wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #640 from jrblixt/unitTest_api_dev

Browse Source 
unit test md5, sha, sha256, sha384, sha512
This commit is contained in:
toddouska
2017-05-17 09:17:32 -07:00
committed by GitHub
parent 4c451a6c61 cb3b10054d
commit 2f15d57a6f
11 changed files with 1539 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
mcapi/crypto.c
View File

@@ -52,9 +52,7 @@ int CRYPT_MD5_Initialize(CRYPT_MD5_CTX* md5)
if (md5 == NULL) if (md5 == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
wc_InitMd5((Md5*)md5); return wc_InitMd5((Md5*)md5);
return 0;
} }
@@ -65,9 +63,7 @@ int CRYPT_MD5_DataAdd(CRYPT_MD5_CTX* md5, const unsigned char* input,
if (md5 == NULL || input == NULL) if (md5 == NULL || input == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
wc_Md5Update((Md5*)md5, input, sz); return wc_Md5Update((Md5*)md5, input, sz);
return 0;
} }
@@ -77,9 +73,7 @@ int CRYPT_MD5_Finalize(CRYPT_MD5_CTX* md5, unsigned char* digest)
if (md5 == NULL || digest == NULL) if (md5 == NULL || digest == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
wc_Md5Final((Md5*)md5, digest); return wc_Md5Final((Md5*)md5, digest);
return 0;
} }

45
mcapi/mcapi_test.c
View File

@@ -214,25 +214,30 @@ static int check_md5(void)
{ {
CRYPT_MD5_CTX mcMd5; CRYPT_MD5_CTX mcMd5;
Md5 defMd5; Md5 defMd5;
int ret;
byte mcDigest[CRYPT_MD5_DIGEST_SIZE]; byte mcDigest[CRYPT_MD5_DIGEST_SIZE];
byte defDigest[MD5_DIGEST_SIZE]; byte defDigest[MD5_DIGEST_SIZE];
CRYPT_MD5_Initialize(&mcMd5); CRYPT_MD5_Initialize(&mcMd5);
wc_InitMd5(&defMd5); ret = wc_InitMd5(&defMd5);
CRYPT_MD5_DataAdd(&mcMd5, ourData, OUR_DATA_SIZE); if (ret == 0) {
wc_Md5Update(&defMd5, ourData, OUR_DATA_SIZE); CRYPT_MD5_DataAdd(&mcMd5, ourData, OUR_DATA_SIZE);
ret = wc_Md5Update(&defMd5, ourData, OUR_DATA_SIZE);
}
CRYPT_MD5_Finalize(&mcMd5, mcDigest); if (ret == 0) {
wc_Md5Final(&defMd5, defDigest); CRYPT_MD5_Finalize(&mcMd5, mcDigest);
ret = wc_Md5Final(&defMd5, defDigest);
}
if (memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) {
printf("md5 final memcmp fialed\n"); printf("md5 final memcmp fialed\n");
return -1; return -1;
} }
printf("md5 mcapi test passed\n"); printf("md5 mcapi test passed\n");
return 0; return ret;
} }
@@ -261,7 +266,7 @@ static int check_sha(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) {
printf("sha final memcmp failed\n"); printf("sha final memcmp failed\n");
return -1; return -1;
} }
printf("sha mcapi test passed\n"); printf("sha mcapi test passed\n");
return 0; return 0;
@@ -301,7 +306,7 @@ static int check_sha256(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) {
printf("sha256 final memcmp fialed\n"); printf("sha256 final memcmp fialed\n");
return -1; return -1;
} }
printf("sha256 mcapi test passed\n"); printf("sha256 mcapi test passed\n");
return 0; return 0;
@@ -341,7 +346,7 @@ static int check_sha384(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) {
printf("sha384 final memcmp fialed\n"); printf("sha384 final memcmp fialed\n");
return -1; return -1;
} }
printf("sha384 mcapi test passed\n"); printf("sha384 mcapi test passed\n");
return 0; return 0;
@@ -381,7 +386,7 @@ static int check_sha512(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) {
printf("sha512 final memcmp fialed\n"); printf("sha512 final memcmp fialed\n");
return -1; return -1;
} }
printf("sha512 mcapi test passed\n"); printf("sha512 mcapi test passed\n");
return 0; return 0;
@@ -424,7 +429,7 @@ static int check_hmac(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) {
printf("hmac sha final memcmp fialed\n"); printf("hmac sha final memcmp fialed\n");
return -1; return -1;
} }
printf("hmac sha mcapi test passed\n"); printf("hmac sha mcapi test passed\n");
/* SHA-256 */ /* SHA-256 */
@@ -452,7 +457,7 @@ static int check_hmac(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) {
printf("hmac sha256 final memcmp fialed\n"); printf("hmac sha256 final memcmp fialed\n");
return -1; return -1;
} }
printf("hmac sha256 mcapi test passed\n"); printf("hmac sha256 mcapi test passed\n");
/* SHA-384 */ /* SHA-384 */
@@ -480,7 +485,7 @@ static int check_hmac(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) {
printf("hmac sha384 final memcmp fialed\n"); printf("hmac sha384 final memcmp fialed\n");
return -1; return -1;
} }
printf("hmac sha384 mcapi test passed\n"); printf("hmac sha384 mcapi test passed\n");
/* SHA-512 */ /* SHA-512 */
@@ -508,7 +513,7 @@ static int check_hmac(void)
if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) { if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) {
printf("hmac sha512 final memcmp fialed\n"); printf("hmac sha512 final memcmp fialed\n");
return -1; return -1;
} }
printf("hmac sha512 mcapi test passed\n"); printf("hmac sha512 mcapi test passed\n");
return 0; return 0;
@@ -621,7 +626,7 @@ static int check_compress(void)
static int check_rng(void) static int check_rng(void)
{ {
int ret; int ret;
int i; int i;
byte in[RANDOM_BYTE_SZ]; byte in[RANDOM_BYTE_SZ];
byte out[RANDOM_BYTE_SZ]; byte out[RANDOM_BYTE_SZ];
@@ -1326,7 +1331,7 @@ static int check_rsa(void)
return -1; return -1;
} }
ret = CRYPT_RSA_PrivateDecrypt(&mcRsa, out2, sizeof(out2), out1, ret); ret = CRYPT_RSA_PrivateDecrypt(&mcRsa, out2, sizeof(out2), out1, ret);
if (ret < 0) { if (ret < 0) {
printf("mcapi rsa private derypt failed\n"); printf("mcapi rsa private derypt failed\n");
return -1; return -1;
@@ -1348,7 +1353,7 @@ static int check_rsa(void)
printf("mcapi rsa free failed\n"); printf("mcapi rsa free failed\n");
return -1; return -1;
} }
printf("rsa mcapi test passed\n"); printf("rsa mcapi test passed\n");
return 0; return 0;
@@ -1358,7 +1363,7 @@ static int check_rsa(void)
/* check mcapi ecc */ /* check mcapi ecc */
static int check_ecc(void) static int check_ecc(void)
{ {
CRYPT_ECC_CTX userA; CRYPT_ECC_CTX userA;
CRYPT_ECC_CTX userB; CRYPT_ECC_CTX userB;
int ret; int ret;
byte sharedA[100]; byte sharedA[100];
@@ -1463,7 +1468,7 @@ static int check_ecc(void)
printf("mcapi ecc public export failed\n"); printf("mcapi ecc public export failed\n");
return -1; return -1;
} }
ret = CRYPT_ECC_PublicImport(&userB, sharedA, usedA); ret = CRYPT_ECC_PublicImport(&userB, sharedA, usedA);
if (ret != 0) { if (ret != 0) {
printf("mcapi ecc public import failed\n"); printf("mcapi ecc public import failed\n");

