|
||||
option(WOLFSSL_RNG ${WOLFSSL_RNG_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_RNG" ${WOLFSSL_RNG_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_RNG)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RNG")
|
||||
@@ -247,7 +247,7 @@ endif()
|
||||
|
||||
# Harden, enable Timing Resistance and Blinding by default
|
||||
set(WOLFSSL_HARDEN_HELP_STRING "Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)")
|
||||
option(WOLFSSL_HARDEN ${WOLFSSL_HARDEN_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_HARDEN" ${WOLFSSL_HARDEN_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_HARDEN)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DTFM_TIMING_RESISTANT" "-DECC_TIMING_RESISTANT")
|
||||
@@ -279,7 +279,7 @@ set(WOLFSSL_SLOW_MATH "yes")
|
||||
|
||||
# AES-CBC
|
||||
set(WOLFSSL_AESCBC_HELP_STRING "Enable wolfSSL AES-CBC support (default: enabled)")
|
||||
option(WOLFSSL_AESCBC ${WOLFSSL_AESCBC_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_AESCBC" ${WOLFSSL_AESCBC_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_AESCBC)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES_CBC")
|
||||
@@ -287,8 +287,7 @@ endif()
|
||||
|
||||
# AES-GCM
|
||||
set(WOLFSSL_AESGCM_HELP_STRING "Enable wolfSSL AES-GCM support (default: enabled)")
|
||||
set(WOLFSSL_AESGCM "yes" CACHE STRING ${WOLFSSL_AESGCM_HELP_STRING})
|
||||
set_property(CACHE WOLFSSL_AESGCM PROPERTY STRINGS "yes" "no" "table" "small" "word32")
|
||||
add_option("WOLFSSL_AESGCM" ${WOLFSSL_AESGCM_HELP_STRING} "yes" "yes;no;table;small;word32")
|
||||
|
||||
# leanpsk and leantls don't need gcm
|
||||
if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
|
||||
@@ -331,9 +330,37 @@ endif()
|
||||
# - RIPEMD
|
||||
# - BLAKE2
|
||||
|
||||
|
||||
# SHA224
|
||||
set(SHA224_DEFAULT "no")
|
||||
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
|
||||
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
|
||||
if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
|
||||
(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
|
||||
set(SHA224_DEFAULT "yes")
|
||||
endif()
|
||||
endif()
|
||||
set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
|
||||
add_option("WOLFSSL_SHA224" ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT} "yes;no")
|
||||
|
||||
# SHA3
|
||||
set(SHA3_DEFAULT "no")
|
||||
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
|
||||
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
|
||||
if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
|
||||
set(SHA3_DEFAULT "yes")
|
||||
endif()
|
||||
endif()
|
||||
set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
|
||||
add_option("WOLFSSL_SHA3" ${WOLFSSL_SHA3_HELP_STRING} ${SHA3_DEFAULT} "yes;no;small")
|
||||
|
||||
# SHAKE256
|
||||
set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
|
||||
add_option("WOLFSSL_SHAKE256" ${WOLFSSL_SHAKE256_HELP_STRING} "no" "yes;no;small")
|
||||
|
||||
# SHA512
|
||||
set(WOLFSSL_SHA512_HELP_STRING "Enable wolfSSL SHA-512 support (default: enabled)")
|
||||
option(WOLFSSL_SHA512 ${WOLFSSL_SHA512_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_SHA512" ${WOLFSSL_SHA512_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
# options that don't require sha512
|
||||
if(WOLFSSL_LEAN_PSK OR
|
||||
@@ -356,7 +383,7 @@ endif()
|
||||
|
||||
# SHA384
|
||||
set(WOLFSSL_SHA384_HELP_STRING "Enable wolfSSL SHA-384 support (default: enabled)")
|
||||
option(WOLFSSL_SHA384 ${WOLFSSL_SHA384_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_SHA384" ${WOLFSSL_SHA384_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
# options that don't require sha384
|
||||
if(WOLFSSL_LEAN_PSK OR
|
||||
@@ -387,7 +414,7 @@ endif()
|
||||
|
||||
# HKDF
|
||||
set(WOLFSSL_HKDF_HELP_STRING "Enable HKDF (HMAC-KDF) support (default: disabled)")
|
||||
option(WOLFSSL_HKDF ${WOLFSSL_HKDF_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_HKDF" ${WOLFSSL_HKDF_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(WOLFSSL_TLS13)
|
||||
override_cache(WOLFSSL_HKDF "yes")
|
||||
@@ -401,7 +428,7 @@ endif()
|
||||
|
||||
# DSA
|
||||
set(WOLFSSL_DSA_HELP_STRING "Enable DSA (default: disabled)")
|
||||
option(WOLFSSL_DSA ${WOLFSSL_DSA_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_DSA" ${WOLFSSL_DSA_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_DSA AND NOT WOLFSSL_OPENSSH)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_DSA")
|
||||
@@ -409,12 +436,11 @@ endif()
|
||||
|
||||
# ECC Shamir
|
||||
set(WOLFSSL_ECCSHAMIR_HELP_STRING "Enable ECC Shamir (default: enabled)")
|
||||
option(WOLFSSL_ECCSHAMIR ${WOLFSSL_ECCSHAMIR_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ECCSHAMIR" ${WOLFSSL_ECCSHAMIR_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
# ECC
|
||||
set(WOLFSSL_ECC_HELP_STRING "Enable ECC (default: enabled)")
|
||||
set(WOLFSSL_ECC "yes" CACHE STRING ${WOLFSSL_ECC_HELP_STRING})
|
||||
set_property(CACHE WOLFSSL_ECC PROPERTY STRINGS "yes" "no" "nonblock")
|
||||
add_option("WOLFSSL_ECC" ${WOLFSSL_ECC_HELP_STRING} "yes" "yes;no;nonblock")
|
||||
|
||||
# lean psk doesn't need ecc
|
||||
if(WOLFSSL_LEAN_PSK)
|
||||
@@ -441,18 +467,105 @@ endif()
|
||||
|
||||
# TODO: - ECC custom curves
|
||||
# - Compressed key
|
||||
# - CURVE25519
|
||||
# - ED25519
|
||||
# - CURVE448
|
||||
# - ED448
|
||||
# - FP ECC, fixed point cache ECC
|
||||
# - ECC encrypt
|
||||
# - PSK
|
||||
# - Single PSK identity
|
||||
|
||||
# CURVE25519
|
||||
set(WOLFSSL_CURVE25519_SMALL "no")
|
||||
set(WOLFSSL_CURVE25519_HELP_STRING "Enable Curve25519 (default: disabled)")
|
||||
add_option("WOLFSSL_CURVE25519" ${WOLFSSL_CURVE25519_HELP_STRING} "no" "yes;no;small;no128bit")
|
||||
|
||||
if(WOLFSSL_OPENSSH)
|
||||
override_cache(WOLFSSL_CURVE25519 "yes")
|
||||
endif()
|
||||
|
||||
if(WOLFSSL_CURVE25519)
|
||||
if("${WOLFSSL_CURVE25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DCURVE25519_SMALL")
|
||||
set(WOLFSSL_CURVE25519_SMALL "yes")
|
||||
endif()
|
||||
|
||||
if("${WOLFSSL_CURVE25519}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED25519_128BIT")
|
||||
endif()
|
||||
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE25519")
|
||||
set(WOLFSSL_FEMATH "yes")
|
||||
endif()
|
||||
|
||||
# ED25519
|
||||
set(WOLFSSL_ED25519_SMALL "no")
|
||||
set(WOLFSSL_ED25519_HELP_STRING "Enable ED25519 (default: disabled)")
|
||||
add_option("WOLFSSL_ED25519" ${WOLFSSL_ED25519_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(WOLFSSL_OPENSSH)
|
||||
override_cache(WOLFSSL_ED25519 "yes")
|
||||
endif()
|
||||
|
||||
if(WOLFSSL_ED25519 AND NOT WOLFSSL_32BIT)
|
||||
if("${WOLFSSL_ED25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DED25519_SMALL")
|
||||
set(WOLFSSL_ED25519_SMALL "yes")
|
||||
set(WOLFSSL_CURVE25519_SMALL "yes")
|
||||
endif()
|
||||
|
||||
if(NOT WOLFSSL_SHA512)
|
||||
message(FATAL_ERROR "cannot enable ed25519 without enabling sha512.")
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_FEMATH "yes")
|
||||
set(WOLFSSL_GEMATH "yes")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED25519")
|
||||
endif()
|
||||
|
||||
# CURVE448
|
||||
set(WOLFSSL_CURVE448_SMALL "no")
|
||||
set(WOLFSSL_CURVE448_HELP_STRING "Enable Curve448 (default: disabled)")
|
||||
add_option("WOLFSSL_CURVE448" ${WOLFSSL_CURVE448_HELP_STRING} "no" "yes;no;small")
|
||||
|
||||
if(WOLFSSL_CURVE448)
|
||||
if("${WOLFSSL_CURVE448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DCURVE448_SMALL")
|
||||
set(WOLFSSL_CURVE448_SMALL "yes")
|
||||
endif()
|
||||
|
||||
if("${WOLFSSL_CURVE448}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED448_128BIT")
|
||||
endif()
|
||||
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE448")
|
||||
set(WOLFSSL_FE448 "yes")
|
||||
endif()
|
||||
|
||||
# ED448
|
||||
set(WOLFSSL_ED448_SMALL "no")
|
||||
set(WOLFSSL_ED448_HELP_STRING "Enable ED448 (default: disabled)")
|
||||
add_option("WOLFSSL_ED448" ${WOLFSSL_ED448_HELP_STRING} "no" "yes;no;small")
|
||||
|
||||
if(WOLFSSL_ED448 AND NOT WOLFSSL_32BIT)
|
||||
if("${WOLFSSL_ED448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DED448_SMALL")
|
||||
set(WOLFSSL_ED448_SMALL "yes")
|
||||
set(WOLFSSL_CURVE448_SMALL "yes")
|
||||
endif()
|
||||
|
||||
if(NOT WOLFSSL_SHA512)
|
||||
message(FATAL_ERROR "cannot enable ed448 without enabling sha512.")
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_FE448 "yes")
|
||||
set(WOLFSSL_GE448 "yes")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED448")
|
||||
|
||||
# EdDSA448 requires SHAKE256 which requires SHA-3
|
||||
override_cache(WOLFSSL_SHAKE256 "yes")
|
||||
endif()
|
||||
|
||||
# Error strings
|
||||
set(WOLFSSL_ERROR_STRINGS_HELP_STRING "Enable error strings table (default: enabled)")
|
||||
option(WOLFSSL_ERROR_STRINGS ${WOLFSSL_ERROR_STRINGS_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ERROR_STRINGS" ${WOLFSSL_ERROR_STRINGS_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_ERROR_STRINGS)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_STRINGS")
|
||||
@@ -466,7 +579,7 @@ endif()
|
||||
|
||||
# Error queue
|
||||
set(WOLFSSL_ERROR_QUEUE_HELP_STRING "Enables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)")
|
||||
option(WOLFSSL_ERROR_QUEUE ${WOLFSSL_DISABLE_ERROR_QUEUE_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ERROR_QUEUE" ${WOLFSSL_ERROR_QUEUE_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_ERROR_QUEUE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_QUEUE")
|
||||
@@ -474,7 +587,7 @@ endif()
|
||||
|
||||
# Old TLS
|
||||
set(WOLFSSL_OLD_TLS_HELP_STRING "Enable old TLS versions < 1.2 (default: enabled)")
|
||||
option(WOLFSSL_OLD_TLS ${WOLFSSL_OLD_TLS_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_OLD_TLS" ${WOLFSSL_OLD_TLS_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_OLD_TLS)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_OLD_TLS")
|
||||
@@ -488,7 +601,7 @@ endif()
|
||||
|
||||
# TLSv1.2
|
||||
set(WOLFSSL_TLSV12_HELP_STRING "Enable TLS versions 1.2 (default: enabled)")
|
||||
option(WOLFSSL_TLSV12 ${WOLFSSL_TLSV12_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_TLSV12" ${WOLFSSL_TLSV12_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_TLSV12)
|
||||
list(APPEND WOLFSSL_DEFINITIONS
|
||||
@@ -503,7 +616,7 @@ endif()
|
||||
|
||||
# Memory
|
||||
set(WOLFSSL_MEMORY_HELP_STRING "Enable memory callbacks (default: enabled)")
|
||||
option(WOLFSSL_MEMORY ${WOLFSSL_MEMORY_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_MEMORY" ${WOLFSSL_MEMORY_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_MEMORY)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
|
||||
@@ -521,7 +634,7 @@ endif()
|
||||
|
||||
# RSA
|
||||
set(WOLFSSL_RSA_HELP_STRING "Enable RSA (default: enabled)")
|
||||
option(WOLFSSL_RSA ${WOLFSSL_RSA_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_RSA" ${WOLFSSL_RSA_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_RSA)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_RSA")
|
||||
@@ -534,7 +647,7 @@ endif()
|
||||
|
||||
# OAEP
|
||||
set(WOLFSSL_OAEP_HELP_STRING "Enable RSA OAEP (default: enabled)")
|
||||
option(WOLFSSL_OAEP ${WOLFSSL_OAEP_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_OAEP" ${WOLFSSL_OAEP_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_OAEP)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RSA_OAEP")
|
||||
@@ -545,7 +658,7 @@ endif()
|
||||
|
||||
# RSA-PSS
|
||||
set(WOLFSSL_RSA_PSS_HELP_STRING "Enable RSA-PSS (default: disabled)")
|
||||
option(WOLFSSL_RSA_PSS ${WOLFSSL_RSA_PSS_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_RSA_PSS" ${WOLFSSL_RSA_PSS_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_RSA)
|
||||
override_cache(WOLFSSL_RSA_PSS "no")
|
||||
@@ -560,7 +673,7 @@ endif()
|
||||
|
||||
# DH
|
||||
set(WOLFSSL_DH_HELP_STRING "Enable DH (default: enabled)")
|
||||
option(WOLFSSL_DH ${WOLFSSL_DH_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_DH" ${WOLFSSL_DH_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_OPENSSH)
|
||||
override_cache(WOLFSSL_DH "yes")
|
||||
@@ -581,7 +694,7 @@ endif()
|
||||
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
|
||||
# and no big int (unless dh is on)
|
||||
set(WOLFSSL_ASN_HELP_STRING "Enable ASN (default: enabled)")
|
||||
option(WOLFSSL_ASN ${WOLFSSL_ASN_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ASN" ${WOLFSSL_ASN_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_ASN)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_ASN" "-DNO_CERTS")
|
||||
@@ -626,7 +739,7 @@ endif()
|
||||
|
||||
# AES
|
||||
set(WOLFSSL_AES_HELP_STRING "Enable AES (default: enabled)")
|
||||
option(WOLFSSL_AES ${WOLFSSL_AES_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_AES" ${WOLFSSL_AES_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_AES)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
|
||||
@@ -655,7 +768,7 @@ endif()
|
||||
|
||||
# Coding
|
||||
set(WOLFSSL_CODING_HELP_STRING "Enable coding base 16/64 (default: enabled)")
|
||||
option(WOLFSSL_CODING ${WOLFSSL_CODING_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_CODING" ${WOLFSSL_CODING_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_CODING)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_CODING")
|
||||
@@ -674,7 +787,7 @@ if("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_BASE64_ENCODE_HELP_STRING "Enable Base64 encoding (default: enabled on x86_64)")
|
||||
option(WOLFSSL_BASE64_ENCODE ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT})
|
||||
add_option("WOLFSSL_BASE64_ENCODE" ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT} "yes;no")
|
||||
|
||||
if(WOLFSSL_BASE64_ENCODE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_BASE64_ENCODE")
|
||||
@@ -684,7 +797,7 @@ endif()
|
||||
|
||||
# DES3
|
||||
set(WOLFSSL_DES3_HELP_STRING "Enable DES3 (default: disabled)")
|
||||
option(WOLFSSL_DES3 ${WOLFSSL_DES3_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_DES3" ${WOLFSSL_DES3_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(WOLFSSL_OPENSSH OR
|
||||
WOLFSSL_QT OR
|
||||
@@ -697,7 +810,7 @@ endif()
|
||||
|
||||
# ARC4
|
||||
set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
|
||||
option(WOLFSSL_ARC4 ${WOLFSSL_ARC4_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(WOLFSSL_OPENSSH OR WOLFSSL_WPAS)
|
||||
override_cache(WOLFSSL_ARC4 "yes")
|
||||
@@ -715,7 +828,7 @@ endif()
|
||||
|
||||
# MD5
|
||||
set(WOLFSSL_MD5_HELP_STRING "Enable MD5 (default: enabled)")
|
||||
option(WOLFSSL_MD5 ${WOLFSSL_MD5_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_MD5" ${WOLFSSL_MD5_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_MD5)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_MD5" "-DNO_OLD_TLS")
|
||||
@@ -729,7 +842,7 @@ endif()
|
||||
|
||||
# SHA
|
||||
set(WOLFSSL_SHA_HELP_STRING "Enable SHA (default: enabled)")
|
||||
option(WOLFSSL_SHA ${WOLFSSL_SHA_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_SHA" ${WOLFSSL_SHA_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_SHA)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_SHA" "-DNO_OLD_TLS")
|
||||
@@ -748,7 +861,7 @@ endif()
|
||||
|
||||
# HC128
|
||||
set(WOLFSSL_HC128_HELP_STRING "Enable HC-128 (default: disabled)")
|
||||
option(WOLFSSL_HC128 ${WOLFSSL_HC128_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_HC128" ${WOLFSSL_HC128_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_HC128)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_HC128")
|
||||
@@ -768,35 +881,11 @@ endif()
|
||||
# - Selftest
|
||||
|
||||
# SHA224
|
||||
set(SHA224_DEFAULT "no")
|
||||
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
|
||||
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
|
||||
if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
|
||||
(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
