From 1153c31bbbbc6aa8ad90b7d7941d9c2f9572d8b8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 9 Dec 2015 09:53:59 -0800 Subject: [PATCH 01/15] Added compile time check for ALT_ECC_SIZE requiring USE_FAST_MATH. --- wolfssl/wolfcrypt/ecc.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 880b36237..a23fa71f2 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -85,6 +85,10 @@ typedef struct { * Do not enable ALT_ECC_SIZE and disable fast math in the configuration. */ +#ifndef USE_FAST_MATH + #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE +#endif + #ifndef FP_MAX_BITS_ECC #define FP_MAX_BITS_ECC 528 #endif From 38ac17864e7bdd220582b4ca1b20e194c1285152 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Wed, 9 Dec 2015 13:18:42 -0700 Subject: [PATCH 02/15] added entropy, wc_GenerateSeed() for VxWorks --- wolfcrypt/src/random.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 044a77021..a9ce055bd 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1265,6 +1265,32 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_VXWORKS) + + #include + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { + STATUS status; + unsigned char seed[1024]; + int i = 0; + + for (i=0; i < sizeof(seed); i++) { + seed[i]= i*3%256; + } + /* build entropy */ + (void) randAdd(seed, 0, 0); + for (i=4; i<=sizeof(seed); i*=2) { + (void) randAdd (seed, i-1, i); + } + + status = randBytes (output, sz); + if (status == ERROR) { + return status; + } + + return 0; + } + #elif defined(CUSTOM_RAND_GENERATE) /* Implement your own random generation function From cb73064c10bc7b52df9aacb8f48901bd65be20a7 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Wed, 9 Dec 2015 13:22:13 -0700 Subject: [PATCH 03/15] format changes to VXWORKS GenerateSeed() --- wolfcrypt/src/random.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index a9ce055bd..a91a279fd 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1274,13 +1274,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) unsigned char seed[1024]; int i = 0; - for (i=0; i < sizeof(seed); i++) { - seed[i]= i*3%256; + for (i = 0; i < sizeof(seed); i++) { + seed[i] = i * 3 % 256; } /* build entropy */ (void) randAdd(seed, 0, 0); - for (i=4; i<=sizeof(seed); i*=2) { - (void) randAdd (seed, i-1, i); + for (i = 4; i <= sizeof(seed); i*=2) { + (void) randAdd (seed, i - 1, i); } status = randBytes (output, sz); From 1c4b3016e6b1309c96637b04e43c073b8efe033c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 10 Dec 2015 11:45:27 -0700 Subject: [PATCH 04/15] set required tls1_2 for when using ChaCha20-Poly1305 suite --- src/internal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index a15a63016..bdddaa072 100644 --- a/src/internal.c +++ b/src/internal.c @@ -967,14 +967,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - if (tls && haveRSA) { + if (tls1_2 && haveRSA) { suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - if (tls && haveRSA) { + if (tls1_2 && haveRSA) { suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256; } From 89518ad44560888c0ec4bbcf4fb4a4ba0ccd3060 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 10 Dec 2015 10:48:50 -0800 Subject: [PATCH 05/15] Cleanup of the leading zero detection in wc_RsaKeyToDer and wc_DsaKeyToDer to use existing mp_leading_bit function. --- wolfcrypt/src/asn.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a23190005..479c5d3c8 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1980,11 +1980,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) mp_int* keyInt = GetDsaInt(key, i); /* leading zero */ - if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES) - lbit = 1; - else - lbit = 0; - + lbit = mp_leading_bit(keyInt); rawLen = mp_unsigned_bin_size(keyInt) + lbit; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA); @@ -5606,11 +5602,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) mp_int* keyInt = GetRsaInt(key, i); /* leading zero */ - if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES) - lbit = 1; - else - lbit = 0; - + lbit = mp_leading_bit(keyInt); rawLen = mp_unsigned_bin_size(keyInt) + lbit; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, From bc54b18caddafe1f721dd3bab19a596664e7899a Mon Sep 17 00:00:00 2001 From: Andrew Burks Date: Thu, 10 Dec 2015 16:55:49 -0800 Subject: [PATCH 06/15] Issue #213: AES fails with Freescale (mm)CAU. --- wolfcrypt/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 9188db33f..efefd0c62 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2166,7 +2166,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); - wc_AesEncrypt(aes, in + offset, out + offset); + wc_AesDecrypt(aes, in + offset, out + offset); /* XOR block with IV for CBC */ for (i = 0; i < AES_BLOCK_SIZE; i++) From 03a643cc35f161d48472664626c380117403d1bf Mon Sep 17 00:00:00 2001 From: Andrew Burks Date: Thu, 10 Dec 2015 17:04:48 -0800 Subject: [PATCH 07/15] Issue #215: Signature module uses old RNG. Use the new WC_RNG construct instead in order to prevent conflicts with board support packages. --- wolfcrypt/src/signature.c | 2 +- wolfssl/wolfcrypt/signature.