55
src/keys.c
View File

@@ -1153,7 +1153,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
} }
} }
if (ssl->options.cipherSuite0 != ECC_BYTE && if (ssl->options.cipherSuite0 != ECC_BYTE &&
ssl->options.cipherSuite0 != CHACHA_BYTE && ssl->options.cipherSuite0 != CHACHA_BYTE &&
ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */ ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
switch (ssl->options.cipherSuite) { switch (ssl->options.cipherSuite) {
@@ -3087,10 +3087,10 @@ int DeriveKeys(WOLFSSL* ssl)
} }
#endif #endif
wc_InitMd5(md5); ret = wc_InitMd5(md5);
if (ret == 0) {
ret = wc_InitSha(sha); ret = wc_InitSha(sha);
}
if (ret == 0) { if (ret == 0) {
XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
@@ -3108,14 +3108,21 @@ int DeriveKeys(WOLFSSL* ssl)
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
idx += RAN_LEN; idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
if (ret == 0) {
wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) ret = wc_ShaUpdate(sha, shaInput,
- KEY_PREFIX + j); (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
wc_ShaFinal(sha, shaOutput); }
if (ret == 0) {
ret = wc_ShaFinal(sha, shaOutput);
}
XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE); XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE); if (ret == 0) {
wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE); ret = wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
}
if (ret == 0) {
ret = wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
}
} }
if (ret == 0) if (ret == 0)
@@ -3206,10 +3213,10 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
} }
#endif #endif
wc_InitMd5(md5); ret = wc_InitMd5(md5);
if (ret == 0) {
ret = wc_InitSha(sha); ret = wc_InitSha(sha);
}
if (ret == 0) { if (ret == 0) {
XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
@@ -3230,14 +3237,22 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
idx += RAN_LEN; idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
idx += RAN_LEN; idx += RAN_LEN;
wc_ShaUpdate(sha, shaInput, idx); if (ret == 0) {
wc_ShaFinal(sha, shaOutput); ret = wc_ShaUpdate(sha, shaInput, idx);
}
if (ret == 0) {
ret = wc_ShaFinal(sha, shaOutput);
}
idx = pmsSz; /* preSz */ idx = pmsSz; /* preSz */
XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
idx += SHA_DIGEST_SIZE; idx += SHA_DIGEST_SIZE;
wc_Md5Update(md5, md5Input, idx); if (ret == 0) {
wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); ret = wc_Md5Update(md5, md5Input, idx);
}
if (ret == 0) {
ret = wc_Md5Final(md5,
&ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
}
} }
#ifdef SHOW_SECRETS #ifdef SHOW_SECRETS