|
||||
set(SHA224_DEFAULT "yes")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_SHA224_HELP_STRING "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)")
|
||||
option(WOLFSSL_SHA224 ${WOLFSSL_SHA224_HELP_STRING} ${SHA224_DEFAULT})
|
||||
|
||||
if(WOLFSSL_SHA224)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA224")
|
||||
endif()
|
||||
|
||||
# SHA3
|
||||
set(SHA3_DEFAULT "no")
|
||||
if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR
|
||||
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
|
||||
if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
|
||||
set(SHA3_DEFAULT "yes")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_SHA3_HELP_STRING "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)")
|
||||
set(WOLFSSL_SHA3 ${SHA3_DEFAULT} CACHE STRING ${WOLFSSL_SHA3_HELP_STRING})
|
||||
set_property(CACHE WOLFSSL_SHA3 PROPERTY STRINGS "yes" "no" "small")
|
||||
|
||||
if("${WOLFSSL_SHA3}" STREQUAL "small")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3_SMALL")
|
||||
override_cache(WOLFSSL_SHA3 "yes")
|
||||
@@ -807,10 +896,6 @@ if(WOLFSSL_SHA3 AND NOT WOLFSSL_32BIT)
|
||||
endif()
|
||||
|
||||
# SHAKE256
|
||||
set(WOLFSSL_SHAKE256_HELP_STRING "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)")
|
||||
set(WOLFSSL_SHAKE256 "no" CACHE STRING ${WOLFSSL_SHAKE256_HELP_STRING})
|
||||
set_property(CACHE WOLFSSL_SHAKE256 PROPERTY STRINGS "yes" "no" "small")
|
||||
|
||||
if(NOT WOLFSSL_SHAKE256)
|
||||
override_cache(WOLFSSL_SHAKE256 ${WOLFSSL_SHA3})
|
||||
endif()
|
||||
@@ -832,7 +917,7 @@ if(WOLFSSL_FIPS)
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_POLY1305_HELP_STRING "Enable wolfSSL POLY1305 support (default: enabled)")
|
||||
option(WOLFSSL_POLY1305 ${WOLFSSL_POLY1305_HELP_STRING} ${POLY1305_DEFAULT})
|
||||
add_option("WOLFSSL_POLY1305" ${WOLFSSL_POLY1305_HELP_STRING} ${POLY1305_DEFAULT} "yes;no")
|
||||
|
||||
# leanpsk and leantls don't need poly1305
|
||||
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
|
||||
@@ -852,8 +937,7 @@ if(WOLFSSL_FIPS)
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_CHACHA_HELP_STRING "Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups")
|
||||
set(WOLFSSL_CHACHA ${CHACHA_DEFAULT} CACHE STRING ${WOLFSSL_CHACHA_HELP_STRING})
|
||||
set_property(CACHE WOLFSSL_CHACHA PROPERTY STRINGS "yes" "no" "noasm")
|
||||
add_option("WOLFSSL_CHACHA" ${WOLFSSL_CHACHA_HELP_STRING} ${CHACHA_DEFAULT} "yes;no;noasm")
|
||||
|
||||
# leanpsk and leantls don't need chacha
|
||||
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
|
||||
@@ -872,7 +956,7 @@ endif()
|
||||
|
||||
# Hash DRBG
|
||||
set(WOLFSSL_HASH_DRBG_HELP_STRING "Enable Hash DRBG support (default: enabled)")
|
||||
option(WOLFSSL_HASH_DRBG ${WOLFSSL_HASH_DRBG_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_HASH_DRBG" ${WOLFSSL_HASH_DRBG_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_HASH_DRBG)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HASHDRBG")
|
||||
@@ -894,7 +978,7 @@ else()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_FILESYSTEM_HELP_STRING "Enable Filesystem support (default: enabled)")
|
||||
option(WOLFSSL_FILESYSTEM ${WOLFSSL_FILESYSTEM_HELP_STRING} ${FILESYSTEM_DEFAULT})
|
||||
add_option("WOLFSSL_FILESYSTEM" ${WOLFSSL_FILESYSTEM_HELP_STRING} ${FILESYSTEM_DEFAULT} "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_FILESYSTEM)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_FILESYSTEM")
|
||||
@@ -907,7 +991,7 @@ endif()
|
||||
|
||||
# Inline function support
|
||||
set(WOLFSSL_INLINE_HELP_STRING "Enable inline functions (default: enabled)")
|
||||
option(WOLFSSL_INLINE ${WOLFSSL_INLINE_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_INLINE" ${WOLFSSL_INLINE_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_INLINE)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DNO_INLINE")
|
||||
@@ -933,7 +1017,7 @@ endif()
|
||||
|
||||
# Supported elliptic curves extensions
|
||||
set(WOLFSSL_SUPPORTED_CURVES_HELP_STRING "Enable Supported Elliptic Curves (default: enabled)")
|
||||
option(WOLFSSL_SUPPORTED_CURVES ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_SUPPORTED_CURVES" ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_SUPPORTED_CURVES)
|
||||
if(NOT WOLFSSL_ECC AND NOT WOLFSSL_CURVE25519 AND NOT WOLFSSL_CURVE448)
|
||||
@@ -972,7 +1056,7 @@ endif()
|
||||
|
||||
# Extended master secret extension
|
||||
set(WOLFSSL_EXTENDED_MASTER_HELP_STRING "Enable Extended Master Secret (default: enabled)")
|
||||
option(WOLFSSL_EXTENDED_MASTER ${WOLFSSL_EXTENDED_MASTER_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_EXTENDED_MASTER" ${WOLFSSL_EXTENDED_MASTER_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_EXTENDED_MASTER)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_EXTENDED_MASTER")
|
||||
@@ -998,7 +1082,7 @@ endif()
|
||||
|
||||
# Encrypt-then-mac
|
||||
set(WOLFSSL_ENC_THEN_MAC_HELP_STRING "Enable Encryptr-Then-Mac extension (default: enabled)")
|
||||
option(WOLFSSL_ENC_THEN_MAC ${WOLFSSL_ENC_THEN_MAC_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ENC_THEN_MAC" ${WOLFSSL_ENC_THEN_MAC_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_APACHE_HTTPD)
|
||||
override_cache(WOLFSSL_ENC_THEN_MAC "no")
|
||||
@@ -1015,7 +1099,7 @@ endif()
|
||||
# stunnel Support
|
||||
# TODO: rest of stunnel support
|
||||
set(WOLFSSL_STUNNEL_HELP_STRING "Enable stunnel (default: disabled)")
|
||||
option(WOLFSSL_STUNNEL ${WOLFSSL_STUNNEL_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_STUNNEL" ${WOLFSSL_STUNNEL_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_PSK AND
|
||||
NOT WOLFSSL_LEAN_PSK AND
|
||||
@@ -1029,7 +1113,7 @@ endif()
|
||||
|
||||
# MD4
|
||||
set(WOLFSSL_MD4_HELP_STRING "Enable MD4 (default: disabled)")
|
||||
option(WOLFSSL_MD4 ${WOLFSSL_MD4_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_MD4" ${WOLFSSL_MD4_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_MD4)
|
||||
# turn on MD4 if using stunnel
|
||||
@@ -1045,7 +1129,7 @@ endif()
|
||||
# PWDBASED has to come after certservice since we want it on w/o explicit on
|
||||
# PWDBASED
|
||||
set(WOLFSSL_PWDBASED_HELP_STRING "Enable PWDBASED (default: disabled)")
|
||||
option(WOLFSSL_PWDBASED ${WOLFSSL_PWDBASED_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_PWDBASED" ${WOLFSSL_PWDBASED_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_PWDBASED)
|
||||
if(WOLFSSL_OPENSSLEXTRA OR
|
||||
@@ -1079,7 +1163,7 @@ if(WOLFSSL_SP_MATH)
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_FAST_MATH_HELP_STRING "Enable fast math ops (default: enabled on x86_64/aarch64)")
|
||||
option(WOLFSSL_FAST_MATH ${WOLFSSL_FAST_MATH_HELP_STRING} ${FASTMATH_DEFAULT})
|
||||
add_option("WOLFSSL_FAST_MATH" ${WOLFSSL_FAST_MATH_HELP_STRING} ${FASTMATH_DEFAULT} "yes;no")
|
||||
|
||||
if(WOLFSSL_FAST_MATH)
|
||||
# turn off fastmath if leanpsk on or asn off (w/o DH and ECC)
|
||||
@@ -1113,7 +1197,7 @@ else()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_EXAMPLES_HELP_STRING "Enable examples (default: enabled)")
|
||||
option(WOLFSSL_EXAMPLES ${WOLFSSL_EXAMPLES_HELP_STRING} ${EXAMPLES_DEFAULT})
|
||||
add_option("WOLFSSL_EXAMPLES" ${WOLFSSL_EXAMPLES_HELP_STRING} ${EXAMPLES_DEFAULT} "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_FILESYSTEM OR
|
||||
NOT WOLFSSL_INLINE OR
|
||||
@@ -1129,7 +1213,7 @@ else()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_CRYPT_TESTS_HELP_STRING "Enable Crypt Bench/Test (default: enabled)")
|
||||
option(WOLFSSL_CRYPT_TESTS ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFAULT})
|
||||
add_option("WOLFSSL_CRYPT_TESTS" ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFAULT} "yes;no")
|
||||
|
||||
# TODO: - LIBZ
|
||||
# - PKCS#11
|
||||
@@ -1146,7 +1230,7 @@ option(WOLFSSL_CRYPT_TESTS ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFA
|
||||
|
||||
# Asynchronous threading
|
||||
set(WOLFSSL_ASYNC_THREADS_HELP_STRING "Enable Asynchronous Threading (default: enabled)")
|
||||
option(WOLFSSL_ASYNC_THREADS ${WOLFSSL_ASYNC_THREADS_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_ASYNC_THREADS" ${WOLFSSL_ASYNC_THREADS_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_ASYNC_CRYPT AND WOLFSSL_ASYNC_THREADS)
|
||||
if(CMAKE_USE_PTHREADS_INIT)
|
||||
@@ -1171,7 +1255,7 @@ endif()
|
||||
# - AES key wrap
|
||||
|
||||
set(WOLFSSL_OLD_NAMES_HELP_STRING "Keep backwards compat with old names (default: enabled)")
|
||||
option(WOLFSSL_OLD_NAMES ${WOLFSSL_OLD_NAMES_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_OLD_NAMES" ${WOLFSSL_OLD_NAMES_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(NOT WOLFSSL_OLD_NAMES AND NOT WOLFSSL_OPENSSL_COEXIST)
|
||||
list(APPEND WOLFSSL_DEFINITIONS
|
||||
@@ -1186,7 +1270,7 @@ endif()
|
||||
|
||||
# Support for enabling setting default DH parameters
|
||||
set(WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING "Enables option for default dh parameters (default: disabled)")
|
||||
option(WOLFSSL_DH_DEFAULT_PARAMS ${WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_DH_DEFAULT_PARAMS" ${WOLFSSL_DH_DEFAULT_PARAMS_HELP_STRING} "no" "yes;no")
|
||||
|
||||
if(WOLFSSL_DH_DEFAULT_PARAMS OR NOT WOLFSSL_QT)
|
||||
override_cache(WOLFSSL_DH_DEFAULT_PARAMS "yes")
|
||||
@@ -1204,10 +1288,10 @@ else()
|
||||
endif()
|
||||
|
||||
set(WOLFSSL_USER_SETTINGS_HELP_STRING "Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)")
|
||||
option(WOLFSSL_USER_SETTINGS ${WOLFSSL_USER_SETTINGS_HELP_STRING} "no")
|
||||
add_option("WOLFSSL_USER_SETTINGS" ${WOLFSSL_USER_SETTINGS_HELP_STRING} "no" "yes;no")
|
||||
|
||||
set(WOLFSSL_OPTFLAGS_HELP_STRING "Enable default optimization CFLAGS for the compiler (default: enabled)")
|
||||
option(WOLFSSL_OPTFLAGS ${WOLFSSL_OPTFLAGS_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_OPTFLAGS" ${WOLFSSL_OPTFLAGS_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
# Generates the BUILD_* flags. These control what source files are included in
|
||||
# the library. A series of AM_CONDITIONALs handle this in configure.ac.
|
||||
@@ -1227,7 +1311,7 @@ endif()
|
||||
add_definitions(${WOLFSSL_DEFINITIONS})
|
||||
|
||||
set(WOLFSSL_CONFIG_H_HELP_STRING "Enable generation of config.h and define HAVE_CONFIG_H (default: enabled)")
|
||||
option(WOLFSSL_CONFIG_H ${WOLFSSL_CONFIG_H_HELP_STRING} "yes")
|
||||
add_option("WOLFSSL_CONFIG_H" ${WOLFSSL_CONFIG_H_HELP_STRING} "yes" "yes;no")
|
||||
|
||||
if(WOLFSSL_CONFIG_H)
|
||||
add_definitions("-DHAVE_CONFIG_H")
|
||||
|
||||
@@ -41,6 +41,7 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_CRYPTOCELL)
|
||||
/* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
|
||||
#define AES_MAX_KEY_SIZE 128
|
||||
#endif /* WOLFSSL_CRYPTOCELL*/
|
||||
|
||||
@@ -137,6 +138,9 @@ extern "C" {
|
||||
#if 1
|
||||
#define HAVE_ECC
|
||||
|
||||
#include <strings.h>
|
||||
/* strings.h required for strncasecmp */
|
||||
|
||||
/* Manually define enabled curves */
|
||||
#undef ECC_USER_CURVES
|
||||
#define ECC_USER_CURVES
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -177,4 +177,9 @@ echo "Step 22"
|
||||
openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
|
||||
check_result $?
|
||||
|
||||
# create crl and crl2 der files for unit test
|
||||
echo "Step 23"
|
||||
openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
|
||||
openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
|
||||
|
||||
exit 0
|
||||
|
||||
@@ -10,7 +10,9 @@ EXTRA_DIST += \
|
||||
certs/crl/crl2.pem \
|
||||
certs/crl/caEccCrl.pem \
|
||||
certs/crl/caEcc384Crl.pem \
|
||||
certs/crl/wolfssl.cnf
|
||||
certs/crl/wolfssl.cnf \
|
||||
certs/crl/crl.der \
|
||||
certs/crl/crl2.der
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/crl/crl.revoked
|
||||
|
||||
@@ -1,3 +1,22 @@
|
||||
function(add_option NAME HELP_STRING DEFAULT VALUES)
|
||||
list(FIND VALUES ${DEFAULT} IDX)
|
||||
if (${IDX} EQUAL -1)
|
||||
message(FATAL_ERROR "Failed to add option ${NAME}. Default value "
|
||||
"${DEFAULT} is not in list of possible values: ${VALUES}.")
|
||||
endif()
|
||||
|
||||
if(DEFINED ${NAME})
|
||||
list(FIND VALUES ${${NAME}} IDX)
|
||||
if (${IDX} EQUAL -1)
|
||||
message(FATAL_ERROR "Failed to set option ${NAME}. Value "
|
||||
"${${NAME}} is not in list of possible values: ${VALUES}.")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
set(${NAME} ${DEFAULT} CACHE STRING ${HELP_STRING})
|
||||
set_property(CACHE ${NAME} PROPERTY STRINGS ${VALUES})
|
||||
endfunction()
|
||||
|
||||
function(override_cache VAR VAL)
|
||||
get_property(VAR_TYPE CACHE ${VAR} PROPERTY TYPE)
|
||||
set(${VAR} ${VAL} CACHE ${VAR_TYPE} ${${VAR}_HELP_STRING} FORCE)
|
||||
|
||||
+85
-75
@@ -14,30 +14,10 @@ AC_CONFIG_AUX_DIR([build-aux])
|
||||
# want the default "-g -O2" that AC_PROG_CC sets automatically.
|
||||
: ${CFLAGS=""}
|
||||
|
||||
# For reproducible builds, gate out from the build anything that might
|
||||
# introduce semantically frivolous jitter, maximizing chance of
|
||||
# identical object files.
|
||||
AC_ARG_ENABLE([reproducible-build],
|
||||
[AS_HELP_STRING([--enable-reproducible-builds],[Enable maximally reproducible build (default: disabled)])],
|
||||
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
|
||||
[ ENABLED_REPRODUCIBLE_BUILD=no ]
|
||||
)
|
||||
|
||||
# Test ar for the "U" or "D" options. Should be checked before the libtool macros.
|
||||
xxx_ar_flags=$(ar --help 2>&1)
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
|
||||
then
|
||||
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[: ${AR_FLAGS="Dcr"}])
|
||||
else
|
||||
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
|
||||
fi
|
||||
xxx_ranlib_flags=$(ranlib --help 2>&1)
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
|
||||
then
|
||||
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[: ${RANLIB="ranlib -D"}])
|
||||
else
|
||||
AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[: ${RANLIB="ranlib -U"}])
|
||||
fi
|
||||
# Capture user C_EXTRA_FLAGS from configure line.
|
||||
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
|
||||
# might still be using it.
|
||||
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
|
||||
|
||||
AC_PROG_CC
|
||||
AM_PROG_CC_C_O
|
||||
@@ -69,11 +49,6 @@ WOLFSSL_LIBRARY_VERSION=28:1:4
|
||||
# +- increment if interfaces have been added, removed or changed
|
||||
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
|
||||
|
||||
# Capture user C_EXTRA_FLAGS from configure line.
|
||||
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
|
||||
# might still be using it.
|
||||
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
|
||||
|
||||
gl_VISIBILITY
|
||||
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
|
||||
AM_CFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
|
||||
@@ -89,6 +64,49 @@ AC_CHECK_SIZEOF([long])
|
||||
AC_CHECK_SIZEOF([time_t])
|
||||
AC_CHECK_TYPES([__uint128_t])
|
||||
|
||||
|
||||
# Distro build feature subset (Debian, Ubuntu, etc.)
|
||||
AC_ARG_ENABLE([distro],
|
||||
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
|
||||
[ ENABLED_DISTRO=$enableval ],
|
||||
[ ENABLED_DISTRO=no ]
|
||||
)
|
||||
if test "$ENABLED_DISTRO" = "yes"
|
||||
then
|
||||
enable_shared=yes
|
||||
enable_static=yes
|
||||
enable_all=yes
|
||||
REPRODUCIBLE_BUILD_DEFAULT=yes
|
||||
else
|
||||
REPRODUCIBLE_BUILD_DEFAULT=no
|
||||
fi
|
||||
|
||||
# For reproducible build, gate out from the build anything that might
|
||||
# introduce semantically frivolous jitter, maximizing chance of
|
||||
# identical object files.
|
||||
AC_ARG_ENABLE([reproducible-build],
|
||||
[AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])],
|
||||
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
|
||||
[ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ]
|
||||
)