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 618632a43..bc1853052 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -175,7 +175,7 @@ int wc_SignatureGenerate( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, RNG* rng) + const void* key, word32 key_len, WC_RNG* rng) { int ret, hash_len; byte *hash_data = NULL; diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h index 24d2b3a67..8ef2a6002 100644 --- a/wolfssl/wolfcrypt/signature.h +++ b/wolfssl/wolfcrypt/signature.h @@ -54,7 +54,7 @@ WOLFSSL_API int wc_SignatureGenerate( const byte* data, word32 data_len, byte* sig, word32 *sig_len, const void* key, word32 key_len, - RNG* rng); + WC_RNG* rng); #ifdef __cplusplus } /* extern "C" */ From 8b99cea5c80104f1fe7229710c4d741b623bdda6 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Fri, 11 Dec 2015 13:19:44 -0700 Subject: [PATCH 08/15] update README with entropy instructions --- IDE/WORKBENCH/README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md index 1e0ca243a..74253f0f3 100644 --- a/IDE/WORKBENCH/README.md +++ b/IDE/WORKBENCH/README.md @@ -50,11 +50,21 @@ wolfcrypt directories. Uncheck the following: \#ifdef WOLFSSL\_VXWORKS block, a new GenerateSeed() function will need to be defined in wolfcrypt/src/random.c. +8. Include Entropy: + - Create a new project, similar to step 1 but choose VxWorks Source Build Project as the type of project instead of VxWorks Image Project. + + - In the project directory, double click "Source Build Configuration" and under os > core > CORE\_KERNEL Menu > VxWorks Kernel Component Configuration find "Inject entropy in interrupts". Double click this. + + - Go back to your VIP project. Right click the project and select "Properties". + + - In "Properties", select "Project References". Check the box next to the new project you created. Click "Ok". + + - Rebuild the project. + ####3 Testing wolfSSL with VxWorks: #####3.1 wolfCrypt Test and Benchmark Applications The wolfCrypt test application will test each of the cryptographic algorithms -and output the status for each as a success or failure. The benchmark application will output the runtime of -the cryptographic algorithms in milliseconds. +and output the status for each as a success or failure. The benchmark application will output the runtime of the cryptographic algorithms in milliseconds. 1. Include the following at the top of usrAppInit.c: From e2456214f47a322db441521db4832ac49d548450 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Fri, 11 Dec 2015 13:22:33 -0700 Subject: [PATCH 09/15] update random.c for better entropy with VXWORKS --- wolfcrypt/src/random.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index a91a279fd..e53947fdd 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1271,20 +1271,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { STATUS status; - unsigned char seed[1024]; - int i = 0; - - for (i = 0; i < sizeof(seed); i++) { - seed[i] = i * 3 % 256; - } - /* build entropy */ - (void) randAdd(seed, 0, 0); - for (i = 4; i <= sizeof(seed); i*=2) { - (void) randAdd (seed, i - 1, i); - } status = randBytes (output, sz); if (status == ERROR) { + printf("Random seed failed! Enable RANDOM ENTROPY INJECT."); return status; } From 6ab9c87f137b73fff4e0e0de705cf274bd44c315 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Fri, 11 Dec 2015 13:41:05 -0700 Subject: [PATCH 10/15] add comment to VXWORKS GenerateSeed() --- wolfcrypt/src/random.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index e53947fdd..cb623ab37 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1272,6 +1272,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { STATUS status; + /* RANDOM ENTORPY INJECT component must be enabled in VSB project */ status = randBytes (output, sz); if (status == ERROR) { printf("Random seed failed! Enable RANDOM ENTROPY INJECT."); From a834c2acf6030c1c1e0b68fe788649bb03cd20c6 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 11 Dec 2015 18:41:09 -0800 Subject: [PATCH 11/15] improved DTLS handshake sequence numbering when retransmitting finished message --- src/internal.c | 151 ++++++++++++++++++--------------------------- wolfssl/internal.h | 4 +- 2 files changed, 64 insertions(+), 91 deletions(-) diff --git a/src/internal.c b/src/internal.c index bdddaa072..3dfbfbdf8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -84,7 +84,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, - const