310
src/sniffer.c
View File

@@ -193,21 +193,21 @@ static const char* const msgTable[] =
"Got an Alert msg", "Got an Alert msg",
"Another msg to Process", "Another msg to Process",
"Removing Session From Table", "Removing Session From Table",
/* 46 */ /* 46 */
"Bad Key File", "Bad Key File",
"Wrong IP Version", "Wrong IP Version",
"Wrong Protocol type", "Wrong Protocol type",
"Packet Short for header processing", "Packet Short for header processing",
"Got Unknown Record Type", "Got Unknown Record Type",
/* 51 */ /* 51 */
"Can't Open Trace File", "Can't Open Trace File",
"Session in Fatal Error State", "Session in Fatal Error State",
"Partial SSL record received", "Partial SSL record received",
"Buffer Error, malformed input", "Buffer Error, malformed input",
"Added to Partial Input", "Added to Partial Input",
/* 56 */ /* 56 */
"Received a Duplicate Packet", "Received a Duplicate Packet",
"Received an Out of Order Packet", "Received an Out of Order Packet",
@@ -478,7 +478,7 @@ static void FreePacketList(PacketBuffer* in)
if (in) { if (in) {
PacketBuffer* del; PacketBuffer* del;
PacketBuffer* packet = in; PacketBuffer* packet = in;
while (packet) { while (packet) {
del = packet; del = packet;
packet = packet->next; packet = packet->next;
@@ -494,7 +494,7 @@ static void FreeSnifferSession(SnifferSession* session)
if (session) { if (session) {
SSL_free(session->sslClient); SSL_free(session->sslClient);
SSL_free(session->sslServer); SSL_free(session->sslServer);
FreePacketList(session->cliReassemblyList); FreePacketList(session->cliReassemblyList);
FreePacketList(session->srvReassemblyList); FreePacketList(session->srvReassemblyList);
@@ -518,7 +518,7 @@ void ssl_FreeSniffer(void)
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
srv = ServerList; srv = ServerList;
while (srv) { while (srv) {
removeServer = srv; removeServer = srv;
@@ -566,8 +566,9 @@ static int HashInit(HsHashes* hash)
ret = wc_InitSha(&hash->hashSha); ret = wc_InitSha(&hash->hashSha);
#endif #endif
#ifndef NO_MD5 #ifndef NO_MD5
if (ret == 0) if (ret == 0) {
wc_InitMd5(&hash->hashMd5); ret = wc_InitMd5(&hash->hashMd5);
}
#endif #endif
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
@@ -596,8 +597,9 @@ static int HashUpdate(HsHashes* hash, const byte* input, int sz)
ret = wc_ShaUpdate(&hash->hashSha, input, sz); ret = wc_ShaUpdate(&hash->hashSha, input, sz);
#endif #endif
#ifndef NO_MD5 #ifndef NO_MD5
if (ret == 0) if (ret == 0) {
wc_Md5Update(&hash->hashMd5, input, sz); ret = wc_Md5Update(&hash->hashMd5, input, sz);
}
#endif #endif
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
@@ -704,7 +706,7 @@ static void InitSession(SnifferSession* session)
session->srvReassemblyMemory = 0; session->srvReassemblyMemory = 0;
session->next = 0; session->next = 0;
session->ticketID = 0; session->ticketID = 0;
InitFlags(&session->flags); InitFlags(&session->flags);
InitFinCapture(&session->finCaputre); InitFinCapture(&session->finCaputre);
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
@@ -758,9 +760,9 @@ static int SetPassword(char* passwd, int sz, int rw, void* userdata)
/* Ethernet Header */ /* Ethernet Header */
typedef struct EthernetHdr { typedef struct EthernetHdr {
byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */ byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
byte src[ETHER_IF_ADDR_LEN]; /* source host address */ byte src[ETHER_IF_ADDR_LEN]; /* source host address */
word16 type; /* IP, ARP, etc */ word16 type; /* IP, ARP, etc */
} EthernetHdr; } EthernetHdr;
@@ -786,8 +788,8 @@ typedef struct IpHdr {
typedef struct TcpHdr { typedef struct TcpHdr {
word16 srcPort; /* source port */ word16 srcPort; /* source port */
word16 dstPort; /* destination port */ word16 dstPort; /* destination port */
word32 sequence; /* sequence number */ word32 sequence; /* sequence number */
word32 ack; /* acknoledgment number */ word32 ack; /* acknoledgment number */
byte offset; /* data offset, reserved */ byte offset; /* data offset, reserved */
byte flags; /* option flags */ byte flags; /* option flags */
word16 window; /* window */ word16 window; /* window */
@@ -805,8 +807,8 @@ typedef struct TcpHdr {
/* Use platform specific GetError to write to tracfile if tracing */ /* Use platform specific GetError to write to tracfile if tracing */
static void Trace(int idx) static void Trace(int idx)
{ {
if (TraceOn) { if (TraceOn) {
char myBuffer[MAX_ERROR_LEN]; char myBuffer[MAX_ERROR_LEN];
@@ -871,9 +873,9 @@ static void TracePacket(void)
static char* IpToS(word32 addr, char* str) static char* IpToS(word32 addr, char* str)
{ {
byte* p = (byte*)&addr; byte* p = (byte*)&addr;
SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
return str; return str;
} }
@@ -1031,7 +1033,7 @@ static int IsServerRegistered(word32 addr)
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->server == addr) { if (sniffer->server == addr) {
@@ -1040,7 +1042,7 @@ static int IsServerRegistered(word32 addr)
} }
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return ret; return ret;
@@ -1053,18 +1055,18 @@ static int IsPortRegistered(word32 port)
{ {
int ret = 0; /* false */ int ret = 0; /* false */
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->port == (int)port) { if (sniffer->port == (int)port) {
ret = 1; ret = 1;
break; break;
} }
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return ret; return ret;
@@ -1075,9 +1077,9 @@ static int IsPortRegistered(word32 port)
static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo) static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src) if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
@@ -1086,9 +1088,9 @@ static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
break; break;
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return sniffer; return sniffer;
} }
@@ -1098,7 +1100,7 @@ static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
word32 hash = ipInfo->src * ipInfo->dst; word32 hash = ipInfo->src * ipInfo->dst;
hash *= tcpInfo->srcPort * tcpInfo->dstPort; hash *= tcpInfo->srcPort * tcpInfo->dstPort;
return hash % HASH_SIZE; return hash % HASH_SIZE;
} }
@@ -1107,13 +1109,13 @@ static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo) static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
SnifferSession* session; SnifferSession* session;
time_t currTime = time(NULL); time_t currTime = time(NULL);
word32 row = SessionHash(ipInfo, tcpInfo); word32 row = SessionHash(ipInfo, tcpInfo);
assert(row <= HASH_SIZE); assert(row <= HASH_SIZE);
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
session = SessionTable[row]; session = SessionTable[row];
while (session) { while (session) {
if (session->server == ipInfo->src && session->client == ipInfo->dst && if (session->server == ipInfo->src && session->client == ipInfo->dst &&
@@ -1124,15 +1126,15 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
session->cliPort == tcpInfo->srcPort && session->cliPort == tcpInfo->srcPort &&
session->srvPort == tcpInfo->dstPort) session->srvPort == tcpInfo->dstPort)
break; break;
session = session->next; session = session->next;
} }
if (session) if (session)
session->lastUsed= currTime; /* keep session alive, remove stale will */ session->lastUsed= currTime; /* keep session alive, remove stale will */
/* leave alone */ /* leave alone */
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
/* determine side */ /* determine side */
if (session) { if (session) {
if (ipInfo->dst == session->context->server && if (ipInfo->dst == session->context->server &&
@@ -1140,8 +1142,8 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
session->flags.side = WOLFSSL_SERVER_END; session->flags.side = WOLFSSL_SERVER_END;
else else
session->flags.side = WOLFSSL_CLIENT_END; session->flags.side = WOLFSSL_CLIENT_END;
} }
return session; return session;
} }
@@ -1389,11 +1391,11 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
Trace(IP_CHECK_STR); Trace(IP_CHECK_STR);
if (version != IPV4) { if (version != IPV4) {
SetError(BAD_IPVER_STR, error, NULL, 0); SetError(BAD_IPVER_STR, error, NULL, 0);
return -1; return -1;
} }
if (iphdr->protocol != TCP_PROTOCOL) { if (iphdr->protocol != TCP_PROTOCOL) {
SetError(BAD_PROTO_STR, error, NULL, 0); SetError(BAD_PROTO_STR, error, NULL, 0);
return -1; return -1;
} }
@@ -1430,7 +1432,7 @@ static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
info->syn = tcphdr->flags & TCP_SYN; info->syn = tcphdr->flags & TCP_SYN;
info->ack = tcphdr->flags & TCP_ACK; info->ack = tcphdr->flags & TCP_ACK;
if (info->ack) if (info->ack)
info->ackNumber = ntohl(tcphdr->ack); info->ackNumber = ntohl(tcphdr->ack);
if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) { if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0); SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
@@ -1915,12 +1917,12 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
} }
input += bLen; input += bLen;
*sslBytes -= bLen; *sslBytes -= bLen;
if (*sslBytes == 0) { if (*sslBytes == 0) {
/* no extensions */ /* no extensions */
return 0; return 0;
} }
/* skip extensions until session ticket */ /* skip extensions until session ticket */
/* make sure can read len */ /* make sure can read len */