|
||||
|
||||
# Test ar for the "U" or "D" options. Should be checked before the libtool macros.
|
||||
xxx_ar_flags=$(ar --help 2>&1)
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
|
||||
then
|
||||
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[: ${AR_FLAGS="Dcr"}])
|
||||
else
|
||||
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
|
||||
fi
|
||||
xxx_ranlib_flags=$(ranlib --help 2>&1)
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
|
||||
then
|
||||
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[: ${RANLIB="ranlib -D"}])
|
||||
else
|
||||
AS_CASE([$xxx_ranlib_flags],[*'Use actual symbol map timestamp'*],[: ${RANLIB="ranlib -U"}])
|
||||
fi
|
||||
|
||||
|
||||
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
|
||||
AC_CHECK_LIB([network],[socket])
|
||||
AC_C_BIGENDIAN
|
||||
@@ -165,57 +183,45 @@ AC_ARG_ENABLE([fips],
|
||||
[ENABLED_FIPS="no"])
|
||||
|
||||
AS_CASE([$ENABLED_FIPS],
|
||||
["ready"],[
|
||||
[ready],[
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="v2"
|
||||
FIPS_READY="yes"
|
||||
],
|
||||
["v2"],[
|
||||
# FIPS v2
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="v2"
|
||||
[no],[
|
||||
FIPS_VERSION="none"
|
||||
ENABLED_FIPS="no"
|
||||
],
|
||||
["rand"],[
|
||||
# FIPS Rand
|
||||
[rand|v1|v2],[
|
||||
FIPS_VERSION="$ENABLED_FIPS"
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="rand"
|
||||
],
|
||||
["no"],[FIPS_VERSION="none"],
|
||||
[yes],
|
||||
[
|
||||
# FIPS v1
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="v1"
|
||||
],
|
||||
[
|
||||
AC_MSG_ERROR([Invalid value for --enable-fips \"$ENABLED_FIPS\" (allowed: ready, rand, v1, v2)])
|
||||
])
|
||||
|
||||
case "$FIPS_VERSION" in
|
||||
none) if test -s wolfcrypt/src/fips.c || test -s ctaocrypt/src/fips.c; then
|
||||
AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
|
||||
fi
|
||||
;;
|
||||
v1) if ! test -s ctaocrypt/src/fips.c; then
|
||||
AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
|
||||
fi
|
||||
;;
|
||||
*) if ! test -s wolfcrypt/src/fips.c; then
|
||||
AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
# Distro build feature subset (Debian, Ubuntu, etc.)
|
||||
AC_ARG_ENABLE([distro],
|
||||
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
|
||||
[ ENABLED_DISTRO=$enableval ],
|
||||
[ ENABLED_DISTRO=no ]
|
||||
)
|
||||
if test "$ENABLED_DISTRO" = "yes"
|
||||
then
|
||||
enable_shared=yes
|
||||
enable_static=yes
|
||||
enable_all=yes
|
||||
fi
|
||||
|
||||
AS_CASE([$FIPS_VERSION],
|
||||
[none],
|
||||
[
|
||||
AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c -o -s $srcdir/ctaocrypt/src/fips.c ],
|
||||
[AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
|
||||
],
|
||||
[v1],
|
||||
[
|
||||
AS_IF([ ! test -s $srcdir/ctaocrypt/src/fips.c],
|
||||
[AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])])
|
||||
],
|
||||
[
|
||||
AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
|
||||
[AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
|
||||
]
|
||||
)
|
||||
|
||||
# Linux Kernel Module
|
||||
AC_ARG_ENABLE([linuxkm],
|
||||
@@ -383,6 +389,7 @@ then
|
||||
test "$enable_enckeys" = "" && enable_enckeys=yes
|
||||
test "$enable_hashflags" = "" && enable_hashflags=yes
|
||||
test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
|
||||
test "$enable_base64encode" = "" && enable_base64encode=yes
|
||||
test "$enable_arc4" = "" && enable_arc4=yes
|
||||
test "$enable_des3" = "" && enable_des3=yes
|
||||
test "$enable_nullcipher" = "" && enable_nullcipher=yes
|
||||
@@ -2595,7 +2602,7 @@ AC_ARG_ENABLE([anon],
|
||||
[ ENABLED_ANON=no ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_WPAS" = "xyes"
|
||||
if test "x$ENABLED_WPAS" = "xyes" || test "$ENABLED_NGINX" = "yes"
|
||||
then
|
||||
ENABLED_ANON=yes
|
||||
fi
|
||||
@@ -5259,7 +5266,7 @@ if test "$ENABLED_SP_ASM" = "yes"; then
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
*x86_64*)
|
||||
*x86_64*|*amd64*)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
|
||||
ENABLED_SP_X86_64_ASM=yes
|
||||
@@ -5618,7 +5625,7 @@ AC_ARG_ENABLE([oldnames],
|
||||
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES"
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
|
||||
fi
|
||||
|
||||
|
||||
@@ -6525,13 +6532,16 @@ echo " * Fast RSA: $ENABLED_FAST_RSA"
|
||||
echo " * Single Precision: $ENABLED_SP"
|
||||
if test "$ENABLED_SP_MATH_ALL" != "no"
|
||||
then
|
||||
echo " * SP math implementation: all"
|
||||
elif test "$ENABLED_SP_MATH" != "no"
|
||||
then
|
||||
echo " * SP math implementation: restricted"
|
||||
ENABLED_SP_MATH_DESC="all"
|
||||
else
|
||||
echo " * SP math implementation: no"
|
||||
if test "$ENABLED_SP_MATH" != "no"
|
||||
then
|
||||
ENABLED_SP_MATH_DESC="restricted"
|
||||
else
|
||||
ENABLED_SP_MATH_DESC="no"
|
||||
fi
|
||||
fi
|
||||
echo " * SP math implementation: $ENABLED_SP_MATH_DESC"
|
||||
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
|
||||
echo " * PKCS#11: $ENABLED_PKCS11"
|
||||
echo " * PKCS#12: $ENABLED_PKCS12"
|
||||
|
||||
@@ -466,6 +466,9 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
do {
|
||||
err = 0; /* reset error */
|
||||
ret = wolfSSL_connect(ssl);
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
EarlyDataStatus(ssl);
|
||||
#endif
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
@@ -2501,6 +2501,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
do {
|
||||
err = 0; /* reset error */
|
||||
ret = SSL_accept(ssl);
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
EarlyDataStatus(ssl);
|
||||
#endif
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
err = SSL_get_error(ssl, 0);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
+3
-3
@@ -257,7 +257,7 @@ if [ "$early_data" = "yes" ]; then
|
||||
grep 'Session Ticket' $client_out_file
|
||||
session_ticket=$?
|
||||
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
|
||||
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 2 ]; then
|
||||
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then
|
||||
RESULT=1
|
||||
fi
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
@@ -280,11 +280,11 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
|
||||
if [ $early_data_cnt -ne 2 -a $early_data_cnt -ne 4 ]; then
|
||||
if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 4 ]; then
|
||||
RESULT=1
|
||||
fi
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
|
||||
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -1439,6 +1439,31 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
|
||||
|
||||
return 0;
|
||||
}
|
||||
/* wolfSSL_BIO_tell is provided as compatible API with
|
||||
* BIO_tell which returns the current file position of a file related BIO.
|
||||
* Returns the current file position on success and -1 for failure.
|
||||
* Returns 0 for a BIOs except file related BIO.
|
||||
*/
|
||||
int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
|
||||
{
|
||||
int pos;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_BIO_tell");
|
||||
|
||||
if (bio == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (bio->type != WOLFSSL_BIO_FILE) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
pos = (int)XFTELL((XFILE)bio->ptr);
|
||||
if (pos < 0)
|
||||
return -1;
|
||||
else
|
||||
return pos;
|
||||
}
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
|
||||
|
||||
+41
-19
@@ -1800,6 +1800,15 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* setup WOLFSSL_X509_STORE */
|
||||
ctx->x509_store.cm = ctx->cm;
|
||||
|
||||
/* WOLFSSL_X509_VERIFY_PARAM */
|
||||
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
|
||||
WOLFSSL_MSG("ctx->param memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -1828,7 +1837,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
ret = wolfEventQueue_Init(&ctx->event_queue);
|
||||
if (ret == 0)
|
||||
ret = wolfEventQueue_Init(&ctx->event_queue);
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
@@ -1947,6 +1957,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
||||
XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
ctx->alpn_cli_protos = NULL;
|
||||
}
|
||||
if (ctx->param) {
|
||||
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
#ifndef NO_DH
|
||||
@@ -2291,7 +2304,7 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
|
||||
void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
|
||||
word16 havePSK, word16 haveDH, word16 haveNTRU,
|
||||
word16 haveECDSAsig, word16 haveECC,
|
||||
word16 haveStaticECC, int side)
|
||||
word16 haveStaticECC, word16 haveAnon, int side)
|
||||
{
|
||||
word16 idx = 0;
|
||||
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
||||
@@ -2313,6 +2326,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
|
||||
(void)side;
|
||||
(void)haveRSA; /* some builds won't read */
|
||||
(void)haveRSAsig; /* non ecc builds won't read */
|
||||
(void)haveAnon; /* anon ciphers optional */
|
||||
|
||||
if (suites == NULL) {
|
||||
WOLFSSL_MSG("InitSuites pointer error");
|
||||
@@ -2532,14 +2546,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
if (tls1_2 && haveDH) {
|
||||
if (tls1_2 && haveDH && haveAnon) {
|
||||
suites->suites[idx++] = CIPHER_BYTE;
|
||||
suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveDH) {
|
||||
if (tls1_2 && haveDH && haveAnon) {
|
||||
suites->suites[idx++] = CIPHER_BYTE;
|
||||
suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
@@ -3393,15 +3407,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap)
|
||||
(void)heap;
|
||||
|
||||
if (name != NULL) {
|
||||
XMEMSET(name, 0, sizeof(WOLFSSL_X509_NAME));
|
||||
name->name = name->staticName;
|
||||
name->dynamicName = 0;
|
||||
name->sz = 0;
|
||||
name->heap = heap;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
XMEMSET(name->entry, 0, sizeof(name->entry));
|
||||
name->x509 = NULL;
|
||||
name->entrySz = 0;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5209,13 +5217,15 @@ int InitSSL_Suites(WOLFSSL* ssl)
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
else {
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
TRUE, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
|
||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
|
||||
@@ -18917,6 +18927,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
||||
case NO_CERT_ERROR:
|
||||
return "TLS1.3 No Certificate Set Error";
|
||||
|
||||
case TOO_MUCH_EARLY_DATA:
|
||||
return "Too much early data";
|
||||
|
||||
default :
|
||||
return "unknown error number";
|
||||
}
|
||||
@@ -27529,7 +27542,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
|
||||
/* suite size */
|
||||
@@ -27859,7 +27873,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
@@ -27921,7 +27936,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -31122,16 +31138,22 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
|
||||
#ifdef HAVE_SNI
|
||||
int SNI_Callback(WOLFSSL* ssl)
|
||||
{
|
||||
int ad = 0;
|
||||
int sniRet = 0;
|
||||
/* Stunnel supports a custom sni callback to switch an SSL's ctx
|
||||
* when SNI is received. Call it now if exists */
|
||||
if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
|
||||
WOLFSSL_MSG("Calling custom sni callback");
|
||||
if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
|
||||
== alert_fatal) {
|
||||
sniRet = ssl->ctx->sniRecvCb(ssl, &ad, ssl->ctx->sniRecvCbArg);
|
||||
if (sniRet == alert_fatal) {
|
||||
WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
|
||||
SendAlert(ssl, alert_fatal, unrecognized_name);
|
||||
SendAlert(ssl, alert_fatal, ad);
|
||||
return FATAL_ERROR;
|
||||
}
|
||||
else if (sniRet == alert_warning) {
|
||||
WOLFSSL_MSG("Error in custom sni callback. Warning alert");
|
||||
SendAlert(ssl, alert_warning, ad);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
+17
-3
@@ -75,7 +75,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap)
|
||||
{
|
||||
CertStatus *status, *next;
|
||||
|
||||
if (entry == NULL)
|
||||
if (entry == NULL || !entry->ownStatus)
|
||||
return;
|
||||
|
||||
WOLFSSL_ENTER("FreeOcspEntry");
|
||||
@@ -371,6 +371,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
|
||||
XMEMCPY(status, newSingle->status, sizeof(CertStatus));
|
||||
status->next = entry->status;
|
||||
entry->status = status;
|
||||
entry->ownStatus = 1;
|
||||
entry->totalStatus++;
|
||||
}
|
||||
}
|
||||
@@ -598,7 +599,9 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
(void)dgst;
|
||||
|
||||
cm = wolfSSL_CertManagerNew();
|
||||
if (cm == NULL)
|
||||
if (cm == NULL
|
||||
|| subject == NULL || subject->derCert == NULL
|
||||
|| issuer == NULL || issuer->derCert == NULL)
|
||||
return NULL;
|
||||
|
||||
ret = AllocDer(&derCert, issuer->derCert->length,
|
||||
@@ -628,6 +631,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
XMEMSET(certStatus, 0, sizeof(CertStatus));
|
||||
|
||||
certId->status = certStatus;
|
||||
certId->ownStatus = 1;
|
||||
|
||||
InitDecodedCert(&cert, subject->derCert->buffer,
|
||||
subject->derCert->length, NULL);
|
||||
@@ -797,6 +801,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
XMEMSET(resp->single, 0, sizeof(OcspEntry));
|
||||
resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
|
||||
DYNAMIC_TYPE_OCSP_STATUS);
|
||||
resp->single->ownStatus = 1;
|
||||
if (resp->single->status == NULL) {
|
||||
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
@@ -876,6 +881,7 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
|
||||
else {
|
||||
XMEMCPY(bs->single, response->single, sizeof(OcspEntry));
|
||||
XMEMCPY(bs->source, response->source, response->maxIdx);
|
||||
bs->single->ownStatus = 0;
|
||||
}
|
||||
return bs;
|
||||
}
|
||||
@@ -912,11 +918,19 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
|
||||
WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
|
||||
WOLFSSL_OCSP_CERTID *cid)
|
||||
{
|
||||
if (req == NULL || cid == NULL)
|
||||
if (req == NULL || cid == NULL || cid->status == NULL)
|
||||
return NULL;
|
||||
|
||||
XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE);
|
||||
XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE);
|
||||
if (cid->status->serialSz > req->serialSz) {
|
||||
if (req->serial != NULL)
|
||||
XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
|
||||
req->serial = (byte*)XMALLOC(cid->status->serialSz,
|
||||
req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
if (req->serial == NULL)
|
||||
return NULL;
|
||||
}
|
||||
XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz);
|
||||
req->serialSz = cid->status->serialSz;
|
||||
|
||||
|
||||
@@ -9107,9 +9107,17 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
if (length != 0)
|
||||
return BUFFER_E;
|
||||
|
||||
if (ssl->earlyData == expecting_early_data)
|
||||
if (ssl->earlyData == expecting_early_data) {
|
||||
|
||||
if (ssl->options.maxEarlyDataSz != 0)
|
||||
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
|
||||
else
|
||||
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
|
||||
|
||||
return TLSX_EarlyData_Use(ssl, 0);
|
||||
}
|
||||
ssl->earlyData = early_data_ext;
|
||||
|
||||
return 0;
|
||||
}
|
||||
if (msgType == encrypted_extensions) {
|
||||
@@ -9122,6 +9130,11 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
if (ssl->options.pskIdIndex != 1)
|
||||
return PSK_KEY_ERROR;
|
||||
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
/* the extension from server comes in */
|
||||
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
|
||||
}
|
||||
|
||||
return TLSX_EarlyData_Use(ssl, 1);
|
||||
}
|
||||
if (msgType == session_ticket) {
|
||||
|
||||
+36
-5
@@ -8132,7 +8132,7 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
|
||||
for (i = 0; i < count; i++) {
|
||||
/* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups
|
||||
* are valid */
|
||||
if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, groups[i]))
|
||||
if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i]))
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
|
||||
return ret;
|
||||
@@ -8167,7 +8167,7 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
|
||||
for (i = 0; i < count; i++) {
|
||||
/* Call to wolfSSL_UseSupportedCurve also checks if input groups
|
||||
* are valid */
|
||||
if ((ret = wolfSSL_UseSupportedCurve(ssl, groups[i]))
|
||||
if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i]))
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
|
||||
return ret;
|
||||
@@ -8217,7 +8217,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
|
||||
|
||||
@@ -8254,7 +8255,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
|
||||
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
|
||||
ssl->options.haveDH, ssl->options.haveNTRU,
|
||||
ssl->options.haveECDSAsig, ssl->options.haveECC,
|
||||
ssl->options.haveStaticECC, ssl->options.side);
|
||||
ssl->options.haveStaticECC, ssl->options.haveAnon,
|
||||
ssl->options.side);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -8654,11 +8656,25 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
|
||||
ret = wolfSSL_connect_TLSv13(ssl);
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
/* on client side, status is set to rejected */
|
||||
/* until sever accepts the early data extension. */
|
||||
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
|
||||
}
|
||||
if (ssl->options.handShakeState == CLIENT_HELLO_COMPLETE) {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* when processed early data exceeds max size */
|
||||
if (ssl->session.maxEarlyDataSz > 0 &&
|
||||
(ssl->earlyDataSz + sz > ssl->session.maxEarlyDataSz)) {
|
||||
ssl->error = TOO_MUCH_EARLY_DATA;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
ret = SendData(ssl, data, sz);
|
||||
if (ret > 0)
|
||||
if (ret > 0) {
|
||||
*outSz = ret;
|
||||
/* store amount of processed early data from client */
|
||||
ssl->earlyDataSz += ret;
|
||||
}
|
||||
}
|
||||
#else
|
||||
return SIDE_ERROR;
|
||||
@@ -8722,6 +8738,21 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Returns early data status
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* returns WOLFSSL_EARLY_DATA_ACCEPTED if the data was accepted
|
||||
* WOLFSSL_EARLY_DATA_REJECTED if the data was rejected
|
||||
* WOLFSSL_EARLY_DATA_NOT_SENT if no early data was sent
|
||||
*/
|
||||
int wolfSSL_get_early_data_status(const WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return ssl->earlyDataStatus;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
|
||||
+752
-100
File diff suppressed because it is too large
Load Diff
@@ -5611,6 +5611,7 @@ exit:
|
||||
(void)times;
|
||||
(void)desc;
|
||||
(void)start;
|
||||
(void)name;
|
||||
}
|
||||
|
||||
|
||||
|
||||
+1
-1
@@ -4798,7 +4798,7 @@ static void AES_GCM_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned char* addt,
|
||||
