wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfSSL/wolfssl

Browse Source
This commit is contained in:
kaleb-himes
2015-12-16 11:37:07 -07:00
parent 97dcb5e567 ed8a50ce69
commit 46c4653f60
19 changed files with 303 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
IDE/WORKBENCH/README.md
View File

@@ -50,11 +50,21 @@ wolfcrypt directories. Uncheck the following:
\#ifdef WOLFSSL\_VXWORKS block, a new GenerateSeed() function will need to be defined
in wolfcrypt/src/random.c.
8. Include Entropy:
- Create a new project, similar to step 1 but choose VxWorks Source Build Project as the type of project instead of VxWorks Image Project.
- In the project directory, double click "Source Build Configuration" and under os > core > CORE\_KERNEL Menu > VxWorks Kernel Component Configuration find "Inject entropy in interrupts". Double click this.
- Go back to your VIP project. Right click the project and select "Properties".
- In "Properties", select "Project References". Check the box next to the new project you created. Click "Ok".
- Rebuild the project.
####3 Testing wolfSSL with VxWorks:
#####3.1 wolfCrypt Test and Benchmark Applications
The wolfCrypt test application will test each of the cryptographic algorithms
and output the status for each as a success or failure. The benchmark application will output the runtime of
the cryptographic algorithms in milliseconds.
and output the status for each as a success or failure. The benchmark application will output the runtime of the cryptographic algorithms in milliseconds.
1. Include the following at the top of usrAppInit.c:

10
Makefile.am
View File

@@ -61,15 +61,6 @@ EXTRA_DIST+= LICENSING
EXTRA_DIST+= INSTALL
EXTRA_DIST+= IPP
# user crypto plug in example
EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am
include wrapper/include.am
include cyassl/include.am
include wolfssl/include.am
@@ -81,6 +72,7 @@ include swig/include.am
include src/include.am
include support/include.am
include wolfcrypt/user-crypto/include.am
include wolfcrypt/benchmark/include.am
include wolfcrypt/src/include.am
include wolfcrypt/test/include.am