if (SUITE_LEN > *sslBytes) { if (SUITE_LEN > *sslBytes) {
@@ -1993,7 +1995,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
SSL* ssl; SSL* ssl;
word32 inOutIdx = 0; word32 inOutIdx = 0;
int ret; int ret;
if (session->flags.side == WOLFSSL_SERVER_END) if (session->flags.side == WOLFSSL_SERVER_END)
ssl = session->sslServer; ssl = session->sslServer;
else else
@@ -2007,7 +2009,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
return ret; return ret;
} }
if (ret == 0 && session->flags.cached == 0) { if (ret == 0 && session->flags.cached == 0) {
if (session->sslServer->options.haveSessionId) { if (session->sslServer->options.haveSessionId) {
WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0); WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0);
@@ -2043,7 +2045,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
} }
type = input[0]; type = input[0];
size = (input[1] << 16) | (input[2] << 8) | input[3]; size = (input[1] << 16) | (input[2] << 8) | input[3];
input += HANDSHAKE_HEADER_SZ; input += HANDSHAKE_HEADER_SZ;
*sslBytes -= HANDSHAKE_HEADER_SZ; *sslBytes -= HANDSHAKE_HEADER_SZ;
startBytes = *sslBytes; startBytes = *sslBytes;
@@ -2060,7 +2062,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE); SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
if (session->hash) { if (session->hash) {
if (HashUpdate(session->hash, input, size) != 0) { if (HashUpdate(session->hash, input, size) != 0) {
@@ -2170,32 +2172,32 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
wc_Arc4Process(ssl->decrypt.arc4, output, input, sz); wc_Arc4Process(ssl->decrypt.arc4, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_DES3 #ifdef BUILD_DES3
case wolfssl_triple_des: case wolfssl_triple_des:
ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_AES #ifdef BUILD_AES
case wolfssl_aes: case wolfssl_aes:
ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
break; break;
#endif #endif
#ifdef HAVE_HC128 #ifdef HAVE_HC128
case wolfssl_hc128: case wolfssl_hc128:
wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz); wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
case wolfssl_rabbit: case wolfssl_rabbit:
wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz); wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
break; break;
#endif #endif
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
case wolfssl_camellia: case wolfssl_camellia:
wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
break; break;
@@ -2274,7 +2276,7 @@ static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
if (ssl->specs.cipher_type == block) if (ssl->specs.cipher_type == block)
ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1; ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
return output; return output;
} }
@@ -2287,20 +2289,20 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
SnifferSession* current; SnifferSession* current;
word32 row = rowHint; word32 row = rowHint;
int haveLock = 0; int haveLock = 0;
if (ipInfo && tcpInfo) if (ipInfo && tcpInfo)
row = SessionHash(ipInfo, tcpInfo); row = SessionHash(ipInfo, tcpInfo);
else else
haveLock = 1; haveLock = 1;
assert(row <= HASH_SIZE); assert(row <= HASH_SIZE);
Trace(REMOVE_SESSION_STR); Trace(REMOVE_SESSION_STR);
if (!haveLock) if (!haveLock)
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
current = SessionTable[row]; current = SessionTable[row];
while (current) { while (current) {
if (current == session) { if (current == session) {
if (previous) if (previous)
@@ -2314,7 +2316,7 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
previous = current; previous = current;
current = current->next; current = current->next;
} }
if (!haveLock) if (!haveLock)
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
} }
@@ -2325,11 +2327,11 @@ static void RemoveStaleSessions(void)
{ {
word32 i; word32 i;
SnifferSession* session; SnifferSession* session;
for (i = 0; i < HASH_SIZE; i++) { for (i = 0; i < HASH_SIZE; i++) {
session = SessionTable[i]; session = SessionTable[i];
while (session) { while (session) {
SnifferSession* next = session->next; SnifferSession* next = session->next;
if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) { if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) {
TraceStaleSession(); TraceStaleSession();
RemoveSession(session, NULL, NULL, i); RemoveSession(session, NULL, NULL, i);
@@ -2346,7 +2348,7 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
{ {
SnifferSession* session = 0; SnifferSession* session = 0;
int row; int row;
Trace(NEW_SESSION_STR); Trace(NEW_SESSION_STR);
/* create a new one */ /* create a new one */
session = (SnifferSession*)malloc(sizeof(SnifferSession)); session = (SnifferSession*)malloc(sizeof(SnifferSession));
@@ -2378,14 +2380,14 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
session->cliSeqStart = tcpInfo->sequence; session->cliSeqStart = tcpInfo->sequence;
session->cliExpected = 1; /* relative */ session->cliExpected = 1; /* relative */
session->lastUsed= time(NULL); session->lastUsed= time(NULL);
session->context = GetSnifferServer(ipInfo, tcpInfo); session->context = GetSnifferServer(ipInfo, tcpInfo);
if (session->context == NULL) { if (session->context == NULL) {
SetError(SERVER_NOT_REG_STR, error, NULL, 0); SetError(SERVER_NOT_REG_STR, error, NULL, 0);
free(session); free(session);
return 0; return 0;
} }
session->sslServer = SSL_new(session->context->ctx); session->sslServer = SSL_new(session->context->ctx);
if (session->sslServer == NULL) { if (session->sslServer == NULL) {
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
@@ -2403,31 +2405,31 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
} }
/* put server back into server mode */ /* put server back into server mode */
session->sslServer->options.side = WOLFSSL_SERVER_END; session->sslServer->options.side = WOLFSSL_SERVER_END;
row = SessionHash(ipInfo, tcpInfo); row = SessionHash(ipInfo, tcpInfo);
/* add it to the session table */ /* add it to the session table */
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
session->next = SessionTable[row]; session->next = SessionTable[row];
SessionTable[row] = session; SessionTable[row] = session;
SessionCount++; SessionCount++;
if ( (SessionCount % HASH_SIZE) == 0) { if ( (SessionCount % HASH_SIZE) == 0) {
TraceFindingStale(); TraceFindingStale();
RemoveStaleSessions(); RemoveStaleSessions();
} }
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
/* determine headed side */ /* determine headed side */
if (ipInfo->dst == session->context->server && if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port) tcpInfo->dstPort == session->context->port)
session->flags.side = WOLFSSL_SERVER_END; session->flags.side = WOLFSSL_SERVER_END;
else else
session->flags.side = WOLFSSL_CLIENT_END; session->flags.side = WOLFSSL_CLIENT_END;
return session; return session;
} }
@@ -2456,16 +2458,16 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
} }
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
(word16)*rhSize); (word16)*rhSize);
if (ret < 0 && ret != MATCH_SUITE_ERROR) { if (ret < 0 && ret != MATCH_SUITE_ERROR) {
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
Trace(OLD_CLIENT_OK_STR); Trace(OLD_CLIENT_OK_STR);
XMEMCPY(session->sslClient->arrays->clientRandom, XMEMCPY(session->sslClient->arrays->clientRandom,
session->sslServer->arrays->clientRandom, RAN_LEN); session->sslServer->arrays->clientRandom, RAN_LEN);
*sslBytes -= *rhSize; *sslBytes -= *rhSize;
return 0; return 0;
} }
@@ -2488,38 +2490,38 @@ int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
const word16* data = (word16*)&pseudo; const word16* data = (word16*)&pseudo;
word32 sum = 0; word32 sum = 0;
word16 checksum; word16 checksum;
pseudo.src = ipInfo->src; pseudo.src = ipInfo->src;
pseudo.dst = ipInfo->dst; pseudo.dst = ipInfo->dst;
pseudo.rsv = 0; pseudo.rsv = 0;
pseudo.protocol = TCP_PROTO; pseudo.protocol = TCP_PROTO;
pseudo.length = htons(tcpInfo->length + dataLen); pseudo.length = htons(tcpInfo->length + dataLen);
/* pseudo header sum */ /* pseudo header sum */
while (count >= 2) { while (count >= 2) {
sum += *data++; sum += *data++;
count -= 2; count -= 2;
} }
count = tcpInfo->length + dataLen; count = tcpInfo->length + dataLen;
data = (word16*)packet; data = (word16*)packet;
/* main sum */ /* main sum */
while (count > 1) { while (count > 1) {
sum += *data++; sum += *data++;
count -=2; count -=2;
} }
/* get left-over, if any */ /* get left-over, if any */
packet = (byte*)data; packet = (byte*)data;
if (count > 0) { if (count > 0) {
sum += *packet; sum += *packet;
} }
/* fold 32bit sum into 16 bits */ /* fold 32bit sum into 16 bits */
while (sum >> 16) while (sum >> 16)
sum = (sum & 0xffff) + (sum >> 16); sum = (sum & 0xffff) + (sum >> 16);
checksum = (word16)~sum; checksum = (word16)~sum;
/* checksum should now equal 0, since included already calcd checksum */ /* checksum should now equal 0, since included already calcd checksum */
/* field, but tcp checksum offloading could negate calculation */ /* field, but tcp checksum offloading could negate calculation */
@@ -2545,23 +2547,23 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
} }