const unsigned char* ivec, unsigned char *tag,
|
||||
word32 nbytes, word32 abytes, word32 ibytes,
|
||||
wrd32 tbytes, const unsigned char* key, int nr)
|
||||
word32 tbytes, const unsigned char* key, int nr)
|
||||
{
|
||||
int i, j ,k;
|
||||
__m128i ctr1;
|
||||
|
||||
+106
-265
@@ -7121,8 +7121,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
(void)verify;
|
||||
|
||||
switch (sigOID) {
|
||||
#if defined(WOLFSSL_MD2)
|
||||
case CTC_MD2wRSA:
|
||||
@@ -7210,6 +7208,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
|
||||
WOLFSSL_MSG("Hash for Signature has unsupported type");
|
||||
}
|
||||
|
||||
(void)buf;
|
||||
(void)bufSz;
|
||||
(void)sigOID;
|
||||
(void)digest;
|
||||
(void)digestSz;
|
||||
(void)typeH;
|
||||
(void)verify;
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* !NO_ASN_CRYPT */
|
||||
@@ -12413,16 +12419,6 @@ static int CopyValidity(byte* output, Cert* cert)
|
||||
|
||||
#endif
|
||||
|
||||
/* ASN Encoded Name field */
|
||||
typedef struct EncodedName {
|
||||
int nameLen; /* actual string value length */
|
||||
int totalLen; /* total encoded length */
|
||||
int type; /* type of name */
|
||||
int used; /* are we actually using this one */
|
||||
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
|
||||
} EncodedName;
|
||||
|
||||
|
||||
/* Get Which Name from index */
|
||||
const char* GetOneCertName(CertName* name, int idx)
|
||||
{
|
||||
@@ -13004,281 +13000,126 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
|
||||
*
|
||||
* returns length on success
|
||||
*/
|
||||
static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type)
|
||||
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type)
|
||||
{
|
||||
word32 idx = 0;
|
||||
/* bottom up */
|
||||
byte firstLen[1 + MAX_LENGTH_SZ];
|
||||
byte secondLen[MAX_LENGTH_SZ];
|
||||
byte sequence[MAX_SEQ_SZ];
|
||||
byte set[MAX_SET_SZ];
|
||||
|
||||
if (nameStr) {
|
||||
/* bottom up */
|
||||
byte firstLen[1 + MAX_LENGTH_SZ];
|
||||
byte secondLen[MAX_LENGTH_SZ];
|
||||
byte sequence[MAX_SEQ_SZ];
|
||||
byte set[MAX_SET_SZ];
|
||||
int strLen;
|
||||
int thisLen;
|
||||
int firstSz, secondSz, seqSz, setSz;
|
||||
|
||||
int strLen = (int)XSTRLEN(nameStr);
|
||||
int thisLen = strLen;
|
||||
int firstSz, secondSz, seqSz, setSz;
|
||||
|
||||
if (strLen == 0) { /* no user data for this item */
|
||||
name->used = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Restrict country code size */
|
||||
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
|
||||
WOLFSSL_MSG("Country code size error");
|
||||
return ASN_COUNTRY_SIZE_E;
|
||||
}
|
||||
|
||||
secondSz = SetLength(strLen, secondLen);
|
||||
thisLen += secondSz;
|
||||
switch (type) {
|
||||
case ASN_EMAIL_NAME: /* email */
|
||||
thisLen += EMAIL_JOINT_LEN;
|
||||
firstSz = EMAIL_JOINT_LEN;
|
||||
break;
|
||||
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
thisLen += PILOT_JOINT_LEN;
|
||||
firstSz = PILOT_JOINT_LEN;
|
||||
break;
|
||||
|
||||
default:
|
||||
thisLen++; /* str type */
|
||||
thisLen += JOINT_LEN;
|
||||
firstSz = JOINT_LEN + 1;
|
||||
}
|
||||
thisLen++; /* id type */
|
||||
firstSz = SetObjectId(firstSz, firstLen);
|
||||
thisLen += firstSz;
|
||||
|
||||
seqSz = SetSequence(thisLen, sequence);
|
||||
thisLen += seqSz;
|
||||
setSz = SetSet(thisLen, set);
|
||||
thisLen += setSz;
|
||||
|
||||
if (thisLen > (int)sizeof(name->encoded)) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
/* store it */
|
||||
idx = 0;
|
||||
/* set */
|
||||
XMEMCPY(name->encoded, set, setSz);
|
||||
idx += setSz;
|
||||
/* seq */
|
||||
XMEMCPY(name->encoded + idx, sequence, seqSz);
|
||||
idx += seqSz;
|
||||
/* asn object id */
|
||||
XMEMCPY(name->encoded + idx, firstLen, firstSz);
|
||||
idx += firstSz;
|
||||
switch (type) {
|
||||
case ASN_EMAIL_NAME:
|
||||
{
|
||||
const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||
0x01, 0x09, 0x01, 0x16 };
|
||||
/* email joint id */
|
||||
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
|
||||
idx += (int)sizeof(EMAIL_OID);
|
||||
}
|
||||
break;
|
||||
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
{
|
||||
const byte PILOT_OID[] = { 0x09, 0x92, 0x26, 0x89,
|
||||
0x93, 0xF2, 0x2C, 0x64, 0x01
|
||||
};
|
||||
|
||||
XMEMCPY(name->encoded + idx, PILOT_OID,
|
||||
sizeof(PILOT_OID));
|
||||
idx += (int)sizeof(PILOT_OID);
|
||||
/* id type */
|
||||
name->encoded[idx++] = type;
|
||||
/* str type */
|
||||
name->encoded[idx++] = nameType;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
name->encoded[idx++] = 0x55;
|
||||
name->encoded[idx++] = 0x04;
|
||||
/* id type */
|
||||
name->encoded[idx++] = type;
|
||||
/* str type */
|
||||
name->encoded[idx++] = nameType;
|
||||
}
|
||||
/* second length */
|
||||
XMEMCPY(name->encoded + idx, secondLen, secondSz);
|
||||
idx += secondSz;
|
||||
/* str value */
|
||||
XMEMCPY(name->encoded + idx, nameStr, strLen);
|
||||
idx += strLen;
|
||||
|
||||
name->type = type;
|
||||
name->totalLen = idx;
|
||||
name->used = 1;
|
||||
}
|
||||
else
|
||||
if (nameStr == NULL) {
|
||||
name->used = 0;
|
||||
return 0;
|
||||
}
|
||||
thisLen = strLen = (int)XSTRLEN(nameStr);
|
||||
if (strLen == 0) { /* no user data for this item */
|
||||
name->used = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
return idx;
|
||||
}
|
||||
/* Restrict country code size */
|
||||
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
|
||||
WOLFSSL_MSG("Country code size error");
|
||||
return ASN_COUNTRY_SIZE_E;
|
||||
}
|
||||
|
||||
secondSz = SetLength(strLen, secondLen);
|
||||
thisLen += secondSz;
|
||||
switch (type) {
|
||||
case ASN_EMAIL_NAME: /* email */
|
||||
thisLen += EMAIL_JOINT_LEN;
|
||||
firstSz = EMAIL_JOINT_LEN;
|
||||
break;
|
||||
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
thisLen += PILOT_JOINT_LEN;
|
||||
firstSz = PILOT_JOINT_LEN;
|
||||
break;
|
||||
|
||||
|
||||
/* Guarded by either
|
||||
* A) WOLFSSL_WPAS_SMALL is on or
|
||||
* B) (OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_CERT_GEN +
|
||||
* (WOLFSSL_CERT_REQ or WOLFSSL_CERT_EXT or OPENSSL_EXTRA) has been
|
||||
* defined
|
||||
*/
|
||||
#if defined(WOLFSSL_WPAS_SMALL) || \
|
||||
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
|
||||
defined(OPENSSL_EXTRA))
|
||||
/* Converts from NID_* value to wolfSSL value if needed */
|
||||
static int ConvertNIDToWolfSSL(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_commonName : return ASN_COMMON_NAME;
|
||||
case NID_surname : return ASN_SUR_NAME;
|
||||
case NID_countryName: return ASN_COUNTRY_NAME;
|
||||
case NID_localityName: return ASN_LOCALITY_NAME;
|
||||
case NID_stateOrProvinceName: return ASN_STATE_NAME;
|
||||
case NID_organizationName: return ASN_ORG_NAME;
|
||||
case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
|
||||
case NID_emailAddress: return ASN_EMAIL_NAME;
|
||||
case NID_serialNumber: return ASN_SERIAL_NUMBER;
|
||||
case NID_businessCategory: return ASN_BUS_CAT;
|
||||
case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
|
||||
default:
|
||||
WOLFSSL_MSG("Attribute NID not found");
|
||||
return -1;
|
||||
thisLen++; /* str type */
|
||||
thisLen += JOINT_LEN;
|
||||
firstSz = JOINT_LEN + 1;
|
||||
}
|
||||
}
|
||||
thisLen++; /* id type */
|
||||
firstSz = SetObjectId(firstSz, firstLen);
|
||||
thisLen += firstSz;
|
||||
|
||||
seqSz = SetSequence(thisLen, sequence);
|
||||
thisLen += seqSz;
|
||||
setSz = SetSet(thisLen, set);
|
||||
thisLen += setSz;
|
||||
|
||||
/* Converts the x509 name structure into DER format.
|
||||
*
|
||||
* out pointer to either a pre setup buffer or a pointer to null for
|
||||
* creating a dynamic buffer. In the case that a pre-existing buffer is
|
||||
* used out will be incremented the size of the DER buffer on success.
|
||||
*
|
||||
* returns the size of the buffer on success, or negative value with failure
|
||||
*/
|
||||
int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
|
||||
{
|
||||
int totalBytes = 0, i, idx;
|
||||
byte temp[MAX_SEQ_SZ];
|
||||
byte *output, *local = NULL;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
EncodedName* names = NULL;
|
||||
#else
|
||||
EncodedName names[MAX_NAME_ENTRIES];
|
||||
#endif
|
||||
|
||||
if (out == NULL || name == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (names == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES);
|
||||
|
||||
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
||||
WOLFSSL_X509_NAME_ENTRY* entry;
|
||||
int ret;
|
||||
|
||||
entry = wolfSSL_X509_NAME_get_entry(name, i);
|
||||
if (entry != NULL && entry->set == 1) {
|
||||
const char* nameStr;
|
||||
int type;
|
||||
WOLFSSL_ASN1_STRING* data;
|
||||
|
||||
data = wolfSSL_X509_NAME_ENTRY_get_data(entry);
|
||||
if (data == NULL) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("Error getting entry data");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
nameStr = (const char*)wolfSSL_ASN1_STRING_data(data);
|
||||
type = wolfSSL_ASN1_STRING_type(data);
|
||||
|
||||
switch (type) {
|
||||
case MBSTRING_UTF8:
|
||||
type = CTC_UTF8;
|
||||
break;
|
||||
case V_ASN1_PRINTABLESTRING:
|
||||
type = CTC_PRINTABLE;
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default");
|
||||
type = CTC_UTF8;
|
||||
}
|
||||
ret = wc_EncodeName(&names[i], nameStr, type,
|
||||
ConvertNIDToWolfSSL(entry->nid));
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("EncodeName failed");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
totalBytes += ret;
|
||||
}
|
||||
}
|
||||
|
||||
/* header */
|
||||
idx = SetSequence(totalBytes, temp);
|
||||
if (totalBytes + idx > ASN_NAME_MAX) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
|
||||
if (thisLen > (int)sizeof(name->encoded)) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
/* check if using buffer passed in */
|
||||
if (*out == NULL) {
|
||||
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (*out == NULL) {
|
||||
return MEMORY_E;
|
||||
/* store it */
|
||||
idx = 0;
|
||||
/* set */
|
||||
XMEMCPY(name->encoded, set, setSz);
|
||||
idx += setSz;
|
||||
/* seq */
|
||||
XMEMCPY(name->encoded + idx, sequence, seqSz);
|
||||
idx += seqSz;
|
||||
/* asn object id */
|
||||
XMEMCPY(name->encoded + idx, firstLen, firstSz);
|
||||
idx += firstSz;
|
||||
switch (type) {
|
||||
case ASN_EMAIL_NAME:
|
||||
{
|
||||
const byte EMAIL_OID[] = {
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16
|
||||
};
|
||||
/* email joint id */
|
||||
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
|
||||
idx += (int)sizeof(EMAIL_OID);
|
||||
break;
|
||||
}
|
||||
}
|
||||
output = *out;
|
||||
|
||||
idx = SetSequence(totalBytes, output);
|
||||
totalBytes += idx;
|
||||
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
||||
if (names[i].used) {
|
||||
XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
|
||||
idx += names[i].totalLen;
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
{
|
||||
const byte PILOT_OID[] = {
|
||||
0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01
|
||||
};
|
||||
|
||||
XMEMCPY(name->encoded + idx, PILOT_OID, sizeof(PILOT_OID));
|
||||
idx += (int)sizeof(PILOT_OID);
|
||||
/* id type */
|
||||
name->encoded[idx++] = type;
|
||||
/* str type */
|
||||
name->encoded[idx++] = nameType;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
/* used existing buffer passed in, so increment pointer */
|
||||
if (local == NULL) {
|
||||
*out += totalBytes;
|
||||
default:
|
||||
name->encoded[idx++] = 0x55;
|
||||
name->encoded[idx++] = 0x04;
|
||||
/* id type */
|
||||
name->encoded[idx++] = type;
|
||||
/* str type */
|
||||
name->encoded[idx++] = nameType;
|
||||
}
|
||||
return totalBytes;
|
||||
/* second length */
|
||||
XMEMCPY(name->encoded + idx, secondLen, secondSz);
|
||||
idx += secondSz;
|
||||
/* str value */
|
||||
XMEMCPY(name->encoded + idx, nameStr, strLen);
|
||||
idx += strLen;
|
||||
|
||||
name->type = type;
|
||||
name->totalLen = idx;
|
||||
name->used = 1;
|
||||
|
||||
return idx;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
|
||||
/* encode CertName into output, return total bytes written */
|
||||
int SetName(byte* output, word32 outputSz, CertName* name)
|
||||
|
||||
+39
-41
@@ -1178,7 +1178,8 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
|
||||
|
||||
|
||||
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL)
|
||||
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
||||
mp_int* prime, mp_int* order);
|
||||
#endif
|
||||
@@ -3799,8 +3800,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
}
|
||||
|
||||
/* Verify domain params supplied */
|
||||
if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
|
||||
wc_ecc_is_valid_idx(public_key->idx) == 0) {
|
||||
if (wc_ecc_is_valid_idx(private_key->idx) == 0 || private_key->dp == NULL ||
|
||||
wc_ecc_is_valid_idx(public_key->idx) == 0 || public_key->dp == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -3824,7 +3825,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
err = CRYS_ECDH_SVDP_DH(&public_key->ctx.pubKey,
|
||||
&private_key->ctx.privKey,
|
||||
out,
|
||||
outlen,
|
||||
(uint32_t*)outlen,
|
||||
&tempBuff);
|
||||
|
||||
if (err != SA_SILIB_RET_OK){
|
||||
@@ -4101,7 +4102,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
|
||||
}
|
||||
|
||||
/* Verify domain params supplied */
|
||||
if (wc_ecc_is_valid_idx(private_key->idx) == 0) {
|
||||
if (wc_ecc_is_valid_idx(private_key->idx) == 0 || private_key->dp == NULL) {
|
||||
WOLFSSL_MSG("wc_ecc_is_valid_idx failed");
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
@@ -4168,7 +4169,7 @@ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (wc_ecc_is_valid_idx(curve_idx) != 1) {
|
||||
if (wc_ecc_is_valid_idx(curve_idx) == 0) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -4542,7 +4543,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
||||
}
|
||||
#elif defined(WOLFSSL_CRYPTOCELL)
|
||||
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
|
||||
raw_size = (word32)(key->dp->size)*2 + 1;
|
||||
|
||||
/* generate first key pair */
|
||||
@@ -4563,7 +4564,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
||||
err = CRYS_ECPKI_ExportPublKey(&key->ctx.pubKey,
|
||||
CRYS_EC_PointUncompressed,
|
||||
&ucompressed_key[0],
|
||||
&raw_size);
|
||||
(uint32_t*)&raw_size);
|
||||
|
||||
if (err == SA_SILIB_RET_OK && key->pubkey.x && key->pubkey.y) {
|
||||
err = mp_read_unsigned_bin(key->pubkey.x,
|
||||
@@ -4577,7 +4578,7 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
||||
if (err == MP_OKAY) {
|
||||
err = CRYS_ECPKI_ExportPrivKey(&key->ctx.privKey,
|
||||
ucompressed_key,
|
||||
&raw_size);
|
||||
(uint32_t*)&raw_size);
|
||||
}
|
||||
|
||||
if (err == SA_SILIB_RET_OK) {
|
||||
@@ -4993,7 +4994,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
|
||||
(byte*)in,
|
||||
msgLenInBytes,
|
||||
out,
|
||||
&raw_sig_size);
|
||||
(uint32_t*)&raw_sig_size);
|
||||
|
||||
if (err != SA_SILIB_RET_OK){
|
||||
WOLFSSL_MSG("CRYS_ECDSA_Sign failed");
|
||||
@@ -5248,7 +5249,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
}
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (wc_ecc_is_valid_idx(key->idx) != 1) {
|
||||
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -6409,7 +6410,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
*res = 0;
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (wc_ecc_is_valid_idx(key->idx) != 1) {
|
||||
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -7209,9 +7210,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
|
||||
if (key->type == ECC_PRIVATEKEY_ONLY)
|
||||
return ECC_PRIVATEONLY_E;
|
||||
|
||||
if (key->type == 0 ||
|
||||
wc_ecc_is_valid_idx(key->idx) == 0 ||
|
||||
key->dp == NULL) {
|
||||
if (key->type == 0 || wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL){
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -7656,7 +7655,8 @@ int wc_ecc_check_key(ecc_key* key)
|
||||
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
|
||||
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL)
|
||||
|
||||
err = 0; /* consider key check success on ATECC508/608A */
|
||||
err = 0; /* consider key check success on ATECC508/608A and CryptoCell */
|
||||
(void)err;
|
||||
|
||||
#else
|
||||
#ifdef USE_ECC_B_PARAM
|
||||
@@ -7751,9 +7751,8 @@ int wc_ecc_check_key(ecc_key* key)
|
||||
#endif
|
||||
|
||||
FREE_CURVE_SPECS();
|
||||
|
||||
return err;
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
return err;
|
||||
#else
|
||||
return WC_KEY_SIZE_E;
|
||||
#endif /* !WOLFSSL_SP_MATH */
|
||||
@@ -7770,7 +7769,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
|
||||
#endif
|
||||
int keysize = 0;
|
||||
byte pointType;
|
||||
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
const CRYS_ECPKI_Domain_t* pDomain;
|
||||
CRYS_ECPKI_BUILD_TempData_t tempBuff;
|
||||
#endif
|
||||
if (in == NULL || key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
@@ -7950,7 +7952,20 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
|
||||
#ifdef WOLFSSL_SILABS_SE_ACCEL
|
||||
err = silabs_ecc_import(key, keysize);
|
||||
#endif
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
|
||||
|
||||
/* create public key from external key buffer */
|
||||
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
|
||||
(byte*)in-1, /* re-adjust */
|
||||
inLen+1, /* original input */
|
||||
&key->ctx.pubKey,
|
||||
&tempBuff);
|
||||
|
||||
if (err != SA_SILIB_RET_OK){
|
||||
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
if (err == MP_OKAY)
|
||||
err = wc_ecc_check_key(key);
|
||||
@@ -7988,7 +8003,7 @@ int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (wc_ecc_is_valid_idx(key->idx) == 0) {
|
||||
if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
keySz = key->dp->size;
|
||||
@@ -8079,7 +8094,6 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
|
||||
int ret;
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
const CRYS_ECPKI_Domain_t* pDomain;
|
||||
CRYS_ECPKI_BUILD_TempData_t tempBuff;
|
||||
#endif
|
||||
if (key == NULL || priv == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -8110,21 +8124,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
|
||||
return ret;
|
||||
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
|
||||
|
||||
if (pub != NULL && pub[0] != '\0') {
|
||||
/* create public key from external key buffer */
|
||||
ret = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
|
||||
(byte*)pub,
|
||||
pubSz,
|
||||
&key->ctx.pubKey,
|
||||
&tempBuff);
|
||||
|
||||
if (ret != SA_SILIB_RET_OK){
|
||||
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
|
||||
/* import private key */
|
||||
if (priv != NULL && priv[0] != '\0') {
|
||||
|
||||
@@ -8396,7 +8396,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
}