byte* input, int inSz, int type); + const byte* input, int inSz, int type, int hashOutput); #ifndef NO_WOLFSSL_CLIENT static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*, @@ -2282,6 +2282,7 @@ int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz) return MEMORY_ERROR; } XMEMCPY(pBuf->buffer, src, sz); + pool->epoch[pool->used] = ssl->keys.dtls_epoch; pBuf->length = (word32)sz; pool->used++; } @@ -2331,40 +2332,53 @@ int DtlsPoolTimeout(WOLFSSL* ssl) int DtlsPoolSend(WOLFSSL* ssl) { - int ret; - DtlsPool *pool = ssl->dtls_pool; + DtlsPool* pool = ssl->dtls_pool; if (pool != NULL && pool->used > 0) { - int i; - for (i = 0; i < pool->used; i++) { - int sendResult; - buffer* buf = &pool->buf[i]; + int ret = 0; + int i; + buffer* buf; - DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer; + for (i = 0, buf = pool->buf; i < pool->used; i++, buf++) { + if (pool->epoch[i] == 0) { + DtlsRecordLayerHeader* dtls; - word16 message_epoch; - ato16(dtls->epoch, &message_epoch); - if (message_epoch == ssl->keys.dtls_epoch) { - /* Increment record sequence number on retransmitted handshake - * messages */ - c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number); - ssl->keys.dtls_sequence_number++; + dtls = (DtlsRecordLayerHeader*)buf->buffer; + c32to48(ssl->keys.dtls_prev_sequence_number++, + dtls->sequence_number); + if ((ret = CheckAvailableSize(ssl, buf->length)) != 0) + return ret; + + XMEMCPY(ssl->buffers.outputBuffer.buffer, + buf->buffer, buf->length); + ssl->buffers.outputBuffer.idx = 0; + ssl->buffers.outputBuffer.length = buf->length; } - else { - /* The Finished message is sent with the next epoch, keep its - * sequence number */ + else if (pool->epoch[i] == ssl->keys.dtls_epoch) { + byte* input; + byte* output; + int inputSz, sendSz; + + input = buf->buffer; + inputSz = buf->length; + sendSz = inputSz + MAX_MSG_EXTRA; + + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) + return ret; + + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, + handshake, 0); + if (sendSz < 0) + return BUILD_MSG_ERROR; + + ssl->buffers.outputBuffer.length += sendSz; } - if ((ret = CheckAvailableSize(ssl, buf->length)) != 0) + ret = SendBuffered(ssl); + if (ret < 0) { return ret; - - XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length); - ssl->buffers.outputBuffer.idx = 0; - ssl->buffers.outputBuffer.length = buf->length; - - sendResult = SendBuffered(ssl); - if (sendResult < 0) { - return sendResult; } } } @@ -5091,14 +5105,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, if (!ssl->options.resuming) { ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; - -#ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - /* Other side has received our Finished, go to next epoch */ - ssl->keys.dtls_epoch++; - ssl->keys.dtls_sequence_number = 1; - } -#endif } } else { @@ -5106,14 +5112,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, if (ssl->options.resuming) { ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; - -#ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - /* Other side has received our Finished, go to next epoch */ - ssl->keys.dtls_epoch++; - ssl->keys.dtls_sequence_number = 1; - } -#endif } } @@ -7464,7 +7462,7 @@ int SendChangeCipher(WOLFSSL* ssl) input[0] = 1; /* turn it on */ sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, - change_cipher_spec); + change_cipher_spec, 0); if (sendSz < 0) return sendSz; } @@ -7694,7 +7692,7 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) /* Build SSL Message, encrypted */ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, - const byte* input, int inSz, int type) + const byte* input, int inSz, int type, int hashOutput) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = min(ssl->specs.hash_size, @@ -7769,7 +7767,7 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, XMEMCPY(output + idx, input, inSz); idx += inSz; - if (type == handshake) { + if (type == handshake && hashOutput) { ret = HashOutput(ssl, output, headerSz + inSz, ivSz); if (ret != 0) return ret; @@ -7843,11 +7841,6 @@ int SendFinished(WOLFSSL* ssl) int headerSz = HANDSHAKE_HEADER_SZ; int outputSz; - #ifdef WOLFSSL_DTLS - word32 sequence_number = ssl->keys.dtls_sequence_number; - word16 epoch = ssl->keys.dtls_epoch; - #endif - /* setup encrypt keys */ if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; @@ -7859,11 +7852,11 @@ int SendFinished(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { - /* Send Finished message with the next epoch, but don't commit that - * change until the other end confirms its reception. */ headerSz += DTLS_HANDSHAKE_EXTRA; ssl->keys.dtls_epoch++; - ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */ + ssl->keys.dtls_prev_sequence_number = + ssl->keys.dtls_sequence_number; + ssl->keys.dtls_sequence_number = 0; } #endif @@ -7890,18 +7883,18 @@ int SendFinished(WOLFSSL* ssl) } #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, input, headerSz + finishedSz)) != 0) + return ret; + } + #endif + sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, - handshake); + handshake, 1); if (sendSz < 0) return BUILD_MSG_ERROR; - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - ssl->keys.dtls_epoch = epoch; - ssl->keys.dtls_sequence_number = sequence_number; - } - #endif - if (!ssl->options.resuming) { #ifndef NO_SESSION_CACHE AddSession(ssl); /* just try */ @@ -7909,36 +7902,14 @@ int SendFinished(WOLFSSL* ssl) if (ssl->options.side == WOLFSSL_SERVER_END) { ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - /* Other side will soon receive our Finished, go to next - * epoch. */ - ssl->keys.dtls_epoch++; - ssl->keys.dtls_sequence_number = 1; - } - #endif } } else { if (ssl->options.side == WOLFSSL_CLIENT_END) { ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - /* Other side will soon receive our Finished, go to next - * epoch. */ - ssl->keys.dtls_epoch++; - ssl->keys.dtls_sequence_number = 1; - } - #endif } } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) - return ret; - } - #endif #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); @@ -8146,7 +8117,7 @@ int SendCertificate(WOLFSSL* ssl) XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); } - sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0) @@ -8361,7 +8332,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } #endif sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, - application_data); + application_data, 0); if (sendSz < 0) return BUILD_MSG_ERROR; @@ -8512,7 +8483,7 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) - sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); + sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,alert,0); else { AddRecordHeader(output, ALERT_SIZE, alert, ssl); @@ -10141,7 +10112,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, return MEMORY_E; XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); - sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0) @@ -12313,7 +12284,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, - handshake); + handshake, 1); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -12686,7 +12657,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); sendSz = BuildMessage(ssl, output, MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA, - input, inputSz, handshake); + input, inputSz, handshake, 1); XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sendSz < 0) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7acd2a064..2f5d329ee 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1445,8 +1445,9 @@ typedef struct Keys { word16 dtls_peer_handshake_number; word16 dtls_expected_peer_handshake_number; - word16 dtls_epoch; /* Current tx epoch */ word32 dtls_sequence_number; /* Current tx sequence */ + word32 dtls_prev_sequence_number; /* Previous epoch's seq number*/ + word16 dtls_epoch; /* Current tx epoch */ word16 dtls_handshake_number; /* Current tx handshake seq */ #endif @@ -2289,6 +2290,7 @@ typedef struct DtlsRecordLayerHeader { typedef struct DtlsPool { buffer buf[DTLS_POOL_SZ]; + word16 epoch[DTLS_POOL_SZ]; int used; } DtlsPool; From bf621f1832f5e9cfc090fd01e276bcd2e9e73076 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Thu, 19 Nov 2015 17:05:52 -0700 Subject: [PATCH 12/15] Add in stub functions for opensslv1.0.1 w/ stunnel and lighttpd --- src/ssl.c | 83 ++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/crypto.h | 4 ++ wolfssl/openssl/dh.h | 3 +- wolfssl/openssl/opensslv.h | 2 +- wolfssl/openssl/ssl.h | 6 +++ wolfssl/ssl.h | 18 +++++++++ 6 files changed, 114 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4362f95f1..323b71dd8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16406,6 +16406,23 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) +char * wolf_OBJ_nid2ln(int n) { + (void)n; + WOLFSSL_ENTER("wolf_OBJ_nid2ln"); + WOLFSSL_STUB("wolf_OBJ_nid2ln"); + + return NULL; +} + +int wolf_OBJ_txt2nid(const char* s) { + (void)s; + WOLFSSL_ENTER("wolf_OBJ_txt2nid"); + WOLFSSL_STUB("wolf_OBJ_txt2nid"); + + return 0; +} + + WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) { (void)filename; (void)mode; @@ -16486,6 +16503,13 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) /* stunnel compatability functions*/ #if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL) +void WOLFSSL_ERR_remove_thread_state(void* pid) +{ + (void) pid; + return; +} + + int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); @@ -16551,6 +16575,19 @@ WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, return NULL; } +int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator, + void (*callback) (int, int, void *)) +{ + (void)prime_len; + (void)generator; + (void)callback; + (void)dh; + WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex"); + WOLFSSL_STUB("wolfSSL_DH_generate_parameters_ex"); + + return -1; +} + void wolfSSL_ERR_load_crypto_strings(void) { @@ -16849,6 +16886,52 @@ void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) if (ctx) ctx->sniRecvCbArg = arg; } + + +long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) +{ + WOLFSSL_ENTER("SSL_CTX_clear_options"); + WOLFSSL_STUB("SSL_CTX_clear_options"); + (void)ctx; + (void)opt; + return opt; +} + +void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*)) +{ + WOLFSSL_ENTER("wolfSSL_THREADID_set_callback"); + WOLFSSL_STUB("wolfSSL_THREADID_set_callback"); + (void)threadid_func; + return; +} + +void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) +{ + WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric"); + WOLFSSL_STUB("wolfSSL_THREADID_set_numeric"); + (void)id; + (void)val; + return; +} + + +WOLFSSL_X509* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX* ctx, + WOLFSSL_X509_NAME* name) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs"); + WOLFSSL_STUB("wolfSSL_X509_STORE_get1_certs"); + (void)ctx; + (void)name; + return NULL; +} + +void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){ + (void) sk; + (void) f; + WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); + WOLFSSL_STUB("wolfSSL_sk_X509_pop_free"); +} + #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ #if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519) diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 034b1cfe1..97a4be17a 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -14,6 +14,8 @@ WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); +#define CRYPTO_THREADID void + #define SSLeay_version wolfSSLeay_version #define SSLeay wolfSSLeay @@ -28,6 +30,8 @@ WOLFSSL_API unsigned long wolfSSLeay(void); typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void* argp); +#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback +#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric #endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index e38b7f7af..a1535c34e 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -49,6 +49,7 @@ typedef WOLFSSL_DH DH; #endif #ifdef HAVE_STUNNEL -#define DH_generate_parameters wolfSSL_DH_generate_parameters +#define DH_generate_parameters wolfSSL_DH_generate_parameters +#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex #endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index e569ec52a..48955f9ec 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -8,7 +8,7 @@ #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) /* version number can be increased for Lighty after compatibility for ECDH is added */ - #define OPENSSL_VERSION_NUMBER 0x0090700fL + #define OPENSSL_VERSION_NUMBER 0x10001000L #else #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 05b77a7ea..aaf4830c9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -431,6 +431,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) +#define OBJ_nid2ln wolf_OBJ_nid2ln +#define OBJ_txt2nid wolf_OBJ_txt2nid #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -477,6 +479,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define CRYPTO_dynlock_value WOLFSSL_dynlock_value typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; +#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs +#define sk_X509_pop_free wolfSSL_sk_X509_pop_free #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal @@ -492,6 +496,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 +#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options #endif /* HAVE_STUNNEL */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5a30c8c81..136c6bbd9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1620,6 +1620,8 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) +WOLFSSL_API char * wolf_OBJ_nid2ln(int n); +WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, @@ -1643,6 +1645,9 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, void (*callback) (int, int, void *), void *cb_arg); +WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, + void (*callback) (int, int, void *)); + WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); @@ -1708,6 +1713,19 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); + +WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); + +WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); + +WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); + +WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); + +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX*, + WOLFSSL_X509_NAME*); + +WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); #endif /* HAVE_STUNNEL */ #ifdef WOLFSSL_JNI From b87c7fb4609506ad9c304880efd8f8ad51a5e158 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 15 Dec 2015 13:50:01 -0700 Subject: [PATCH 13/15] install user_rsa.h and fix leading bit function --- Makefile.am | 4 ++ wolfcrypt/user-crypto/include/user_rsa.h | 2 +- wolfcrypt/user-crypto/src/rsa.c | 91 ++++++++++++++++++------ 3 files changed, 75 insertions(+), 22 deletions(-) diff --git a/Makefile.am b/Makefile.am index 043b9328d..d44fc3413 100644 --- a/Makefile.am +++ b/Makefile.am @@ -61,6 +61,10 @@ EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP +if BUILD_FAST_RSA +include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h +endif + # user crypto plug in example EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh diff --git a/wolfcrypt/user-crypto/include/user_rsa.h b/wolfcrypt/user-crypto/include/user_rsa.h index ab5436203..21b7b7a31 100644 --- a/wolfcrypt/user-crypto/include/user_rsa.h +++ b/wolfcrypt/user-crypto/include/user_rsa.h @@ -106,7 +106,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) /* abstracted BN operations with RSA key */ WOLFSSL_API int wc_Rsa_leading_bit(void* BN); WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN); diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index a61d61781..1bd708aff 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -91,22 +91,56 @@ int wc_InitRsaKey(RsaKey* key, void* heap) } -#ifdef WOLFSSL_CERT_GEN /* three functions needed for cert gen */ +/* three functions needed for cert and key gen */ +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) /* return 1 if there is a leading bit*/ int wc_Rsa_leading_bit(void* bn) { int ret = 0; - if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) { - USER_DEBUG(("Rsa leading bit error\n")); + int dataSz; + Ipp32u* data; + Ipp32u q; + int qSz = sizeof(Ipp32u); + + if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) { + USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n")); return USER_CRYPTO_ERROR; } - return (ret % 8)? 1 : 0; /* if mod 8 bit then an extra byte is needed */ + + /* convert from size in binary to Ipp32u */ + dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0); + data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL, + DYNAMIC_TYPE_USER_CRYPTO); + if (data == NULL) { + USER_DEBUG(("Rsa leading bit memory error\n")); + return 0; + } + + /* extract value from BN */ + if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) { + USER_DEBUG(("Rsa leading bit error\n")); + XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); + return 0; + } + + /* use method like what's used in wolfssl tfm.c */ + q = data[dataSz - 1]; + + ret = 0; + while (qSz > 0) { + if (q != 0) + ret = (q & 0x80) != 0; + q >>= 8; + qSz--; + } + + XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); + + return ret; } -/* get the size in bytes of BN - cuts off if extra byte is needed so recommended to check wc_Rsa_leading_bit - and adding it to this return value before mallocing memory needed */ +/* get the size in bytes of BN */ int wc_Rsa_unsigned_bin_size(void* bn) { int ret = 0; @@ -114,7 +148,7 @@ int wc_Rsa_unsigned_bin_size(void* bn) USER_DEBUG(("Rsa unsigned bin size error\n")); return USER_CRYPTO_ERROR; } - return ret / 8; /* size in bytes */ + return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */ } #ifndef MP_OKAY @@ -125,12 +159,12 @@ int wc_Rsa_unsigned_bin_size(void* bn) int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen) { if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) { - USER_DEBUG(("Rsa unsigned bin error\n")); + USER_DEBUG(("Rsa to unsigned bin error\n")); return USER_CRYPTO_ERROR; } return MP_OKAY; } -#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_CERT_GEN or WOLFSSL_KEY_GEN */ #ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */ @@ -1936,6 +1970,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) IppsBigNumState* pSrcPublicExp; Ipp8u* scratchBuffer; + Ipp8u eAry[8]; int trys = 8; /* Miller-Rabin test parameter */ IppsPrimeState* pPrime; @@ -2015,11 +2050,16 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) /* set up initial value of pScrPublicExp */ leng = (int)sizeof(long); /* # of Ipp32u in long */ + + /* place the value of e into the array eAry then load into BN */ + for (i = 0; i < leng; i++) { + eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF; + } ret = init_bn(&pSrcPublicExp, leng); if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; - ret = ippsSetOctString_BN((Ipp8u*)&e, leng, pSrcPublicExp); + ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp); if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; @@ -2300,10 +2340,12 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, return USER_CRYPTO_ERROR; #endif - if (ippsExtGet_BN(NULL, &rawLen, NULL, key->n) != ippStsNoErr) + leadingBit = wc_Rsa_leading_bit(key->n); + rawLen = wc_Rsa_unsigned_bin_size(key->n); + if ((int)rawLen < 0) { return USER_CRYPTO_ERROR; - leadingBit = rawLen % 8; /* check for if an extra byte is needed */ - rawLen = rawLen/8; /* convert to byte size */ + } + rawLen = rawLen + leadingBit; n[0] = ASN_INTEGER; nSz = SetLength(rawLen, n + 1) + 1; /* int tag */ @@ -2339,10 +2381,12 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, } #endif - if (ippsExtGet_BN(NULL, &rawLen, NULL, key->e) != ippStsNoErr) + leadingBit = wc_Rsa_leading_bit(key->e); + rawLen = wc_Rsa_unsigned_bin_size(key->e); + if ((int)rawLen < 0) { return USER_CRYPTO_ERROR; - leadingBit = rawLen % 8; - rawLen = rawLen/8; + } + rawLen = rawLen + leadingBit; e[0] = ASN_INTEGER; eSz = SetLength(rawLen, e + 1) + 1; /* int tag */ @@ -2510,15 +2554,18 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) Ipp32u isZero; IppsBigNumState* keyInt = GetRsaInt(key, i); - /* leading zero */ ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */ - ippsExtGet_BN(NULL, (int*)&rawLen, NULL, keyInt); /* bit length */ - if (rawLen % 8 || !isZero) + rawLen = wc_Rsa_unsigned_bin_size(keyInt); + if ((int)rawLen < 0) { + return USER_CRYPTO_ERROR; + } + + /* leading zero */ + if (!isZero || wc_Rsa_leading_bit(keyInt)) lbit = 1; else lbit = 0; - rawLen /= 8; /* convert to bytes */ rawLen += lbit; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, @@ -2548,6 +2595,8 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) } else { ret = USER_CRYPTO_ERROR; + USER_DEBUG(("ippsGetOctString_BN error %s\n", + ippGetStatusString(err))); break; } } From 1cdc6d5edb93c3538b91cbc12151d7ee28969f5a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 15 Dec 2015 16:09:49 -0700 Subject: [PATCH 14/15] refactoring dist and install of user/fast-rsa --- Makefile.am | 14 +------------- wolfcrypt/user-crypto/include.am | 13 +++++++++++++ 2 files changed, 14 insertions(+), 13 deletions(-) create mode 100644 wolfcrypt/user-crypto/include.am diff --git a/Makefile.am b/Makefile.am index d44fc3413..2180ecc37 100644 --- a/Makefile.am +++ b/Makefile.am @@ -61,19 +61,6 @@ EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP -if BUILD_FAST_RSA -include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h -endif - -# user crypto plug in example -EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac -EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh -EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h -EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c -EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep -EXTRA_DIST+= wolfcrypt/user-crypto/README.txt -EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am - include wrapper/include.am include cyassl/include.am include wolfssl/include.am @@ -85,6 +72,7 @@ include swig/include.am include src/include.am include support/include.am +include wolfcrypt/user-crypto/include.am include wolfcrypt/benchmark/include.am include wolfcrypt/src/include.am include wolfcrypt/test/include.am diff --git a/wolfcrypt/user-crypto/include.am b/wolfcrypt/user-crypto/include.am new file mode 100644 index 000000000..6cc8577ab --- /dev/null +++ b/wolfcrypt/user-crypto/include.am @@ -0,0 +1,13 @@ + +if BUILD_FAST_RSA +include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h +endif + +# user crypto plug in example +EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac +EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh +EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h +EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c +EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep +EXTRA_DIST+= wolfcrypt/user-crypto/README.txt +EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am From 3113c8db9bc5d05b9dc44909d39495b94e4869c8 Mon Sep 17 00:00:00 2001 From: lchristina26 Date: Tue, 15 Dec 2015 16:52:21 -0700 Subject: [PATCH 15/15] update VXWORKS GenerateSeed() - no printf, error return --- wolfcrypt/src/random.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index cb623ab37..6456825b7 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1275,8 +1275,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) /* RANDOM ENTORPY INJECT component must be enabled in VSB project */ status = randBytes (output, sz); if (status == ERROR) { - printf("Random seed failed! Enable RANDOM ENTROPY INJECT."); - return status; + WOLFSSL_MSG("Random seed failed! Enable RANDOM ENTROPY INJECT."); + return RNG_FAILURE_E; } return 0;