if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0) if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1; return -1;
/* tcp header */ /* tcp header */
if (length < (ipInfo->length + TCP_HDR_SZ)) { if (length < (ipInfo->length + TCP_HDR_SZ)) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0) if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
return -1; return -1;
/* setup */ /* setup */
*sslFrame = packet + ipInfo->length + tcpInfo->length; *sslFrame = packet + ipInfo->length + tcpInfo->length;
if (*sslFrame > packet + length) { if (*sslFrame > packet + length) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
*sslBytes = (int)(packet + length - *sslFrame); *sslBytes = (int)(packet + length - *sslFrame);
return 0; return 0;
} }
@@ -2580,7 +2582,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
/* already had existing, so OK */ /* already had existing, so OK */
if (*session) if (*session)
return 1; return 1;
SetError(MEMORY_STR, error, NULL, 0); SetError(MEMORY_STR, error, NULL, 0);
return -1; return -1;
} }
@@ -2596,10 +2598,10 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
/* don't worry about duplicate ACKs either */ /* don't worry about duplicate ACKs either */
if (sslBytes == 0 && tcpInfo->ack) if (sslBytes == 0 && tcpInfo->ack)
return 1; return 1;
SetError(BAD_SESSION_STR, error, NULL, 0); SetError(BAD_SESSION_STR, error, NULL, 0);
return -1; return -1;
} }
} }
return 0; return 0;
} }
@@ -2610,27 +2612,27 @@ static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
int* bytesLeft) int* bytesLeft)
{ {
PacketBuffer* pb; PacketBuffer* pb;
int added = end - *begin + 1; int added = end - *begin + 1;
assert(*begin <= end); assert(*begin <= end);
pb = (PacketBuffer*)malloc(sizeof(PacketBuffer)); pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
if (pb == NULL) return NULL; if (pb == NULL) return NULL;
pb->next = 0; pb->next = 0;
pb->begin = *begin; pb->begin = *begin;
pb->end = end; pb->end = end;
pb->data = (byte*)malloc(added); pb->data = (byte*)malloc(added);
if (pb->data == NULL) { if (pb->data == NULL) {
free(pb); free(pb);
return NULL; return NULL;
} }
XMEMCPY(pb->data, data, added); XMEMCPY(pb->data, data, added);
*bytesLeft -= added; *bytesLeft -= added;
*begin = pb->end + 1; *begin = pb->end + 1;
return pb; return pb;
} }
@@ -2645,7 +2647,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
&session->cliReassemblyList: &session->srvReassemblyList; &session->cliReassemblyList: &session->srvReassemblyList;
PacketBuffer* curr = *front; PacketBuffer* curr = *front;
PacketBuffer* prev = curr; PacketBuffer* prev = curr;
word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ? word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ?
&session->cliReassemblyMemory : &session->srvReassemblyMemory; &session->cliReassemblyMemory : &session->srvReassemblyMemory;
word32 startSeq = seq; word32 startSeq = seq;
@@ -2668,14 +2670,14 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
*reassemblyMemory += sslBytes; *reassemblyMemory += sslBytes;
return 1; return 1;
} }
/* add to front if before current front, up to next->begin */ /* add to front if before current front, up to next->begin */
if (seq < curr->begin) { if (seq < curr->begin) {
word32 end = seq + sslBytes - 1; word32 end = seq + sslBytes - 1;
if (end >= curr->begin) if (end >= curr->begin)
end = curr->begin - 1; end = curr->begin - 1;
if (MaxRecoveryMemory -1 && if (MaxRecoveryMemory -1 &&
(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
@@ -2690,7 +2692,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
*front = add; *front = add;
*reassemblyMemory += sslBytes; *reassemblyMemory += sslBytes;
} }
/* while we have bytes left, try to find a gap to fill */ /* while we have bytes left, try to find a gap to fill */
while (bytesLeft > 0) { while (bytesLeft > 0) {
/* get previous packet in list */ /* get previous packet in list */
@@ -2698,7 +2700,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
prev = curr; prev = curr;
curr = curr->next; curr = curr->next;
} }
/* don't add duplicate data */ /* don't add duplicate data */
if (prev->end >= seq) { if (prev->end >= seq) {
if ( (seq + bytesLeft - 1) <= prev->end) if ( (seq + bytesLeft - 1) <= prev->end)
@@ -2706,18 +2708,18 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
seq = prev->end + 1; seq = prev->end + 1;
bytesLeft = startSeq + sslBytes - seq; bytesLeft = startSeq + sslBytes - seq;
} }
if (!curr) if (!curr)
/* we're at the end */ /* we're at the end */
added = bytesLeft; added = bytesLeft;
else else
/* we're in between two frames */ /* we're in between two frames */
added = min((word32)bytesLeft, curr->begin - seq); added = min((word32)bytesLeft, curr->begin - seq);
/* data already there */ /* data already there */
if (added == 0) if (added == 0)
continue; continue;
if (MaxRecoveryMemory != -1 && if (MaxRecoveryMemory != -1 &&
(int)(*reassemblyMemory + added) > MaxRecoveryMemory) { (int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
@@ -2758,7 +2760,7 @@ static int AddFinCapture(SnifferSession* session, word32 sequence)
static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
int* sslBytes, const byte** sslFrame, char* error) int* sslBytes, const byte** sslFrame, char* error)
{ {
word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ? word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
session->cliSeqStart :session->srvSeqStart; session->cliSeqStart :session->srvSeqStart;
word32 real = tcpInfo->sequence - seqStart; word32 real = tcpInfo->sequence - seqStart;
word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ? word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
@@ -2768,19 +2770,19 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ? byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
session->flags.srvSkipPartial : session->flags.srvSkipPartial :
session->flags.cliSkipPartial; session->flags.cliSkipPartial;
/* handle rollover of sequence */ /* handle rollover of sequence */
if (tcpInfo->sequence < seqStart) if (tcpInfo->sequence < seqStart)
real = 0xffffffffU - seqStart + tcpInfo->sequence; real = 0xffffffffU - seqStart + tcpInfo->sequence;
TraceRelativeSequence(*expected, real); TraceRelativeSequence(*expected, real);
if (real < *expected) { if (real < *expected) {
Trace(DUPLICATE_STR); Trace(DUPLICATE_STR);
if (real + *sslBytes > *expected) { if (real + *sslBytes > *expected) {
int overlap = *expected - real; int overlap = *expected - real;
Trace(OVERLAP_DUPLICATE_STR); Trace(OVERLAP_DUPLICATE_STR);
/* adjust to expected, remove duplicate */ /* adjust to expected, remove duplicate */
*sslFrame += overlap; *sslFrame += overlap;
*sslBytes -= overlap; *sslBytes -= overlap;
@@ -2790,16 +2792,16 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
* block be sure to also update the block below. */ * block be sure to also update the block below. */
if (reassemblyList) { if (reassemblyList) {
word32 newEnd = *expected + *sslBytes; word32 newEnd = *expected + *sslBytes;
if (newEnd > reassemblyList->begin) { if (newEnd > reassemblyList->begin) {
Trace(OVERLAP_REASSEMBLY_BEGIN_STR); Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
/* remove bytes already on reassembly list */ /* remove bytes already on reassembly list */
*sslBytes -= newEnd - reassemblyList->begin; *sslBytes -= newEnd - reassemblyList->begin;
} }
if (newEnd > reassemblyList->end) { if (newEnd > reassemblyList->end) {
Trace(OVERLAP_REASSEMBLY_END_STR); Trace(OVERLAP_REASSEMBLY_END_STR);
/* may be past reassembly list end (could have more on list) /* may be past reassembly list end (could have more on list)
so try to add what's past the front->end */ so try to add what's past the front->end */
AddToReassembly(session->flags.side, reassemblyList->end +1, AddToReassembly(session->flags.side, reassemblyList->end +1,
@@ -2863,7 +2865,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
*expected += *sslBytes; *expected += *sslBytes;
if (tcpInfo->fin) if (tcpInfo->fin)
*expected += 1; *expected += 1;
return 0; return 0;
} }
@@ -2983,16 +2985,16 @@ static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session) static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
{ {
if (tcpInfo->ack) { if (tcpInfo->ack) {
word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ? word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
session->srvSeqStart :session->cliSeqStart; session->srvSeqStart :session->cliSeqStart;
word32 real = tcpInfo->ackNumber - seqStart; word32 real = tcpInfo->ackNumber - seqStart;
word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ? word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ?
session->srvExpected : session->cliExpected; session->srvExpected : session->cliExpected;
/* handle rollover of sequence */ /* handle rollover of sequence */
if (tcpInfo->ackNumber < seqStart) if (tcpInfo->ackNumber < seqStart)
real = 0xffffffffU - seqStart + tcpInfo->ackNumber; real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
TraceAck(real, expected); TraceAck(real, expected);
if (real > expected) if (real > expected)
@@ -3020,13 +3022,13 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceServerSyn(tcpInfo->sequence); TraceServerSyn(tcpInfo->sequence);