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(curve_id));
|
||||
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
|
||||
|
||||
/* create public key from external key buffer */
|
||||
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
|
||||
@@ -8552,7 +8552,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
|
||||
/* key size in octets */
|
||||
int wc_ecc_size(ecc_key* key)
|
||||
{
|
||||
if (key == NULL)
|
||||
if (key == NULL || key->dp == NULL)
|
||||
return 0;
|
||||
|
||||
return key->dp->size;
|
||||
@@ -11356,9 +11356,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
|
||||
if (key->type == ECC_PRIVATEKEY_ONLY)
|
||||
return ECC_PRIVATEONLY_E;
|
||||
|
||||
if (key->type == 0 ||
|
||||
wc_ecc_is_valid_idx(key->idx) == 0 ||
|
||||
key->dp == NULL) {
|
||||
if (key->type == 0 || wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL){
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
|
||||
@@ -4302,6 +4302,8 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
|
||||
int res, ix, oldused;
|
||||
mp_digit *tmpa, *tmpc, mu;
|
||||
|
||||
if (b > MP_DIGIT_MAX) return MP_VAL;
|
||||
|
||||
/* grow c as required */
|
||||
if (c->alloc < a->used + 1) {
|
||||
if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
|
||||
@@ -5039,6 +5041,11 @@ int mp_lcm (mp_int * a, mp_int * b, mp_int * c)
|
||||
int res;
|
||||
mp_int t1, t2;
|
||||
|
||||
/* LCM of 0 and any number is undefined as 0 is not in the set of values
|
||||
* being used. */
|
||||
if (mp_iszero (a) == MP_YES || mp_iszero (b) == MP_YES) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
if ((res = mp_init_multi (&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
|
||||
return res;
|
||||
@@ -5083,6 +5090,10 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
|
||||
|
||||
/* either zero than gcd is the largest */
|
||||
if (mp_iszero (a) == MP_YES) {
|
||||
/* GCD of 0 and 0 is undefined as all integers divide 0. */
|
||||
if (mp_iszero (b) == MP_YES) {
|
||||
return MP_VAL;
|
||||
}
|
||||
return mp_abs (b, c);
|
||||
}
|
||||
if (mp_iszero (b) == MP_YES) {
|
||||
@@ -5218,9 +5229,11 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
|
||||
*/
|
||||
if (y < radix) {
|
||||
if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
|
||||
mp_zero(a);
|
||||
return res;
|
||||
}
|
||||
if ((res = mp_add_d (a, (mp_digit) y, a)) != MP_OKAY) {
|
||||
mp_zero(a);
|
||||
return res;
|
||||
}
|
||||
} else {
|
||||
|
||||
+14
-1
@@ -550,7 +550,20 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* Apply MD5 transformation to the data */
|
||||
/* @param md5 a pointer to wc_MD5 structure */
|
||||
/* @param data data to be applied MD5 transformation */
|
||||
/* @return 0 on successful, otherwise non-zero on failure */
|
||||
int wc_Md5Transform(wc_Md5* md5, const byte* data)
|
||||
{
|
||||
/* sanity check */
|
||||
if (md5 == NULL || data == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return Transform(md5, data);
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
|
||||
int wc_Md5SetFlags(wc_Md5* md5, word32 flags)
|
||||
{
|
||||
|
||||
+21
-3
@@ -4917,16 +4917,27 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
der = pkcs7->der;
|
||||
pkcs7->der = NULL;
|
||||
#endif
|
||||
contentDynamic = pkcs7->contentDynamic;
|
||||
version = pkcs7->version;
|
||||
|
||||
|
||||
if (ret == 0) {
|
||||
byte isDynamic = pkcs7->isDynamic;
|
||||
#ifndef NO_PKCS7_STREAM
|
||||
PKCS7State* stream = pkcs7->stream;
|
||||
pkcs7->stream = NULL;
|
||||
#endif
|
||||
|
||||
/* Save dynamic content before freeing PKCS7 struct */
|
||||
if (pkcs7->contentDynamic != NULL) {
|
||||
contentDynamic = (byte*)XMALLOC(contentSz,
|
||||
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (contentDynamic == NULL) {
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
XMEMCPY(contentDynamic, pkcs7->contentDynamic,
|
||||
contentSz);
|
||||
}
|
||||
|
||||
/* Free pkcs7 resources but not the structure itself */
|
||||
pkcs7->isDynamic = 0;
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
@@ -4934,11 +4945,18 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
/* This will reset PKCS7 structure and then set the
|
||||
* certificate */
|
||||
ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
|
||||
|
||||
/* Restore pkcs7->contentDynamic from above, will be
|
||||
* freed by application with wc_PKCS7_Free() */
|
||||
if (contentDynamic != NULL) {
|
||||
pkcs7->contentDynamic = contentDynamic;
|
||||
contentDynamic = NULL;
|
||||
}
|
||||
|
||||
#ifndef NO_PKCS7_STREAM
|
||||
pkcs7->stream = stream;
|
||||
#endif
|
||||
}
|
||||
pkcs7->contentDynamic = contentDynamic;
|
||||
pkcs7->version = version;
|
||||
#ifdef ASN_BER_TO_DER
|
||||
pkcs7->der = der;
|
||||
|
||||
+23
-7
@@ -2236,19 +2236,35 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
#elif defined(INTIME_RTOS)
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
(void)os;
|
||||
uint32_t randval;
|
||||
word32 len;
|
||||
|
||||
if (output == NULL) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
/* Note: Investigate better solution */
|
||||
/* no return to check */
|
||||
arc4random_buf(output, sz);
|
||||
#ifdef INTIMEVER
|
||||
/* If INTIMEVER exists then it is INTIME RTOS v6 or later */
|
||||
#define INTIME_RAND_FUNC arc4random
|
||||
len = 4;
|
||||
#else
|
||||
/* v5 and older */
|
||||
#define INTIME_RAND_FUNC rand
|
||||
srand(time(0));
|
||||
len = 2; /* don't use all 31 returned bits */
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
while (sz > 0) {
|
||||
if (sz < len)
|
||||
len = sz;
|
||||
randval = INTIME_RAND_FUNC();
|
||||
XMEMCPY(output, &randval, len);
|
||||
output += len;
|
||||
sz -= len;
|
||||
}
|
||||
(void)os;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_WICED)
|
||||
|
||||
+21
-2
@@ -773,13 +773,31 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* Apply SHA1 transformation to the data */
|
||||
/* @param sha a pointer to wc_Sha structure */
|
||||
/* @param data data to be applied SHA1 transformation */
|
||||
/* @return 0 on successful, otherwise non-zero on failure */
|
||||
int wc_ShaTransform(wc_Sha* sha, const unsigned char* data)
|
||||
{
|
||||
/* sanity check */
|
||||
if (sha == NULL || data == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return (Transform(sha, data));
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* USE_SHA_SOFTWARE_IMPL */
|
||||
|
||||
|
||||
|
||||
#if !defined(WOLFSSL_IMXRT_DCP)
|
||||
int wc_InitSha(wc_Sha* sha)
|
||||
{
|
||||
return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
|
||||
}
|
||||
#endif /* !defined(WOLFSSL_IMXRT_DCP) */
|
||||
|
||||
void wc_ShaFree(wc_Sha* sha)
|
||||
{
|
||||
@@ -808,7 +826,8 @@ void wc_ShaFree(wc_Sha* sha)
|
||||
#endif /* !WOLFSSL_TI_HASH */
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
#ifndef WOLFSSL_TI_HASH
|
||||
#if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)
|
||||
|
||||
#if !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || \
|
||||
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
|
||||
int wc_ShaGetHash(wc_Sha* sha, byte* hash)
|
||||
@@ -873,7 +892,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
|
||||
return ret;
|
||||
}
|
||||
#endif /* defined(WOLFSSL_RENESAS_TSIP_CRYPT) ... */
|
||||
#endif /* !WOLFSSL_TI_HASH */
|
||||
#endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
|
||||
|
||||
+13
-2
@@ -130,8 +130,6 @@ where 0 <= L < 2^64.
|
||||
#elif defined(WOLFSSL_CRYPTOCELL)
|
||||
/* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */
|
||||
|
||||
#elif defined(WOLFSSL_IMXRT_DCP)
|
||||
|
||||
#elif defined(WOLFSSL_PSOC6_CRYPTO)
|
||||
|
||||
|
||||
@@ -1295,6 +1293,19 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
return InitSha256(sha256); /* reset state */
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* Apply SHA256 transformation to the data */
|
||||
/* @param sha a pointer to wc_Sha256 structure */
|
||||
/* @param data data to be applied SHA256 transformation */
|
||||
/* @return 0 on successful, otherwise non-zero on failure */
|
||||
int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
|
||||
{
|
||||
if (sha == NULL || data == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return (Transform_Sha256(sha, data));
|
||||
}
|
||||
#endif
|
||||
#endif /* XTRANSFORM */
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
|
||||
@@ -916,7 +916,58 @@ void wc_Sha512Free(wc_Sha512* sha512)
|
||||
wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
}
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* Apply SHA512 transformation to the data */
|
||||
/* @param sha a pointer to wc_Sha512 structure */
|
||||
/* @param data data to be applied SHA512 transformation */
|
||||
/* @return 0 on successful, otherwise non-zero on failure */
|
||||
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
|
||||
{
|
||||
int ret ;
|
||||
/* back up buffer */
|
||||
#if defined(WOLFSSL_SMALL_STACK)
|
||||
word64* buffer;
|
||||
buffer = (word64*) XMALLOC(sizeof(word64) * 16, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buffer == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
|
||||
#endif
|
||||
|
||||
/* sanity check */
|
||||
if (sha == NULL || data == NULL) {
|
||||
#if defined(WOLFSSL_SMALL_STACK)
|
||||
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
|
||||
Sha512_SetTransform();
|
||||
#endif
|
||||
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
|
||||
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
|
||||
#endif
|
||||
{
|
||||
ByteReverseWords64((word64*)data, (word64*)data,
|
||||
WC_SHA512_BLOCK_SIZE);
|
||||
}
|
||||
#endif
|
||||
|
||||
XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
|
||||
XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
|
||||
|
||||
ret = Transform_Sha512(sha);
|
||||
|
||||
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
|
||||
#if defined(WOLFSSL_SMALL_STACK)
|
||||
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
@@ -48,6 +48,13 @@
|
||||
/* Signature wrapper disabled check */
|
||||
#ifndef NO_SIG_WRAPPER
|
||||
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
|
||||
RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
|
||||
extern int cc310_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) && !defined(NO_ASN)
|
||||
static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
|
||||
word32 hash_len, word32* hash_enc_len)
|
||||
@@ -178,12 +185,12 @@ int wc_SignatureVerifyHash(
|
||||
#ifndef NO_RSA
|
||||
#ifdef WOLFSSL_CRYPTOCELL
|
||||
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
|
||||
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
|
||||
cc310_hashModeRSA(hash_type, 0));
|
||||
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
|
||||
(RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
|
||||
}
|
||||
else {
|
||||
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, key,
|
||||
cc310_hashModeRSA(hash_type, 1));
|
||||
ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig,
|
||||
(RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -400,12 +407,12 @@ int wc_SignatureGenerateHash_ex(
|
||||
/* use expected signature size (incoming sig_len could be larger buffer */
|
||||
*sig_len = wc_SignatureGetSize(sig_type, key, key_len);
|
||||
if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) {
|
||||
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
|
||||
cc310_hashModeRSA(hash_type, 0));
|
||||
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
|
||||
(RsaKey*)key, cc310_hashModeRSA(hash_type, 0));
|
||||
}
|
||||
else {
|
||||
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key,
|
||||
cc310_hashModeRSA(hash_type, 1));
|
||||
ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len,
|
||||
(RsaKey*)key, cc310_hashModeRSA(hash_type, 1));
|
||||
}
|
||||
#else
|
||||
/* Create signature using provided RSA key */
|
||||
|
||||
+36
-20
@@ -2481,7 +2481,7 @@ int sp_cond_swap_ct(sp_int * a, sp_int * b, int c, int m)
|
||||
}
|
||||
|
||||
FREE_SP_INT(t, NULL);
|
||||
return MP_OKAY;
|
||||
return err;
|
||||
}
|
||||
#endif /* HAVE_ECC && ECC_TIMING_RESISTANT && !WC_NO_CACHE_RESISTANT */
|
||||
|
||||
@@ -2996,7 +2996,7 @@ int sp_cmp_d(sp_int* a, sp_int_digit d)
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SP_INT_NEGATIVE) || !defined(NO_PWDBASED) || \
|
||||
defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || defined(HAVE_ECC) || \
|
||||
defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
|
||||
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
|
||||
/* Add a one digit number to the multi-precision number.
|
||||
*
|
||||
@@ -4142,7 +4142,7 @@ static int sp_cmp_mag_ct(sp_int* a, sp_int* b, int len)
|
||||
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
|
||||
/* Add two value and reduce: r = (a + b) % m
|
||||
*
|
||||
* r = a + b (mod m) - constant time (|a| < m and |b| < m and positive)
|
||||
* r = a + b (mod m) - constant time (a < m and b < m, a, b and m are positive)
|
||||
*
|
||||
* Assumes a, b, m and r are not NULL.
|
||||
*
|
||||
@@ -4193,7 +4193,7 @@ int sp_addmod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
|
||||
/* Sub b from a and reduce: r = (a - b) % m
|
||||
* Result is always positive.
|
||||
*
|
||||
* r = a - b (mod m) - constant time (a < n and b < m and positive)
|
||||
* r = a - b (mod m) - constant time (a < m and b < m, a, b and m are positive)
|
||||
*
|
||||
* Assumes a, b, m and r are not NULL.
|
||||
*
|
||||
@@ -4482,7 +4482,7 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
|
||||
if (r != NULL) {
|
||||
sp_set(r, 1);
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
r->sign = aSign;
|
||||
r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
|
||||
#endif /* WOLFSSL_SP_INT_NEGATIVE */
|
||||
}
|
||||
done = 1;
|
||||
@@ -4491,11 +4491,14 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
|
||||
/* a is greater than d but same bit length */
|
||||
if (rem != NULL) {
|
||||
_sp_sub_off(a, d, rem, 0);
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
rem->sign = aSign;
|
||||
#endif
|
||||
}
|
||||
if (r != NULL) {
|
||||
sp_set(r, 1);
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
r->sign = aSign;
|
||||
r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
|
||||
#endif /* WOLFSSL_SP_INT_NEGATIVE */
|
||||
}
|
||||
done = 1;
|
||||
@@ -4681,7 +4684,7 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
DECL_SP_INT(t, (m == NULL) ? 1 : m->used);
|
||||
DECL_SP_INT(t, (a == NULL) ? 1 : a->used + 1);
|
||||
#endif /* WOLFSSL_SP_INT_NEGATIVE */
|
||||
|
||||
if ((a == NULL) || (m == NULL) || (r == NULL)) {
|
||||
@@ -4695,11 +4698,11 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
#else
|
||||
ALLOC_SP_INT(t, m->used, err, NULL);
|
||||
if (err == MP_OKAY) {
|
||||
sp_init_size(t, m->used);
|
||||
sp_init_size(t, a->used + 1);
|
||||
err = sp_div(a, m, NULL, t);
|
||||
}
|
||||
if (err == MP_OKAY) {
|
||||
if (t->sign != m->sign) {
|
||||
if ((!sp_iszero(t)) && (t->sign != m->sign)) {
|
||||
err = sp_add(t, m, r);
|
||||
}
|
||||
else {
|
||||
@@ -8013,7 +8016,7 @@ static int _sp_exptmod_ex(sp_int* b, sp_int* e, int bits, sp_int* m, sp_int* r)
|
||||
#endif
|
||||
|
||||
/* Ensure base is less than exponent. */
|
||||
if (_sp_cmp(b, m) != MP_LT) {
|
||||
if (_sp_cmp_abs(b, m) != MP_LT) {
|
||||
err = sp_mod(b, m, t[0]);
|
||||
if ((err == MP_OKAY) && sp_iszero(t[0])) {
|
||||
sp_set(r, 0);
|
||||
@@ -8113,7 +8116,7 @@ static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
|
||||
sp_init_size(t[3], m->used * 2 + 1);
|
||||
|
||||
/* Ensure base is less than exponent. */
|
||||
if (_sp_cmp(b, m) != MP_LT) {
|
||||
if (_sp_cmp_abs(b, m) != MP_LT) {
|
||||
err = sp_mod(b, m, t[0]);
|
||||
if ((err == MP_OKAY) && sp_iszero(t[0])) {
|
||||
sp_set(r, 0);
|
||||
@@ -8248,7 +8251,7 @@ static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
|
||||
sp_init_size(tr, m->used * 2 + 1);
|
||||
|
||||
/* Ensure base is less than exponent. */
|
||||
if (_sp_cmp(b, m) != MP_LT) {
|
||||
if (_sp_cmp_abs(b, m) != MP_LT) {
|
||||
err = sp_mod(b, m, t[1]);
|
||||
if ((err == MP_OKAY) && sp_iszero(t[1])) {
|
||||
sp_set(r, 0);
|
||||
@@ -8767,7 +8770,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
|
||||
sp_init_size(bm, m->used * 2 + 1);
|
||||
|
||||
/* Ensure base is less than exponent. */
|
||||
if (_sp_cmp(b, m) != MP_LT) {
|
||||
if (_sp_cmp_abs(b, m) != MP_LT) {
|
||||
err = sp_mod(b, m, bm);
|
||||
if ((err == MP_OKAY) && sp_iszero(bm)) {
|
||||
sp_set(r, 0);
|
||||
@@ -8980,7 +8983,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
|
||||
sp_init_size(t[1], m->used * 2 + 1);
|
||||
|
||||
/* Ensure base is less than exponent. */
|
||||
if (_sp_cmp(b, m) != MP_LT) {
|
||||
if (_sp_cmp_abs(b, m) != MP_LT) {
|
||||
err = sp_mod(b, m, t[0]);
|
||||
if ((err == MP_OKAY) && sp_iszero(t[0])) {
|
||||
sp_set(r, 0);
|
||||
@@ -12491,6 +12494,7 @@ int sp_tohex(sp_int* a, char* str)
|
||||
|
||||
i = a->used - 1;
|
||||
#ifndef WC_DISABLE_RADIX_ZERO_PAD
|
||||
/* Find highest non-zero byte in most-significant word. */
|
||||
for (j = SP_WORD_SIZE - 8; j >= 0; j -= 8) {
|
||||
if (((a->dp[i] >> j) & 0xff) != 0) {
|
||||
break;
|
||||
@@ -12500,8 +12504,10 @@ int sp_tohex(sp_int* a, char* str)
|
||||
--i;
|
||||
}
|
||||
}
|
||||
/* Start with high nibble of byte. */
|
||||
j += 4;
|
||||
#else
|
||||
/* Find highest non-zero nibble in most-significant word. */
|
||||
for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
|
||||
if (((a->dp[i] >> j) & 0xf) != 0) {
|
||||
break;
|
||||
@@ -12512,6 +12518,7 @@ int sp_tohex(sp_int* a, char* str)
|
||||
}
|
||||
}
|
||||
#endif /* WC_DISABLE_RADIX_ZERO_PAD */
|
||||
/* Most-significant word. */
|
||||
for (; j >= 0; j -= 4) {
|
||||
*(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
|
||||
}
|
||||
@@ -12660,16 +12667,16 @@ int sp_radix_size(sp_int* a, int radix, int* size)
|
||||
}
|
||||
else {
|
||||
int nibbles = (sp_count_bits(a) + 3) / 4;
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
if (a->sign == MP_NEG) {
|
||||
nibbles++;
|
||||
}
|
||||
#endif /* WOLFSSL_SP_INT_NEGATIVE */
|
||||
#ifndef WC_DISABLE_RADIX_ZERO_PAD
|
||||
if (nibbles & 1) {
|
||||
nibbles++;
|
||||
}
|
||||
#endif /* WC_DISABLE_RADIX_ZERO_PAD */
|
||||
#ifdef WOLFSSL_SP_INT_NEGATIVE
|
||||
if (a->sign == MP_NEG) {
|
||||
nibbles++;
|
||||
}
|
||||
#endif /* WOLFSSL_SP_INT_NEGATIVE */
|
||||
/* One more for \0 */
|
||||
*size = nibbles + 1;
|
||||
}
|
||||
@@ -13230,9 +13237,11 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng)
|
||||
}
|
||||
#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
|
||||
|
||||
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
|
||||
/* Calculates the Greatest Common Denominator (GCD) of a and b into r.