return 1; return 1;
} }
/* adjust potential ethernet trailer */ /* adjust potential ethernet trailer */
actualLen = ipInfo->total - ipInfo->length - tcpInfo->length; actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
if (*sslBytes > actualLen) { if (*sslBytes > actualLen) {
*sslBytes = actualLen; *sslBytes = actualLen;
} }
TraceSequence(tcpInfo->sequence, *sslBytes); TraceSequence(tcpInfo->sequence, *sslBytes);
if (CheckAck(tcpInfo, session) < 0) { if (CheckAck(tcpInfo, session) < 0) {
if (!RecoveryEnabled) { if (!RecoveryEnabled) {
@@ -3043,13 +3045,13 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
return FixSequence(tcpInfo, session); return FixSequence(tcpInfo, session);
} }
} }
if (*ackFault) { if (*ackFault) {
Trace(CLEAR_ACK_FAULT); Trace(CLEAR_ACK_FAULT);
*ackFault = 0; *ackFault = 0;
} }
return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error); return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
} }
@@ -3072,19 +3074,19 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
(*session)->flags.finCount += 1; (*session)->flags.finCount += 1;
else if (tcpInfo->rst) else if (tcpInfo->rst)
(*session)->flags.finCount += 2; (*session)->flags.finCount += 2;
if ((*session)->flags.finCount >= 2) { if ((*session)->flags.finCount >= 2) {
RemoveSession(*session, ipInfo, tcpInfo, 0); RemoveSession(*session, ipInfo, tcpInfo, 0);
*session = NULL; *session = NULL;
return 1; return 1;
} }
} }
if ((*session)->flags.fatalError == FATAL_ERROR_STATE) { if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
SetError(FATAL_ERROR_STR, error, NULL, 0); SetError(FATAL_ERROR_STR, error, NULL, 0);
return -1; return -1;
} }
if (skipPartial) { if (skipPartial) {
if (FindNextRecordInAssembly(*session, if (FindNextRecordInAssembly(*session,
sslFrame, sslBytes, end, error) < 0) { sslFrame, sslBytes, end, error) < 0) {
@@ -3096,13 +3098,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
Trace(NO_DATA_STR); Trace(NO_DATA_STR);
return 1; return 1;
} }
/* if current partial data, add to end of partial */ /* if current partial data, add to end of partial */
/* if skipping, the data is already at the end of partial */ /* if skipping, the data is already at the end of partial */
if ( !skipPartial && if ( !skipPartial &&
(length = ssl->buffers.inputBuffer.length) ) { (length = ssl->buffers.inputBuffer.length) ) {
Trace(PARTIAL_ADD_STR); Trace(PARTIAL_ADD_STR);
if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
@@ -3166,7 +3168,7 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
session->sslServer : session->sslClient; session->sslServer : session->sslClient;
word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ? word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->cliReassemblyMemory : &session->srvReassemblyMemory; &session->cliReassemblyMemory : &session->srvReassemblyMemory;
while (*front && ((*front)->begin == *expected) ) { while (*front && ((*front)->begin == *expected) ) {
word32 room = *bufferSize - *length; word32 room = *bufferSize - *length;
word32 packetLen = (*front)->end - (*front)->begin + 1; word32 packetLen = (*front)->end - (*front)->begin + 1;
@@ -3178,21 +3180,21 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
} }
room = *bufferSize - *length; /* bufferSize is now bigger */ room = *bufferSize - *length; /* bufferSize is now bigger */
} }
if (packetLen <= room) { if (packetLen <= room) {
PacketBuffer* del = *front; PacketBuffer* del = *front;
byte* buf = *myBuffer; byte* buf = *myBuffer;
XMEMCPY(&buf[*length], (*front)->data, packetLen); XMEMCPY(&buf[*length], (*front)->data, packetLen);
*length += packetLen; *length += packetLen;
*expected += packetLen; *expected += packetLen;
/* remove used packet */ /* remove used packet */
*front = (*front)->next; *front = (*front)->next;
*reassemblyMemory -= packetLen; *reassemblyMemory -= packetLen;
FreePacketBuffer(del); FreePacketBuffer(del);
moreInput = 1; moreInput = 1;
} }
else else
@@ -3205,7 +3207,7 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
} }
return moreInput; return moreInput;
} }
/* Process Message(s) from sslFrame */ /* Process Message(s) from sslFrame */
@@ -3244,11 +3246,11 @@ doMessage:
if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) { if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
/* don't have enough input yet to process full SSL record */ /* don't have enough input yet to process full SSL record */
Trace(PARTIAL_INPUT_STR); Trace(PARTIAL_INPUT_STR);
/* store partial if not there already or we advanced */ /* store partial if not there already or we advanced */
if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) { if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) {
if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
if (GrowInputBuffer(ssl, sslBytes, 0) < 0) { if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
@@ -3264,7 +3266,7 @@ doMessage:
sslBytes -= RECORD_HEADER_SZ; sslBytes -= RECORD_HEADER_SZ;
recordEnd = sslFrame + rhSize; /* may have more than one record */ recordEnd = sslFrame + rhSize; /* may have more than one record */
inRecordEnd = recordEnd; inRecordEnd = recordEnd;
/* decrypt if needed */ /* decrypt if needed */
if ((session->flags.side == WOLFSSL_SERVER_END && if ((session->flags.side == WOLFSSL_SERVER_END &&
session->flags.serverCipherOn) session->flags.serverCipherOn)
@@ -3292,7 +3294,7 @@ doMessage:
} }
doPart: doPart:
switch ((enum ContentType)rh.type) { switch ((enum ContentType)rh.type) {
case handshake: case handshake:
{ {
@@ -3332,7 +3334,7 @@ doPart:
Trace(GOT_APP_DATA_STR); Trace(GOT_APP_DATA_STR);
{ {
word32 inOutIdx = 0; word32 inOutIdx = 0;
ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx); ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
if (ret == 0) { if (ret == 0) {
ret = ssl->buffers.clearOutputBuffer.length; ret = ssl->buffers.clearOutputBuffer.length;
@@ -3396,26 +3398,26 @@ doPart:
sslBytes = (int)(end - recordEnd); sslBytes = (int)(end - recordEnd);
goto doMessage; goto doMessage;
} }
/* clear used input */ /* clear used input */
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
/* could have more input ready now */ /* could have more input ready now */
if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error)) if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
goto doMessage; goto doMessage;
if (ssl->buffers.inputBuffer.dynamicFlag) if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, NO_FORCED_FREE); ShrinkInputBuffer(ssl, NO_FORCED_FREE);
return decoded; return decoded;
} }
/* See if we need to process any pending FIN captures */ /* See if we need to process any pending FIN captures */
static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo, static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
SnifferSession* session) SnifferSession* session)
{ {
if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <= if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
session->cliExpected) { session->cliExpected) {
if (session->finCaputre.cliCounted == 0) { if (session->finCaputre.cliCounted == 0) {
session->flags.finCount += 1; session->flags.finCount += 1;
@@ -3423,8 +3425,8 @@ static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected); TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
} }
} }
if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <= if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
session->srvExpected) { session->srvExpected) {
if (session->finCaputre.srvCounted == 0) { if (session->finCaputre.srvCounted == 0) {
session->flags.finCount += 1; session->flags.finCount += 1;
@@ -3432,13 +3434,13 @@ static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected); TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
} }
} }
if (session->flags.finCount >= 2) if (session->flags.finCount >= 2)
RemoveSession(session, ipInfo, tcpInfo, 0); RemoveSession(session, ipInfo, tcpInfo, 0);
} }
/* If session is in fatal error state free resources now /* If session is in fatal error state free resources now
return true if removed, 0 otherwise */ return true if removed, 0 otherwise */
static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo, static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
SnifferSession* session, char* error) SnifferSession* session, char* error)
@@ -3467,17 +3469,17 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
error) != 0) error) != 0)
return -1; return -1;
ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
else if (ret == -1) return -1; else if (ret == -1) return -1;
else if (ret == 1) return 0; /* done for now */ else if (ret == 1) return 0; /* done for now */
ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
else if (ret == -1) return -1; else if (ret == -1) return -1;
else if (ret == 1) return 0; /* done for now */ else if (ret == 1) return 0; /* done for now */
ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
&end, error); &end, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
@@ -3531,7 +3533,7 @@ int ssl_Trace(const char* traceFile, char* error)
} }
TraceOn = 1; TraceOn = 1;
} }
else else
TraceOn = 0; TraceOn = 0;
return 0; return 0;

1093
tests/api.c
View File

File diff suppressed because it is too large Load Diff

18
tests/hash.c
View File

@@ -255,6 +255,7 @@ int md4_test(void)
int md5_test(void) int md5_test(void)
{ {
Md5 md5; Md5 md5;
int ret;
byte hash[MD5_DIGEST_SIZE]; byte hash[MD5_DIGEST_SIZE];
testVector a, b, c, d, e; testVector a, b, c, d, e;
@@ -299,11 +300,22 @@ int md5_test(void)
test_md5[3] = d; test_md5[3] = d;
test_md5[4] = e; test_md5[4] = e;
wc_InitMd5(&md5); ret = wc_InitMd5(&md5);
if (ret) {
return ret;
}
for (i = 0; i < times; ++i) { for (i = 0; i < times; ++i) {
wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen); ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
wc_Md5Final(&md5, hash); (word32)test_md5[i].inLen);
if (ret) {
return ret;
}
ret = wc_Md5Final(&md5, hash);
if (ret) {
return ret;
}
if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0) if (XMEMCMP(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
return -5 - i; return -5 - i;

3
wolfcrypt/src/md5.c
View File

@@ -443,6 +443,9 @@ int wc_Md5Final(Md5* md5, byte* hash)
int wc_InitMd5(Md5* md5) int wc_InitMd5(Md5* md5)
{ {
if (md5 == NULL) {
return BAD_FUNC_ARG;
}
return wc_InitMd5_ex(md5, NULL, INVALID_DEVID); return wc_InitMd5_ex(md5, NULL, INVALID_DEVID);
} }

75
wolfcrypt/src/pwdbased.c
View File

@@ -90,10 +90,22 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
switch (hashType) { switch (hashType) {
#ifndef NO_MD5 #ifndef NO_MD5
case MD5: case MD5:
wc_InitMd5(&md5); ret = wc_InitMd5(&md5);
wc_Md5Update(&md5, passwd, pLen); if (ret != 0) {
wc_Md5Update(&md5, salt, sLen); return ret;
wc_Md5Final(&md5, buffer); }
ret = wc_Md5Update(&md5, passwd, pLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Update(&md5, salt, sLen);
if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
break; break;
#endif /* NO_MD5 */ #endif /* NO_MD5 */
case SHA: case SHA:
@@ -114,8 +126,14 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
} }
#ifndef NO_MD5 #ifndef NO_MD5
else { else {
wc_Md5Update(&md5, buffer, hLen); ret = wc_Md5Update(&md5, buffer, hLen);
wc_Md5Final(&md5, buffer); if (ret != 0) {
return ret;
}
ret = wc_Md5Final(&md5, buffer);
if (ret != 0) {
return ret;
}
} }
#endif #endif
} }
@@ -302,13 +320,28 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
case MD5: case MD5:
{ {
Md5 md5; Md5 md5;
wc_InitMd5(&md5); ret = wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen); if (ret != 0) {
wc_Md5Final(&md5, Ai); break;
}
ret = wc_Md5Update(&md5, buffer, totalLen);
if (ret != 0) {
break;
}
ret = wc_Md5Final(&md5, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) { for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u); ret = wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai); if (ret != 0) {
break;
}
ret = wc_Md5Final(&md5, Ai);
if (ret != 0) {
break;
}
} }
} }
break; break;
@@ -320,12 +353,24 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
ret = wc_InitSha(&sha); ret = wc_InitSha(&sha);
if (ret != 0) if (ret != 0)
break; break;
wc_ShaUpdate(&sha, buffer, totalLen); ret = wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai); if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
for (i = 1; i < iterations; i++) { for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u); ret = wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai); if (ret != 0) {
break;
}
ret = wc_ShaFinal(&sha, Ai);
if (ret != 0) {
break;
}
} }
} }
break; break;

52
wolfcrypt/src/sha.c
View File

@@ -33,25 +33,37 @@
/* fips wrapper calls, user can call direct */ /* fips wrapper calls, user can call direct */
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
int wc_InitSha(Sha* sha) int wc_InitSha(Sha* sha)
{ {
return InitSha_fips(sha); if (sha == NULL) {
} return BAD_FUNC_ARG;
}
return InitSha_fips(sha);
}
int wc_InitSha_ex(Sha* sha, void* heap, int devId) int wc_InitSha_ex(Sha* sha, void* heap, int devId)
{ {
(void)heap; (void)heap;
(void)devId; (void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha_fips(sha); return InitSha_fips(sha);
} }
int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
{ {
return ShaUpdate_fips(sha, data, len); if (sha == NULL || (data == NULL && len > 0)) {
} return BAD_FUNC_ARG;
}
return ShaUpdate_fips(sha, data, len);
}
int wc_ShaFinal(Sha* sha, byte* out) int wc_ShaFinal(Sha* sha, byte* out)
{ {
return ShaFinal_fips(sha,out); if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return ShaFinal_fips(sha,out);
} }
void wc_ShaFree(Sha* sha) void wc_ShaFree(Sha* sha)
{ {
@@ -418,10 +430,16 @@ int wc_InitSha_ex(Sha* sha, void* heap, int devId)
return ret; return ret;
} }
int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
{ {
byte* local;
if (sha == NULL ||(data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
/* do block size increments */ /* do block size increments */
byte* local = (byte*)sha->buffer; local = (byte*)sha->buffer;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {
@@ -458,7 +476,13 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
int wc_ShaFinal(Sha* sha, byte* hash) int wc_ShaFinal(Sha* sha, byte* hash)
{ {
byte* local = (byte*)sha->buffer; byte* local;
if (sha == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
local = (byte*)sha->buffer;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {

17
wolfcrypt/src/sha256.c
View File

@@ -38,20 +38,32 @@
int wc_InitSha256(Sha256* sha) int wc_InitSha256(Sha256* sha)
{ {
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha256_fips(sha); return InitSha256_fips(sha);
} }
int wc_InitSha256_ex(Sha256* sha, void* heap, int devId) int wc_InitSha256_ex(Sha256* sha, void* heap, int devId)
{ {
(void)heap; (void)heap;
(void)devId; (void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha256_fips(sha); return InitSha256_fips(sha);
} }
int wc_Sha256Update(Sha256* sha, const byte* data, word32 len) int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
{ {
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return Sha256Update_fips(sha, data, len); return Sha256Update_fips(sha, data, len);
} }
int wc_Sha256Final(Sha256* sha, byte* out) int wc_Sha256Final(Sha256* sha, byte* out)
{ {
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha256Final_fips(sha, out); return Sha256Final_fips(sha, out);
} }
void wc_Sha256Free(Sha256* sha) void wc_Sha256Free(Sha256* sha)
@@ -553,9 +565,14 @@ static int InitSha256(Sha256* sha256)
static INLINE int Sha256Final(Sha256* sha256) static INLINE int Sha256Final(Sha256* sha256)
{ {
int ret; int ret;
byte* local = (byte*)sha256->buffer; byte* local = (byte*)sha256->buffer;
if (sha256 == NULL) {
return BAD_FUNC_ARG;
}
SAVE_XMM_YMM; /* for Intel AVX */ SAVE_XMM_YMM; /* for Intel AVX */
AddLength(sha256, sha256->buffLen); /* before adding pads */ AddLength(sha256, sha256->buffLen); /* before adding pads */

140
wolfcrypt/src/sha512.c
View File

@@ -27,6 +27,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/sha512.h> #include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -35,20 +36,35 @@
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
int wc_InitSha512(Sha512* sha) int wc_InitSha512(Sha512* sha)
{ {
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha512_fips(sha); return InitSha512_fips(sha);
} }
int wc_InitSha512_ex(Sha512* sha, void* heap, int devId) int wc_InitSha512_ex(Sha512* sha, void* heap, int devId)
{ {
(void)heap; (void)heap;
(void)devId; (void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha512_fips(sha); return InitSha512_fips(sha);
} }
int wc_Sha512Update(Sha512* sha, const byte* data, word32 len) int wc_Sha512Update(Sha512* sha, const byte* data, word32 len)
{ {
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return Sha512Update_fips(sha, data, len); return Sha512Update_fips(sha, data, len);
} }
int wc_Sha512Final(Sha512* sha, byte* out) int wc_Sha512Final(Sha512* sha, byte* out)
{ {
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha512Final_fips(sha, out); return Sha512Final_fips(sha, out);
} }
void wc_Sha512Free(Sha512* sha) void wc_Sha512Free(Sha512* sha)
@@ -60,20 +76,32 @@
#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
int wc_InitSha384(Sha384* sha) int wc_InitSha384(Sha384* sha)
{ {
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha384_fips(sha); return InitSha384_fips(sha);
} }
int wc_InitSha384_ex(Sha384* sha, void* heap, int devId) int wc_InitSha384_ex(Sha384* sha, void* heap, int devId)
{ {
(void)heap; (void)heap;
(void)devId; (void)devId;
if (sha == NULL) {
return BAD_FUNC_ARG;
}
return InitSha384_fips(sha); return InitSha384_fips(sha);
} }
int wc_Sha384Update(Sha384* sha, const byte* data, word32 len) int wc_Sha384Update(Sha384* sha, const byte* data, word32 len)
{ {
if (sha == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
return Sha384Update_fips(sha, data, len); return Sha384Update_fips(sha, data, len);
} }
int wc_Sha384Final(Sha384* sha, byte* out) int wc_Sha384Final(Sha384* sha, byte* out)
{ {
if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
return Sha384Final_fips(sha, out); return Sha384Final_fips(sha, out);
} }
void wc_Sha384Free(Sha384* sha) void wc_Sha384Free(Sha384* sha)
@@ -294,8 +322,8 @@ static int InitSha512(Sha512* sha512)
if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; } if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; }
if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; } if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; }
cpuid_check = 1 ; cpuid_check = 1 ;
return 0 ; return 0 ;
} }
return 1 ; return 1 ;
} }
@@ -384,46 +412,46 @@ static int InitSha512(Sha512* sha512)
#endif #endif
static const word64 K512[80] = { static const word64 K512[80] = {
W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
}; };
@@ -524,10 +552,13 @@ static INLINE void AddLength(Sha512* sha512, word32 len)
static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len) static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
{ {
int ret = 0; int ret = 0;
/* do block size increments */ /* do block size increments */
byte* local = (byte*)sha512->buffer; byte* local = (byte*)sha512->buffer;
if (sha512 == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
/* check that internal buffLen is valid */ /* check that internal buffLen is valid */
if (sha512->buffLen >= SHA512_BLOCK_SIZE) if (sha512->buffLen >= SHA512_BLOCK_SIZE)
return BUFFER_E; return BUFFER_E;
@@ -564,6 +595,10 @@ static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
int wc_Sha512Update(Sha512* sha512, const byte* data, word32 len) int wc_Sha512Update(Sha512* sha512, const byte* data, word32 len)
{ {
if (sha512 == NULL ||(data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
#if defined(HAVE_INTEL_QA) #if defined(HAVE_INTEL_QA)
@@ -581,6 +616,10 @@ static INLINE int Sha512Final(Sha512* sha512)
byte* local = (byte*)sha512->buffer; byte* local = (byte*)sha512->buffer;
int ret; int ret;
if (sha512 == NULL) {
return BAD_FUNC_ARG;
}
SAVE_XMM_YMM ; /* for Intel AVX */ SAVE_XMM_YMM ; /* for Intel AVX */
AddLength(sha512, sha512->buffLen); /* before adding pads */ AddLength(sha512, sha512->buffLen); /* before adding pads */
@@ -642,6 +681,10 @@ int wc_Sha512Final(Sha512* sha512, byte* hash)
{ {
int ret; int ret;
if (sha512 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
#if defined(HAVE_INTEL_QA) #if defined(HAVE_INTEL_QA)
@@ -1362,6 +1405,10 @@ static int Transform_AVX2(Sha512* sha512)
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
static int InitSha384(Sha384* sha384) static int InitSha384(Sha384* sha384)
{ {
if (sha384 == NULL) {
return BAD_FUNC_ARG;
}
sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8); sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
sha384->digest[1] = W64LIT(0x629a292a367cd507); sha384->digest[1] = W64LIT(0x629a292a367cd507);
sha384->digest[2] = W64LIT(0x9159015a3070dd17); sha384->digest[2] = W64LIT(0x9159015a3070dd17);
@@ -1380,6 +1427,9 @@ static int InitSha384(Sha384* sha384)
int wc_Sha384Update(Sha384* sha384, const byte* data, word32 len) int wc_Sha384Update(Sha384* sha384, const byte* data, word32 len)
{ {
if (sha384 == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
@@ -1397,6 +1447,10 @@ int wc_Sha384Final(Sha384* sha384, byte* hash)
{ {
int ret; int ret;
if (sha384 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
#if defined(HAVE_INTEL_QA) #if defined(HAVE_INTEL_QA)