|
||||
*
|
||||
* a and b are positive integers.
|
||||
*
|
||||
* @param [in] a SP integer of first operand.
|
||||
* @param [in] b SP integer of second operand.
|
||||
@@ -13250,6 +13259,7 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
|
||||
err = MP_VAL;
|
||||
}
|
||||
else if (sp_iszero(a)) {
|
||||
/* GCD of 0 and 0 is undefined as all integers divide 0. */
|
||||
if (sp_iszero(b)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
@@ -13341,6 +13351,8 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
|
||||
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
|
||||
/* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r.
|
||||
*
|
||||
* a and b are positive integers.
|
||||
*
|
||||
* @param [in] a SP integer of first operand.
|
||||
* @param [in] b SP integer of second operand.
|
||||
@@ -13360,6 +13372,10 @@ int sp_lcm(sp_int* a, sp_int* b, sp_int* r)
|
||||
if ((a == NULL) || (b == NULL) || (r == NULL)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
|
||||
/* LCM of 0 and any number is undefined as 0 is not in the set of values
|
||||
* being used.
|
||||
*/
|
||||
if ((err == MP_OKAY) && (mp_iszero(a) || mp_iszero(b))) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
|
||||
+30
-25
@@ -990,7 +990,7 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c)
|
||||
fp_init(t);
|
||||
err = fp_div(a, b, NULL, t);
|
||||
if (err == FP_OKAY) {
|
||||
if (t->sign != b->sign) {
|
||||
if (!fp_iszero(t) && (t->sign != b->sign)) {
|
||||
err = fp_add(t, b, c);
|
||||
} else {
|
||||
fp_copy(t, c);
|
||||
@@ -5210,6 +5210,12 @@ int fp_lcm(fp_int *a, fp_int *b, fp_int *c)
|
||||
fp_int *t;
|
||||
#endif
|
||||
|
||||
/* LCM of 0 and any number is undefined as 0 is not in the set of values
|
||||
* being used. */
|
||||
if (fp_iszero(a) == FP_YES || fp_iszero(b) == FP_YES) {
|
||||
return FP_VAL;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
t = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_BIGINT);
|
||||
if (t == NULL) {
|
||||
@@ -5249,6 +5255,11 @@ int fp_gcd(fp_int *a, fp_int *b, fp_int *c)
|
||||
fp_int *u, *v, *r;
|
||||
#endif
|
||||
|
||||
/* GCD of 0 and 0 is undefined as all integers divide 0. */
|
||||
if (fp_iszero(a) == FP_YES && fp_iszero(b) == FP_YES) {
|
||||
return FP_VAL;
|
||||
}
|
||||
|
||||
/* either zero than gcd is the largest */
|
||||
if (fp_iszero (a) == FP_YES && fp_iszero (b) == FP_NO) {
|
||||
fp_abs (b, c);
|
||||
@@ -5317,32 +5328,26 @@ int fp_gcd(fp_int *a, fp_int *b, fp_int *c)
|
||||
int fp_add_d(fp_int *a, fp_digit b, fp_int *c)
|
||||
{
|
||||
#ifndef WOLFSSL_SMALL_STACK
|
||||
fp_int tmp;
|
||||
int err;
|
||||
fp_init(&tmp);
|
||||
fp_set(&tmp, b);
|
||||
err = fp_add(a, &tmp, c);
|
||||
return err;
|
||||
fp_int tmp[1];
|
||||
#else
|
||||
int i;
|
||||
fp_word t = b;
|
||||
int err = FP_OKAY;
|
||||
|
||||
fp_copy(a, c);
|
||||
for (i = 0; t != 0 && i < FP_SIZE && i < c->used; i++) {
|
||||
t += c->dp[i];
|
||||
c->dp[i] = (fp_digit)t;
|
||||
t >>= DIGIT_BIT;
|
||||
}
|
||||
if (i == c->used && i < FP_SIZE && t != 0) {
|
||||
c->dp[i] = t;
|
||||
c->used++;
|
||||
}
|
||||
if (i == FP_SIZE && t != 0) {
|
||||
err = FP_VAL;
|
||||
}
|
||||
return err;
|
||||
fp_int* tmp;
|
||||
#endif
|
||||
int err;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT);
|
||||
if (tmp == NULL)
|
||||
return FP_MEM;
|
||||
#endif
|
||||
|
||||
fp_init(tmp);
|
||||
fp_set(tmp, b);
|
||||
err = fp_add(a, tmp, c);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT);
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
|
||||
/* external compatibility */
|
||||
|
||||
+154
-87
@@ -290,7 +290,7 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"");
|
||||
#include <wolfssl/openssl/des.h>
|
||||
#endif
|
||||
|
||||
#if defined(NO_FILESYSTEM)
|
||||
#if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
|
||||
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
|
||||
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
@@ -422,7 +422,8 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
|
||||
WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
|
||||
#endif
|
||||
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
|
||||
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256)
|
||||
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
|
||||
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
|
||||
/* skip for ATECC508/608A, cannot import private key buffers */
|
||||
WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
|
||||
#endif
|
||||
@@ -849,10 +850,12 @@ initDefaultName();
|
||||
test_pass("SHAKE256 test passed!\n");
|
||||
#endif
|
||||
|
||||
#ifndef NO_HASH_WRAPPER
|
||||
if ( (ret = hash_test()) != 0)
|
||||
return err_sys("Hash test failed!\n", ret);
|
||||
else
|
||||
test_pass("Hash test passed!\n");
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_RIPEMD
|
||||
if ( (ret = ripemd_test()) != 0)
|
||||
@@ -1177,7 +1180,8 @@ initDefaultName();
|
||||
test_pass("ECC Enc test passed!\n");
|
||||
#endif
|
||||
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
|
||||
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256)
|
||||
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
|
||||
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
|
||||
/* skip for ATECC508/608A, cannot import private key buffers */
|
||||
if ( (ret = ecc_test_buffers()) != 0)
|
||||
return err_sys("ECC buffer test failed!\n", ret);
|
||||
@@ -3384,7 +3388,7 @@ exit:
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef NO_HASH_WRAPPER
|
||||
WOLFSSL_TEST_SUBROUTINE int hash_test(void)
|
||||
{
|
||||
wc_HashAlg hash;
|
||||
@@ -3689,6 +3693,7 @@ WOLFSSL_TEST_SUBROUTINE int hash_test(void)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_HASH_WRAPPER */
|
||||
|
||||
#if !defined(NO_HMAC) && !defined(NO_MD5)
|
||||
WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
|
||||
@@ -6249,8 +6254,8 @@ WOLFSSL_TEST_SUBROUTINE int des_test(void)
|
||||
sizeof(key), WC_HASH_TYPE_NONE);
|
||||
if (ret == 0)
|
||||
return -5009;
|
||||
}
|
||||
#endif /* !NO_PWDBASED */
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
@@ -7623,9 +7628,11 @@ static int aes_key_size_test(void)
|
||||
#endif
|
||||
byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
|
||||
#ifndef WOLFSSL_CRYPTOCELL
|
||||
byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
|
||||
#endif
|
||||
byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
@@ -7702,7 +7709,8 @@ static int aes_key_size_test(void)
|
||||
if (ret != 0 || keySize != sizeof(key16))
|
||||
ERROR_OUT(-5310, out);
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_CRYPTOCELL
|
||||
/* Cryptocell only supports AES-128 key size */
|
||||
ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
|
||||
#ifdef WOLFSSL_AES_192
|
||||
if (ret != 0)
|
||||
@@ -7728,7 +7736,7 @@ static int aes_key_size_test(void)
|
||||
if (ret != 0 || keySize != sizeof(key32))
|
||||
ERROR_OUT(-5314, out);
|
||||
#endif
|
||||
|
||||
#endif /* !WOLFSSL_CRYPTOCELL */
|
||||
out:
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -11823,12 +11831,11 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
|
||||
static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
|
||||
static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
|
||||
#endif
|
||||
#if defined(HAVE_ECC_KEY_EXPORT)
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
|
||||
static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
|
||||
static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
|
||||
static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
|
||||
|
||||
#ifdef HAVE_PKCS8
|
||||
#if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
|
||||
static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
|
||||
#endif
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
@@ -14439,7 +14446,9 @@ static int rsa_keygen_test(WC_RNG* rng)
|
||||
#endif
|
||||
int ret;
|
||||
byte* der = NULL;
|
||||
#ifndef WOLFSSL_CRYPTOCELL
|
||||
word32 idx = 0;
|
||||
#endif
|
||||
int derSz = 0;
|
||||
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
|
||||
int keySz = 1024;
|
||||
@@ -14499,8 +14508,9 @@ static int rsa_keygen_test(WC_RNG* rng)
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7875, exit_rsa);
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_CRYPTOCELL
|
||||
idx = 0;
|
||||
#if !defined(WOLFSSL_CRYPTOCELL)
|
||||
/* The private key part of the key gen pairs from cryptocell can't be exported */
|
||||
ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
|
||||
if (ret != 0) {
|
||||
@@ -14554,21 +14564,12 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
RsaKey caKey[1];
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_ASN) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) \
|
||||
|| defined(WOLFSSL_PUBLIC_MP)
|
||||
word32 idx = 0;
|
||||
#endif
|
||||
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
|
||||
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
|
||||
const char inStr[] = TEST_STRING;
|
||||
const word32 inLen = (word32)TEST_STRING_SZ;
|
||||
const word32 outSz = RSA_TEST_BYTES;
|
||||
const word32 plainSz = RSA_TEST_BYTES;
|
||||
#endif
|
||||
#if (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(WOLFSSL_PUBLIC_MP)
|
||||
byte* res;
|
||||
#endif
|
||||
#ifndef NO_SIG_WRAPPER
|
||||
int modLen;
|
||||
#endif
|
||||
@@ -14586,8 +14587,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
|
||||
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
|
||||
DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
|
||||
DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
|
||||
DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
|
||||
@@ -14598,7 +14597,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
#endif
|
||||
|
||||
XMEMCPY(in, inStr, inLen);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (key == NULL)
|
||||
@@ -14733,7 +14731,8 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
goto exit_rsa;
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
|
||||
!defined(WC_NO_RNG)
|
||||
do {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
@@ -14809,9 +14808,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
TEST_SLEEP();
|
||||
|
||||
#elif defined(WOLFSSL_PUBLIC_MP)
|
||||
(void)outSz;
|
||||
(void)inLen;
|
||||
(void)res;
|
||||
{
|
||||
static byte signature_2048[] = {
|
||||
0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
|
||||
@@ -14852,8 +14848,9 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(WOLFSSL_PUBLIC_MP)
|
||||
#if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
|
||||
((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
|
||||
defined(WOLFSSL_PUBLIC_MP))
|
||||
idx = (word32)ret;
|
||||
XMEMSET(plain, 0, plainSz);
|
||||
do {
|
||||
@@ -15264,8 +15261,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
}
|
||||
|
||||
FreeDecodedCert(cert);
|
||||
#else
|
||||
(void)bytes;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
@@ -15628,50 +15623,52 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
||||
exit_rsa:
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
if (key != NULL) {
|
||||
wc_FreeRsaKey(key);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
|
||||
if (keypub != NULL) {
|
||||
wc_FreeRsaKey(keypub);
|
||||
XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_NTRU)
|
||||
#endif
|
||||
#if defined(HAVE_NTRU)
|
||||
if (caKey != NULL) {
|
||||
wc_FreeRsaKey(caKey);
|
||||
XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_TEST_CERT
|
||||
#endif
|
||||
#ifdef WOLFSSL_TEST_CERT
|
||||
if (cert != NULL)
|
||||
XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#else
|
||||
|
||||
wc_FreeRsaKey(key);
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
|
||||
wc_FreeRsaKey(keypub);
|
||||
#endif
|
||||
#if defined(HAVE_NTRU)
|
||||
#endif
|
||||
#if defined(HAVE_NTRU)
|
||||
wc_FreeRsaKey(caKey);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif
|
||||
#endif /* WOLFSSL_SMALL_STACK */
|
||||
|
||||
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \
|
||||
!defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
|
||||
FREE_VAR(in, HEAP_HINT);
|
||||
FREE_VAR(out, HEAP_HINT);
|
||||
FREE_VAR(plain, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
(void)res;
|
||||
(void)bytes;
|
||||
(void)in;
|
||||
(void)out;
|
||||
(void)plain;
|
||||
(void)inLen;
|
||||
(void)outSz;
|
||||
(void)plainSz;
|
||||
|
||||
/* ret can be greater then 0 with certgen but all negative values should
|
||||
* be returned and treated as an error */
|
||||
@@ -16056,6 +16053,7 @@ static int dh_test_check_pubvalue(void)
|
||||
#define FFDHE_KEY_SIZE (2048/8)
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
|
||||
{
|
||||
int ret;
|
||||
@@ -16214,7 +16212,7 @@ done:
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* !WC_NO_RNG */
|
||||
#endif /* HAVE_FFDHE */
|
||||
|
||||
WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
@@ -16222,7 +16220,9 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
int ret;
|
||||
word32 bytes;
|
||||
word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
|
||||
#ifndef WC_NO_RNG
|
||||
WC_RNG rng;
|
||||
#endif
|
||||
int keyInit = 0;
|
||||
|
||||
#define DH_TEST_TMP_SIZE 1024
|
||||
@@ -16231,28 +16231,34 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
#else
|
||||
#define DH_TEST_BUF_SIZE 512
|
||||
#endif
|
||||
#ifndef WC_NO_RNG
|
||||
word32 agreeSz = DH_TEST_BUF_SIZE;
|
||||
word32 agreeSz2 = DH_TEST_BUF_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#else
|
||||
DhKey key[1];
|
||||
DhKey key2[1];
|
||||
byte tmp[DH_TEST_TMP_SIZE];
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if ((tmp == NULL) || (priv == NULL) || (pub == NULL) ||
|
||||
(priv2 == NULL) || (pub2 == NULL) || (agree == NULL) ||
|
||||
(agree2 == NULL))
|
||||
if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
|
||||
agree == NULL || agree2 == NULL) {
|
||||
ERROR_OUT(-8100, done);
|
||||
}
|
||||
#else
|
||||
DhKey key[1];
|
||||
DhKey key2[1];
|
||||
byte tmp[DH_TEST_TMP_SIZE];
|
||||
byte priv[DH_TEST_BUF_SIZE];
|
||||
byte pub[DH_TEST_BUF_SIZE];
|
||||
byte priv2[DH_TEST_BUF_SIZE];
|
||||
@@ -16260,6 +16266,13 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
byte agree[DH_TEST_BUF_SIZE];
|
||||
byte agree2[DH_TEST_BUF_SIZE];
|
||||
#endif
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (key == NULL || key2 == NULL || tmp == NULL) {
|
||||
ERROR_OUT(-8100, done);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
|
||||
@@ -16298,7 +16311,10 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
privSz = DH_TEST_BUF_SIZE;
|
||||
privSz2 = DH_TEST_BUF_SIZE;
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
#endif
|
||||
|
||||
/* Use API for coverage. */
|
||||
ret = wc_InitDhKey(key);
|
||||
if (ret != 0) {
|
||||
@@ -16339,6 +16355,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
#else
|
||||
@@ -16383,6 +16400,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
|
||||
ERROR_OUT(-8115, done);
|
||||
}
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
|
||||
@@ -16444,6 +16462,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
}
|
||||
#endif /* WOLFSSL_DH_EXTRA */
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
ret = dh_generate_test(&rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8126, done);
|
||||
@@ -16451,6 +16470,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
ret = dh_fips_generate_test(&rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8127, done);
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
ret = dh_test_check_pubvalue();
|
||||
@@ -16458,6 +16478,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
ERROR_OUT(-8128, done);
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
/* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
|
||||
@@ -16469,12 +16490,13 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8130, done);
|
||||
#endif
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
wc_FreeDhKey(key);
|
||||
keyInit = 0;
|
||||
|
||||
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
|
||||
!defined(WOLFSSL_OLD_PRIME_CHECK)
|
||||
!defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
|
||||
/* Test Check Key */
|
||||
ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
|
||||
NULL, 0, 0, &rng);
|
||||
@@ -16485,7 +16507,9 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
|
||||
done:
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (key) {
|
||||
@@ -16517,6 +16541,11 @@ done:
|
||||
wc_FreeDhKey(key2);
|
||||
#endif
|
||||
|
||||
(void)privSz;
|
||||
(void)pubSz;
|
||||
(void)pubSz2;
|
||||
(void)privSz2;
|
||||
|
||||
return ret;
|
||||
#undef DH_TEST_BUF_SIZE
|
||||
#undef DH_TEST_TMP_SIZE
|
||||
@@ -20646,7 +20675,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#else
|
||||
ecc_key key[1];
|
||||
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
|
||||
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
|
||||
ecc_key pub[1];
|
||||
#endif
|
||||
byte exportBuf[ECC_BUFSIZE];
|
||||
@@ -20774,7 +20803,8 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC_SIGN
|
||||
#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
|
||||
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
|
||||
tmpSz = ECC_BUFSIZE;
|
||||
ret = 0;
|
||||
do {
|
||||
@@ -20819,7 +20849,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
|
||||
#endif /* HAVE_ECC_SIGN */
|
||||
|
||||
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
|
||||
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
|
||||
/* now test private only key with creating a shared secret */
|
||||
x = ECC_BUFSIZE;
|
||||
ret = wc_ecc_export_private_only(key, exportBuf, &x);
|
||||
@@ -20875,7 +20905,7 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
ERROR_OUT(-9870, done);
|
||||
}
|
||||
TEST_SLEEP();
|
||||
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */
|
||||
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
|
||||
|
||||
ret = 0;
|
||||
|
||||
@@ -20903,7 +20933,7 @@ done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
|
||||
static int ecc_test_key_decode(WC_RNG* rng, int keySize)
|
||||
{
|
||||
int ret;
|
||||
@@ -20984,7 +21014,7 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize)
|
||||
#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
|
||||
#endif /* HAVE_ECC_KEY_IMPORT */
|
||||
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
|
||||
static int ecc_test_key_gen(WC_RNG* rng, int keySize)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -21085,7 +21115,7 @@ done:
|
||||
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
int curve_id, const ecc_set_type* dp)
|
||||
{
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
|
||||
DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
|
||||
@@ -21095,7 +21125,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
|
||||
#endif
|
||||
word32 x = 0;
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
word32 y;
|
||||
#endif
|
||||
@@ -21109,18 +21139,20 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
#endif /* HAVE_ECC_SIGN */
|
||||
int ret;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
|
||||
*userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
|
||||
*pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#else
|
||||
ecc_key userA[1],
|
||||
userB[1],
|
||||
pubKey[1];
|
||||
ecc_key userA[1];
|
||||
ecc_key userB[1];
|
||||
ecc_key pubKey[1];
|
||||
#endif
|
||||
#ifndef WC_NO_RNG
|
||||
int curveSize;
|
||||
#endif
|
||||
|
||||
#ifdef DECLARE_VAR_IS_HEAP_ALLOC
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \
|
||||
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
|
||||
if (sharedA == NULL || sharedB == NULL)
|
||||
ERROR_OUT(-9900, done);
|
||||
@@ -21173,6 +21205,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
@@ -21290,7 +21323,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
wc_ecc_set_flags(userA, 0);
|
||||
wc_ecc_set_flags(userB, 0);
|
||||
#endif /* HAVE_ECC_CDH */
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
#endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
|
||||
|
||||
#ifdef HAVE_ECC_KEY_EXPORT
|
||||
x = ECC_KEY_EXPORT_BUF_SIZE;
|
||||
@@ -21367,15 +21400,20 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
TEST_SLEEP();
|
||||
#endif /* HAVE_ECC_DHE */
|
||||
#endif /* HAVE_COMP_KEY */
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#endif /* HAVE_ECC_KEY_IMPORT */
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
|
||||
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))
|
||||
#ifdef HAVE_ECC_SIGN
|
||||
/* ECC w/out Shamir has issue with all 0 digest */
|
||||
/* WC_BIGINT doesn't have 0 len well on hardware */
|
||||
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT)
|
||||
/* Cryptocell has issues with all 0 digest */
|
||||
#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
|
||||
!defined(WOLFSSL_CRYPTOCELL)
|
||||
/* test DSA sign hash with zeros */
|
||||
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
|
||||
digest[i] = 0;
|
||||
@@ -21412,7 +21450,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
TEST_SLEEP();
|
||||
}
|
||||
#endif /* HAVE_ECC_VERIFY */
|
||||
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */
|
||||
#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
|
||||
|
||||
/* test DSA sign hash with sequence (0,1,2,3,4,...) */
|
||||
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
|
||||
@@ -21451,13 +21489,16 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
|
||||
}
|
||||
#endif /* HAVE_ECC_VERIFY */
|
||||
#endif /* HAVE_ECC_SIGN */
|
||||
#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
|
||||
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WOLFSSL_ATECC508) && \
|
||||
!defined(WOLFSSL_ATECC608A)
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A)
|
||||
x = ECC_KEY_EXPORT_BUF_SIZE;
|
||||
ret = wc_ecc_export_private_only(userA, exportBuf, &x);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-9942, done);
|
||||
#else
|
||||
(void)exportBuf;
|
||||
#endif /* HAVE_ECC_KEY_EXPORT */
|
||||
|
||||
done:
|
||||
@@ -21493,6 +21534,10 @@ done:
|
||||
FREE_VAR(digest, HEAP_HINT);
|
||||
#endif
|
||||
|
||||
(void)keySize;
|
||||
(void)curve_id;
|
||||
(void)rng;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -21526,7 +21571,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
|
||||
!defined(NO_ASN_CRYPT)
|
||||
!defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
|
||||
ret = ecc_test_key_decode(rng, keySize);
|
||||
if (ret < 0) {
|
||||
if (ret == ECC_CURVE_OID_E) {
|
||||
@@ -21539,7 +21584,7 @@ static int ecc_test_curve(WC_RNG* rng, int keySize)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
|
||||
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
|
||||
ret = ecc_test_key_gen(rng, keySize);
|
||||
if (ret < 0) {
|
||||
if (ret == ECC_CURVE_OID_E) {
|
||||
@@ -22053,7 +22098,7 @@ done:
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC_DHE
|
||||
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
|
||||
static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
|
||||
{
|
||||
int ret;
|
||||
@@ -22099,7 +22144,7 @@ static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
|
||||
TEST_SLEEP();
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_ECC_DHE */
|
||||
#endif /* HAVE_ECC_DHE && !WC_NO_RNG */
|
||||
#endif
|
||||
|
||||
static int ecc_def_curve_test(WC_RNG *rng)
|
||||
@@ -22110,6 +22155,9 @@ static int ecc_def_curve_test(WC_RNG *rng)
|
||||
#else
|
||||
ecc_key key[1];
|
||||
#endif
|
||||
#ifdef WC_NO_RNG
|
||||
word32 idx = 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (key == NULL)
|
||||
@@ -22130,9 +22178,16 @@ static int ecc_def_curve_test(WC_RNG *rng)
|
||||
goto done;
|
||||
}
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
#else
|
||||
/* use test ECC key */
|
||||
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
|
||||
(word32)sizeof_ecc_key_der_256);
|
||||
(void)rng;
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
ret = -10092;
|
||||
@@ -22158,7 +22213,7 @@ static int ecc_def_curve_test(WC_RNG *rng)
|
||||
if (ret < 0)
|
||||
goto done;
|
||||
#endif
|
||||
#ifdef HAVE_ECC_DHE
|
||||
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
|
||||
ret = ecc_ssh_test(key, rng);
|
||||
if (ret < 0)
|
||||
goto done;
|
||||
@@ -22729,16 +22784,26 @@ static int ecc_test_allocator(WC_RNG* rng)
|
||||
{
|
||||
int ret = 0;
|
||||
ecc_key* key;
|
||||
#ifdef WC_NO_RNG
|
||||
word32 idx = 0;
|
||||
#endif
|
||||
|
||||
key = wc_ecc_key_new(HEAP_HINT);
|
||||
if (key == NULL) {
|
||||
ERROR_OUT(-10150, exit);
|
||||
}
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-10151, exit);
|
||||
}
|
||||
#else
|
||||
/* use test ECC key */
|
||||
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
|
||||
(word32)sizeof_ecc_key_der_256);
|
||||
(void)rng;
|
||||
#endif
|
||||
|
||||
exit:
|
||||
wc_ecc_key_free(key);
|
||||
@@ -23599,6 +23664,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-10423, done);
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
#else
|
||||
@@ -23615,6 +23681,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
|
||||
ERROR_OUT(-10425, done);
|
||||
}
|
||||
#endif
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
|
||||
{
|
||||
|
||||
@@ -295,14 +295,18 @@
|
||||
<ClCompile Include="wolfcrypt\src\cmac.c" />
|
||||
<ClCompile Include="wolfcrypt\src\coding.c" />
|
||||
<ClCompile Include="wolfcrypt\src\curve25519.c" />
|
||||
<ClCompile Include="wolfcrypt\src\curve448.c" />
|
||||
<ClCompile Include="wolfcrypt\src\cpuid.c" />
|
||||
<ClCompile Include="wolfcrypt\src\des3.c" />
|
||||
<ClCompile Include="wolfcrypt\src\dh.c" />
|
||||
<ClCompile Include="wolfcrypt\src\dsa.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ecc.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ed25519.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ed448.c" />
|
||||
<ClCompile Include="wolfcrypt\src\error.c" />
|
||||
<ClCompile Include="wolfcrypt\src\fe_448.c" />
|
||||
<ClCompile Include="wolfcrypt\src\fe_operations.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ge_448.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ge_low_mem.c" />
|
||||
<ClCompile Include="wolfcrypt\src\ge_operations.c" />
|
||||
<ClCompile Include="wolfcrypt\src\hash.c" />
|
||||
|
||||
+2
-1
@@ -170,7 +170,8 @@ enum wolfSSL_ErrorCodes {
|
||||
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
|
||||
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
|
||||
APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
|
||||
|
||||
TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */
|
||||
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
|
||||
+8
-5
@@ -59,6 +59,9 @@
|
||||
#ifdef HAVE_POLY1305
|
||||
#include <wolfssl/wolfcrypt/poly1305.h>
|
||||
#endif
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA)
|
||||
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
|
||||
#endif
|
||||
#ifdef HAVE_CAMELLIA
|
||||
#include <wolfssl/wolfcrypt/camellia.h>
|
||||
#endif
|
||||
@@ -1870,7 +1873,7 @@ WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
|
||||
int haveRSAsig, int haveAnon,
|
||||
int tls1_2, int keySz);
|
||||
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
|
||||
word16, word16, word16, word16, word16, int);
|
||||
word16, word16, word16, word16, word16, word16, int);
|
||||
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
|
||||
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
|
||||
|
||||
@@ -2834,6 +2837,7 @@ struct WOLFSSL_CTX {
|
||||
byte sessionCtxSz;
|
||||
byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
|
||||
CallbackInfoState* CBIS; /* used to get info about SSL state */
|
||||
WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
|
||||
#endif
|
||||
CallbackIORecv CBIORecv;
|
||||
CallbackIOSend CBIOSend;
|
||||
@@ -2931,10 +2935,10 @@ struct WOLFSSL_CTX {
|
||||
TicketEncCbCtx ticketKeyCtx;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_SUPPORTED_CURVES
|
||||
byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
|
||||
#endif
|
||||
#endif
|
||||
#ifdef ATOMIC_USER
|
||||
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
|
||||
CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
|
||||
@@ -3534,9 +3538,7 @@ typedef struct Options {
|
||||
#ifdef HAVE_POLY1305
|
||||
word16 oldPoly:1; /* set when to use old rfc way of poly*/
|
||||
#endif
|
||||
#ifdef HAVE_ANON
|
||||
word16 haveAnon:1; /* User wants to allow Anon suites */
|
||||
#endif
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
word16 createTicket:1; /* Server to create new Ticket */
|
||||
word16 useTicket:1; /* Use Ticket not session cache */
|
||||
@@ -4365,11 +4367,12 @@ struct WOLFSSL {
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
EarlyDataState earlyData;
|
||||
word32 earlyDataSz;
|
||||
byte earlyDataStatus;
|
||||
#endif
|
||||
#ifdef OPENSSL_ALL
|
||||
long verifyCallbackResult;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
|
||||
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
|
||||
#endif
|
||||
|
||||
@@ -68,6 +68,7 @@
|
||||
#define BIO_set_fp wolfSSL_BIO_set_fp
|
||||
#define BIO_get_fp wolfSSL_BIO_get_fp
|
||||
#define BIO_seek wolfSSL_BIO_seek
|
||||
#define BIO_tell wolfSSL_BIO_tell
|
||||
#define BIO_write_filename wolfSSL_BIO_write_filename
|
||||
#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return
|
||||
|
||||
|
||||
@@ -52,13 +52,14 @@ typedef struct WOLFSSL_MD5_CTX {
|
||||
WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
|
||||
WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
|
||||
WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
|
||||
|
||||
typedef WOLFSSL_MD5_CTX MD5_CTX;
|
||||
|
||||
#define MD5_Init wolfSSL_MD5_Init
|
||||
#define MD5_Update wolfSSL_MD5_Update
|
||||
#define MD5_Final wolfSSL_MD5_Final
|
||||
#define MD5_Transform wolfSSL_MD5_Transform
|
||||
|
||||
#ifdef OPENSSL_EXTRA_BSD
|
||||
#define MD5Init wolfSSL_MD5_Init
|
||||
|
||||
+27
-6
@@ -52,12 +52,14 @@ typedef struct WOLFSSL_SHA_CTX {
|
||||
WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
|
||||
WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
|
||||
WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*,
|
||||
const unsigned char *data);
|
||||
/* SHA1 points to above, shouldn't use SHA0 ever */
|
||||
WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
|
||||
WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
|
||||
WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*,
|
||||
const unsigned char *data);
|
||||
enum {
|
||||
SHA_DIGEST_LENGTH = 20
|
||||
};
|
||||
@@ -68,6 +70,13 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
|
||||
#define SHA_Init wolfSSL_SHA_Init
|
||||
#define SHA_Update wolfSSL_SHA_Update
|
||||
#define SHA_Final wolfSSL_SHA_Final
|
||||
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
|
||||
/* SHA is only available in non-fips mode or fips version > 2 mode
|
||||
* because of SHA enum in FIPS build. */
|
||||
#define SHA wolfSSL_SHA1
|
||||
#endif
|
||||
|
||||
#define SHA1_Init wolfSSL_SHA1_Init
|
||||
#define SHA1_Update wolfSSL_SHA1_Update
|
||||
@@ -99,6 +108,13 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
|
||||
#define SHA224_Init wolfSSL_SHA224_Init
|
||||
#define SHA224_Update wolfSSL_SHA224_Update
|
||||
#define SHA224_Final wolfSSL_SHA224_Final
|
||||
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
|
||||
/* SHA224 is only available in non-fips mode or fips version > 2 mode
|
||||
* because of SHA224 enum in FIPS build. */
|
||||
#define SHA224 wolfSSL_SHA224
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_SHA224 */
|
||||
|
||||
@@ -113,9 +129,10 @@ typedef struct WOLFSSL_SHA256_CTX {
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
|
||||
WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
|
||||
unsigned long);
|
||||
unsigned long);
|
||||
WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*,
|
||||
const unsigned char *data);
|
||||
enum {
|
||||
SHA256_DIGEST_LENGTH = 32
|
||||
};
|
||||
@@ -126,6 +143,8 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
|
||||
#define SHA256_Init wolfSSL_SHA256_Init
|
||||
#define SHA256_Update wolfSSL_SHA256_Update
|
||||
#define SHA256_Final wolfSSL_SHA256_Final
|
||||
#define SHA256_Transform wolfSSL_SHA256_Transform
|
||||
|
||||
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
|
||||
* build. */
|
||||
@@ -171,9 +190,10 @@ typedef struct WOLFSSL_SHA512_CTX {
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
|
||||
WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
|
||||
unsigned long);
|
||||
unsigned long);
|
||||
WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*,
|
||||
const unsigned char*);
|
||||
enum {
|
||||
SHA512_DIGEST_LENGTH = 64
|
||||
};
|
||||
@@ -184,6 +204,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
|
||||
#define SHA512_Init wolfSSL_SHA512_Init
|
||||
#define SHA512_Update wolfSSL_SHA512_Update
|
||||
#define SHA512_Final wolfSSL_SHA512_Final
|
||||
#define SHA512_Transform wolfSSL_SHA512_Transform
|
||||
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||
/* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS
|
||||
* build. */
|
||||
|
||||
@@ -410,6 +410,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define X509_free wolfSSL_X509_free
|
||||
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
|
||||
#define X509_digest wolfSSL_X509_digest
|
||||
#define X509_pubkey_digest wolfSSL_X509_pubkey_digest
|
||||
#define X509_get_ext_count wolfSSL_X509_get_ext_count
|
||||
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
|
||||
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
|
||||
@@ -558,6 +559,12 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
||||
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
|
||||
#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS
|
||||
|
||||
#define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT
|
||||
#define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE
|
||||
#define X509_VP_FLAG_RESET_FLAGS WOLFSSL_VPARAM_RESET_FLAGS
|
||||
#define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED
|
||||
#define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE
|
||||
|
||||
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
|
||||
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
|
||||
#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
|
||||
@@ -605,6 +612,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags
|
||||
#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
|
||||
#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
|
||||
#define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1
|
||||
#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations
|
||||
|
||||
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
|
||||
@@ -622,6 +630,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
|
||||
#define X509_CRL_verify wolfSSL_X509_CRL_verify
|
||||
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
|
||||
#define X509_load_crl_file wolfSSL_X509_load_crl_file
|
||||
|
||||
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
|
||||
#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
|
||||
@@ -1071,6 +1080,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
|
||||
#define SSL_CTX_set_min_proto_version wolfSSL_CTX_set_min_proto_version
|
||||
#define SSL_CTX_set_max_proto_version wolfSSL_CTX_set_max_proto_version
|
||||
#define SSL_CTX_get_min_proto_version wolfSSL_CTX_get_min_proto_version
|
||||
|
||||
#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts
|
||||
|
||||
@@ -1127,6 +1137,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
|
||||
#define SSL3_AD_BAD_CERTIFICATE bad_certificate
|
||||
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
|
||||
#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name
|
||||
#define SSL_AD_NO_RENEGOTIATION no_renegotiation
|
||||
#define SSL_AD_INTERNAL_ERROR 80
|
||||
|
||||
#define ASN1_STRFLGS_ESC_MSB 4
|
||||
|
||||
@@ -1167,6 +1180,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define SSL3_AL_FATAL 2
|
||||
#define SSL_TLSEXT_ERR_OK 0
|
||||
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
|
||||
#define SSL_TLSEXT_ERR_ALERT_WARNING alert_warning
|
||||
#define SSL_TLSEXT_ERR_NOACK alert_warning
|
||||
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME
|
||||
|
||||
@@ -1306,6 +1320,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
|
||||
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
|
||||
#define SSL_get0_param wolfSSL_get0_param
|
||||
#define SSL_CTX_get0_param wolfSSL_CTX_get0_param
|
||||
#define SSL_CTX_set1_param wolfSSL_CTX_set1_param
|
||||
#define SSL_get_srp_username wolfSSL_get_srp_username
|
||||
|
||||
#define ERR_NUM_ERRORS 16
|
||||
@@ -1317,6 +1333,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define SSL_get_rbio wolfSSL_SSL_get_rbio
|
||||
#define SSL_get_wbio wolfSSL_SSL_get_wbio
|
||||
#define SSL_do_handshake wolfSSL_SSL_do_handshake
|
||||
|
||||
#if defined(WOLFSSL_EARLY_DATA)
|
||||
#define SSL_get_early_data_status wolfSSL_get_early_data_status
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
/* cipher suites for compatibility */
|
||||
|
||||
+31
-4
@@ -563,8 +563,16 @@ struct WOLFSSL_X509_STORE {
|
||||
#define WOLFSSL_USE_CHECK_TIME 0x2
|
||||
#define WOLFSSL_NO_CHECK_TIME 0x200000
|
||||
#define WOLFSSL_HOST_NAME_MAX 256
|
||||
|
||||
#define WOLFSSL_VPARAM_DEFAULT 0x1
|
||||
#define WOLFSSL_VPARAM_OVERWRITE 0x2
|
||||
#define WOLFSSL_VPARAM_RESET_FLAGS 0x4
|
||||
#define WOLFSSL_VPARAM_LOCKED 0x8
|
||||
#define WOLFSSL_VPARAM_ONCE 0x10
|
||||
|
||||
struct WOLFSSL_X509_VERIFY_PARAM {
|
||||
time_t check_time;
|
||||
unsigned int inherit_flags;
|
||||
unsigned long flags;
|
||||
char hostName[WOLFSSL_HOST_NAME_MAX];
|
||||
unsigned int hostFlags;
|
||||
@@ -878,7 +886,9 @@ WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
|
||||
#endif
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
|
||||
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
|
||||
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm);
|
||||
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
|
||||
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
|
||||
WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
|
||||
@@ -938,6 +948,11 @@ WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
|
||||
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
|
||||
#define WOLFSSL_EARLY_DATA_NOT_SENT 0
|
||||
#define WOLFSSL_EARLY_DATA_REJECTED 1
|
||||
#define WOLFSSL_EARLY_DATA_ACCEPTED 2
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
|
||||
unsigned int sz);
|
||||
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
|
||||
@@ -945,6 +960,7 @@ WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
|
||||
int sz, int* outSz);
|
||||
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
|
||||
int* outSz);
|
||||
WOLFSSL_API int wolfSSL_get_early_data_status(const WOLFSSL* ssl);
|
||||
#endif /* WOLFSSL_EARLY_DATA */
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
|
||||
@@ -1338,6 +1354,7 @@ WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
|
||||
WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
|
||||
|
||||
WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
|
||||
WOLFSSL_API int wolfSSL_BIO_tell(WOLFSSL_BIO* bio);
|
||||
WOLFSSL_API int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
|
||||
WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
|
||||
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
|
||||
@@ -1545,6 +1562,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* p
|
||||
unsigned int nameSz);
|
||||
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(
|
||||
WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc);
|
||||
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
|
||||
const WOLFSSL_X509_VERIFY_PARAM* from);
|
||||
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
|
||||
const char *file, int type);
|
||||
#endif
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
||||
@@ -2116,8 +2137,8 @@ WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
|
||||
const unsigned char*, unsigned int);
|
||||
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
|
||||
#endif
|
||||
|
||||
@@ -2255,6 +2276,8 @@ WOLFSSL_API WOLFSSL_X509*
|
||||
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
|
||||
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
|
||||
const unsigned char *in, int len);
|
||||
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
|
||||
WOLFSSL_X509_CRL **crl);
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
|
||||
#endif
|
||||
@@ -3480,6 +3503,8 @@ WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx,
|
||||
WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx);
|
||||
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
|
||||
const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
|
||||
WOLFSSL_API int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
|
||||
const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len);
|
||||
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
|
||||
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
|
||||
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
|
||||
@@ -3554,6 +3579,7 @@ WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
|
||||
WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
|
||||
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
|
||||
@@ -3615,6 +3641,7 @@ WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
|
||||
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
|
||||
WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
|
||||
@@ -3990,9 +4017,9 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
|
||||
const WOLFSSL_ASN1_INTEGER *a);
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
|
||||
WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
|
||||
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
|
||||
typedef int (*ticketCompatCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
|
||||
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc);
|
||||
WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, ticketCompatCb);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||
|
||||
@@ -4088,4 +4088,30 @@ static WC_INLINE word16 GetRandomPort(void)
|
||||
return port;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
|
||||
{
|
||||
int earlyData_status;
|
||||
|
||||
earlyData_status = wolfSSL_get_early_data_status(ssl);
|
||||
if (earlyData_status < 0) return;
|
||||
|
||||
printf("Early Data was ");
|
||||
|
||||
switch(earlyData_status) {
|
||||
case WOLFSSL_EARLY_DATA_NOT_SENT:
|
||||
printf("not sent.\n");
|
||||
break;
|
||||
case WOLFSSL_EARLY_DATA_REJECTED:
|
||||
printf("rejected.\n");
|
||||
break;
|
||||
case WOLFSSL_EARLY_DATA_ACCEPTED:
|
||||
printf("accepted\n");
|
||||
break;
|
||||
default:
|
||||
printf("unknown...\n");
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_EARLY_DATA */
|
||||
|
||||
#endif /* wolfSSL_TEST_H */
|
||||
|
||||
@@ -977,6 +977,14 @@ struct DecodedCert {
|
||||
#endif
|
||||
};
|
||||
|
||||
/* ASN Encoded Name field */
|
||||
typedef struct EncodedName {
|
||||
int nameLen; /* actual string value length */
|
||||
int totalLen; /* total encoded length */
|
||||
int type; /* type of name */
|
||||
int used; /* are we actually using this one */
|
||||
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
|
||||
} EncodedName;
|
||||
|
||||
#ifdef NO_SHA
|
||||
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
@@ -1163,6 +1171,8 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
|
||||
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
|
||||
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
||||
|
||||
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
@@ -1390,6 +1400,8 @@ struct OcspEntry
|
||||
byte* rawCertId; /* raw bytes of the CertID */
|
||||
int rawCertIdSize; /* num bytes in raw CertID */
|
||||
/* option bits - using 32-bit for alignment */
|
||||
word32 ownStatus:1; /* do we need to free the status
|
||||
* response list */
|
||||
word32 isDynamic:1; /* was dynamically allocated */
|
||||
|
||||
};
|
||||
|
||||
@@ -88,7 +88,7 @@ enum wc_HashFlags {
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
#ifndef NO_HASH_WRAPPER
|
||||
typedef union {
|
||||
#ifndef NO_MD5
|
||||
wc_Md5 md5;
|
||||
@@ -112,6 +112,7 @@ typedef union {
|
||||
wc_Sha3 sha3;
|
||||
#endif
|
||||
} wc_HashAlg;
|
||||
#endif /* !NO_HASH_WRAPPER */
|
||||
|
||||
/* Find largest possible digest size
|
||||
Note if this gets up to the size of 80 or over check smallstack build */
|
||||
@@ -151,6 +152,8 @@ WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
|
||||
|
||||
WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType);
|
||||
|
||||
#ifndef NO_HASH_WRAPPER
|
||||
|
||||
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
|
||||
WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
|
||||
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
|
||||
@@ -215,6 +218,8 @@ WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32);
|
||||
#endif
|
||||
#endif /* WOLFSSL_SHA3 */
|
||||
|
||||
#endif /* !NO_HASH_WRAPPER */
|
||||
|
||||
enum max_prf {
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
MAX_PRF_HALF = 516, /* Maximum half secret len */
|
||||
|
||||
@@ -227,7 +227,8 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
|
||||
/* ---> Basic Manipulations <--- */
|
||||
#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
|
||||
#define mp_isone(a) \
|
||||
(((((a)->used == 1)) && ((a)->dp[0] == 1u)) ? MP_YES : MP_NO)
|
||||
(((((a)->used == 1)) && ((a)->dp[0] == 1u) && ((a)->sign == MP_ZPOS)) \
|
||||
? MP_YES : MP_NO)
|
||||
#define mp_iseven(a) \
|
||||
(((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO)
|
||||
#define mp_isodd(a) \
|
||||
|
||||
@@ -42,9 +42,12 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(NO_OLD_MD5_NAME)
|
||||
#define MD5 WC_MD5
|
||||
#endif
|
||||
|
||||
#ifndef NO_OLD_WC_NAMES
|
||||
#define Md5 wc_Md5
|
||||
#define MD5 WC_MD5
|
||||
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
|
||||
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
|
||||
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
|
||||
@@ -109,6 +112,9 @@ WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
|
||||
WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
|
||||
WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
|
||||
WOLFSSL_API void wc_Md5Free(wc_Md5*);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*);
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*);
|
||||
WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
|
||||
|
||||
@@ -89,11 +89,13 @@ uint64_t wc_esp32elapsedTime();
|
||||
|
||||
/* RAW hash function APIs are not implemented with esp32 hardware acceleration*/
|
||||
#define WOLFSSL_NO_HASH_RAW
|
||||
#define SHA_CTX ETS_SHAContext
|
||||
#if ESP_IDF_VERSION_MAJOR >= 4
|
||||
#include "esp32/rom/sha.h"
|
||||
#else
|
||||
#include "rom/sha.h"
|
||||
#endif
|
||||
#undef SHA_CTX
|
||||
|
||||
typedef enum {
|
||||
ESP32_SHA_INIT = 0,
|
||||
|
||||
@@ -1,47 +1,47 @@
|
||||
/* port/ti/ti_ccm.c
|
||||
*
|
||||
* Copyright (C) 2006-2020 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
/* port/ti/ti_ccm.c
|
||||
*
|
||||
* Copyright (C) 2006-2020 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#ifndef WOLF_CRYPT_TI_CCM_H
|
||||
#define WOLF_CRYPT_TI_CCM_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
|
||||
|
||||
int wolfSSL_TI_CCMInit(void) ;
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
void wolfSSL_TI_lockCCM(void) ;
|
||||
void wolfSSL_TI_unlockCCM(void) ;
|
||||
#else
|
||||
#define wolfSSL_TI_lockCCM()
|
||||
#define wolfSSL_TI_unlockCCM()
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLF_CRYPT_TI_CCM_H
|
||||
#define WOLF_CRYPT_TI_CCM_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH)
|
||||
|
||||
int wolfSSL_TI_CCMInit(void) ;
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
void wolfSSL_TI_lockCCM(void) ;
|
||||
void wolfSSL_TI_unlockCCM(void) ;
|
||||
#else
|
||||
#define wolfSSL_TI_lockCCM()
|
||||
#define wolfSSL_TI_unlockCCM()
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
@@ -1796,7 +1796,9 @@ extern void uITRON4_free(void *p) ;
|
||||
/* ECC Configs */
|
||||
#ifdef HAVE_ECC
|
||||
/* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
|
||||
#ifndef NO_ECC_SIGN
|
||||
#if !defined(NO_ECC_SIGN) && \
|
||||
(!defined(ECC_TIMING_RESISTANT) || \
|
||||
(defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
|
||||
#undef HAVE_ECC_SIGN
|
||||
#define HAVE_ECC_SIGN
|
||||
#endif
|
||||
@@ -1808,7 +1810,7 @@ extern void uITRON4_free(void *p) ;
|
||||
#undef HAVE_ECC_CHECK_KEY
|
||||
#define HAVE_ECC_CHECK_KEY
|
||||
#endif
|
||||
#ifndef NO_ECC_DHE
|
||||
#if !defined(NO_ECC_DHE) && !defined(WC_NO_RNG)
|
||||
#undef HAVE_ECC_DHE
|
||||
#define HAVE_ECC_DHE
|
||||
#endif
|
||||
@@ -2094,8 +2096,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
|
||||
#error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
|
||||
#endif
|
||||
#if !defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
|
||||
#error static memory requires fast math please define USE_FAST_MATH
|
||||
#if !defined(WOLFSSL_SP_NO_MALLOC) && \
|
||||
!defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
|
||||
#error The static memory option is only supported for fast math or SP with no malloc
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
#error static memory does not support small stack please undefine
|
||||
@@ -2271,9 +2274,14 @@ extern void uITRON4_free(void *p) ;
|
||||
|
||||
#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
|
||||
/* added to have compatibility with SHA256() */
|
||||
#if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)
|
||||
#if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
|
||||
#define NO_OLD_SHA_NAMES
|
||||
#endif
|
||||
#if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
|
||||
#define NO_OLD_MD5_NAME
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
|
||||
|
||||
@@ -169,6 +169,9 @@ WOLFSSL_API void wc_ShaFree(wc_Sha*);
|
||||
|
||||
WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
|
||||
WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
|
||||
|
||||
@@ -198,7 +198,9 @@ WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
|
||||
WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
|
||||
WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
|
||||
WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*);
|
||||
#endif
|
||||
WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
|
||||
WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
|
||||
|
||||
@@ -216,9 +218,12 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
|
||||
#if !defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
|
||||
|
||||
#if !defined(NO_OLD_SHA_NAMES)
|
||||
#define SHA224 WC_SHA224
|
||||
#endif
|
||||
|
||||
#ifndef NO_OLD_WC_NAMES
|
||||
#define Sha224 wc_Sha224
|
||||
#define SHA224 WC_SHA224
|
||||
#define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
|
||||
#define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
|
||||
#define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE
|
||||
|
||||
@@ -180,6 +180,9 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
|
||||
WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
|
||||
#endif
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
#if defined(WOLFSSL_SHA384)
|
||||
|
||||
@@ -655,9 +655,9 @@ typedef struct sp_ecc_ctx {
|
||||
#endif
|
||||
|
||||
/** Radix is base 10 or decimal. */
|
||||
#define MP_RADIX_DEC 10
|
||||
#define MP_RADIX_DEC 10
|
||||
/** Radix is base 16 or hexadecimal. */
|
||||
#define MP_RADIX_HEX 16
|
||||
#define MP_RADIX_HEX 16
|
||||
|
||||
/** Result of comparison is that the first number is greater than second. */
|
||||
#define MP_GT 1
|
||||
@@ -666,16 +666,21 @@ typedef struct sp_ecc_ctx {
|
||||
/** Result of comparison is that the first number is less than second. */
|
||||
#define MP_LT -1
|
||||
|
||||
/* ERROR VALUES */
|
||||
/** Error value on success. */
|
||||
#define MP_OKAY 0
|
||||
#define MP_OKAY 0
|
||||
/** Error value when dynamic memory allocation fails. */
|
||||
#define MP_MEM -2
|
||||
#define MP_MEM -2
|
||||
/** Error value when value passed is not able to be used. */
|
||||
#define MP_VAL -3
|
||||
#define MP_VAL -3
|
||||
/** Error value when non-blocking operation is returning after partial
|
||||
* completion.
|
||||
*/
|
||||
#define FP_WOULDBLOCK -4
|
||||
#define FP_WOULDBLOCK -4
|
||||
/* Unused error. Defined for backward compatability. */
|
||||
#define MP_NOT_INF -5
|
||||
/* Unused error. Defined for backward compatability. */
|
||||
#define MP_RANGE MP_NOT_INF
|
||||
|
||||
/* Number of bits in each word/digit. */
|
||||
#define DIGIT_BIT SP_WORD_SIZE
|
||||
|
||||
@@ -246,7 +246,7 @@ WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);
|
||||
*
|
||||
* The public ephemeral value is known as:
|
||||
* A at the client side. A = g ^ a % N
|
||||
* B at the server side. B = (k * v + (g ˆ b % N)) % N
|
||||
* B at the server side. B = (k * v + (g ^ b % N)) % N
|
||||
* This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
|
||||
*
|
||||
* @param[in,out] srp the Srp structure.
|
||||
|
||||
@@ -422,13 +422,16 @@ MP_API void fp_free(fp_int* a);
|
||||
/* zero/one/even/odd/neg/word ? */
|
||||
#define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO)
|
||||
#define fp_isone(a) \
|
||||
((((a)->used == 1) && ((a)->dp[0] == 1)) ? FP_YES : FP_NO)
|
||||
#define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
|
||||
#define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
|
||||
#define fp_isneg(a) (((a)->sign != 0) ? FP_YES : FP_NO)
|
||||
#define fp_isword(a, w) \
|
||||
((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \
|
||||
((((a)->used == 1) && ((a)->dp[0] == 1) && ((a)->sign == FP_ZPOS)) \
|
||||
? FP_YES : FP_NO)
|
||||
#define fp_iseven(a) \
|
||||
(((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
|
||||
#define fp_isodd(a) \
|
||||
(((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
|
||||
#define fp_isneg(a) (((a)->sign != FP_ZPOS) ? FP_YES : FP_NO)
|
||||
#define fp_isword(a, w) \
|
||||
(((((a)->used == 1) && ((a)->dp[0] == w)) || \
|
||||
((w == 0) && ((a)->used == 0))) ? FP_YES : FP_NO)
|
||||
|
||||
/* set to a small digit */
|
||||
void fp_set(fp_int *a, fp_digit b);
|
||||
|
||||
Reference in New Issue
Block a user