147
src/internal.c
View File

@@ -84,7 +84,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#endif
static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type);
const byte* input, int inSz, int type, int hashOutput);
#ifndef NO_WOLFSSL_CLIENT
static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
@@ -967,14 +967,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
if (tls && haveRSA) {
if (tls1_2 && haveRSA) {
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
if (tls && haveRSA) {
if (tls1_2 && haveRSA) {
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
}
@@ -2282,6 +2282,7 @@ int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz)
return MEMORY_ERROR;
}
XMEMCPY(pBuf->buffer, src, sz);
pool->epoch[pool->used] = ssl->keys.dtls_epoch;
pBuf->length = (word32)sz;
pool->used++;
}
@@ -2331,40 +2332,53 @@ int DtlsPoolTimeout(WOLFSSL* ssl)
int DtlsPoolSend(WOLFSSL* ssl)
{
int ret;
DtlsPool *pool = ssl->dtls_pool;
DtlsPool* pool = ssl->dtls_pool;
if (pool != NULL && pool->used > 0) {
int ret = 0;
int i;
for (i = 0; i < pool->used; i++) {
int sendResult;
buffer* buf = &pool->buf[i];
buffer* buf;
DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer;
word16 message_epoch;
ato16(dtls->epoch, &message_epoch);
if (message_epoch == ssl->keys.dtls_epoch) {
/* Increment record sequence number on retransmitted handshake
* messages */
c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number);
ssl->keys.dtls_sequence_number++;
}
else {
/* The Finished message is sent with the next epoch, keep its
* sequence number */
}
for (i = 0, buf = pool->buf; i < pool->used; i++, buf++) {
if (pool->epoch[i] == 0) {
DtlsRecordLayerHeader* dtls;
dtls = (DtlsRecordLayerHeader*)buf->buffer;
c32to48(ssl->keys.dtls_prev_sequence_number++,
dtls->sequence_number);
if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
return ret;
XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
XMEMCPY(ssl->buffers.outputBuffer.buffer,
buf->buffer, buf->length);
ssl->buffers.outputBuffer.idx = 0;
ssl->buffers.outputBuffer.length = buf->length;
}
else if (pool->epoch[i] == ssl->keys.dtls_epoch) {
byte* input;
byte* output;
int inputSz, sendSz;
sendResult = SendBuffered(ssl);
if (sendResult < 0) {
return sendResult;
input = buf->buffer;
inputSz = buf->length;
sendSz = inputSz + MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret;
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 0);
if (sendSz < 0)
return BUILD_MSG_ERROR;
ssl->buffers.outputBuffer.length += sendSz;
}
ret = SendBuffered(ssl);
if (ret < 0) {
return ret;
}
}
}
@@ -5091,14 +5105,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
if (!ssl->options.resuming) {
ssl->options.handShakeState = HANDSHAKE_DONE;
ssl->options.handShakeDone = 1;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
/* Other side has received our Finished, go to next epoch */
ssl->keys.dtls_epoch++;
ssl->keys.dtls_sequence_number = 1;
}
#endif
}
}
else {
@@ -5106,14 +5112,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
if (ssl->options.resuming) {
ssl->options.handShakeState = HANDSHAKE_DONE;
ssl->options.handShakeDone = 1;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
/* Other side has received our Finished, go to next epoch */
ssl->keys.dtls_epoch++;
ssl->keys.dtls_sequence_number = 1;
}
#endif
}
}
@@ -7464,7 +7462,7 @@ int SendChangeCipher(WOLFSSL* ssl)
input[0] = 1; /* turn it on */
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
change_cipher_spec);
change_cipher_spec, 0);
if (sendSz < 0)
return sendSz;
}
@@ -7694,7 +7692,7 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
/* Build SSL Message, encrypted */
static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type)
const byte* input, int inSz, int type, int hashOutput)
{
#ifdef HAVE_TRUNCATED_HMAC
word32 digestSz = min(ssl->specs.hash_size,
@@ -7769,7 +7767,7 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
XMEMCPY(output + idx, input, inSz);
idx += inSz;
if (type == handshake) {
if (type == handshake && hashOutput) {
ret = HashOutput(ssl, output, headerSz + inSz, ivSz);
if (ret != 0)
return ret;
@@ -7843,11 +7841,6 @@ int SendFinished(WOLFSSL* ssl)
int headerSz = HANDSHAKE_HEADER_SZ;
int outputSz;
#ifdef WOLFSSL_DTLS
word32 sequence_number = ssl->keys.dtls_sequence_number;
word16 epoch = ssl->keys.dtls_epoch;
#endif
/* setup encrypt keys */
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
@@ -7859,11 +7852,11 @@ int SendFinished(WOLFSSL* ssl)
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
/* Send Finished message with the next epoch, but don't commit that
* change until the other end confirms its reception. */
headerSz += DTLS_HANDSHAKE_EXTRA;
ssl->keys.dtls_epoch++;
ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */
ssl->keys.dtls_prev_sequence_number =
ssl->keys.dtls_sequence_number;
ssl->keys.dtls_sequence_number = 0;
}
#endif
@@ -7890,18 +7883,18 @@ int SendFinished(WOLFSSL* ssl)
}
#endif
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake);
if (sendSz < 0)
return BUILD_MSG_ERROR;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
ssl->keys.dtls_epoch = epoch;
ssl->keys.dtls_sequence_number = sequence_number;
if ((ret = DtlsPoolSave(ssl, input, headerSz + finishedSz)) != 0)
return ret;
}
#endif
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake, 1);
if (sendSz < 0)
return BUILD_MSG_ERROR;
if (!ssl->options.resuming) {
#ifndef NO_SESSION_CACHE
AddSession(ssl); /* just try */
@@ -7909,36 +7902,14 @@ int SendFinished(WOLFSSL* ssl)
if (ssl->options.side == WOLFSSL_SERVER_END) {
ssl->options.handShakeState = HANDSHAKE_DONE;
ssl->options.handShakeDone = 1;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
/* Other side will soon receive our Finished, go to next
* epoch. */
ssl->keys.dtls_epoch++;
ssl->keys.dtls_sequence_number = 1;
}
#endif
}
}
else {
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ssl->options.handShakeState = HANDSHAKE_DONE;
ssl->options.handShakeDone = 1;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
/* Other side will soon receive our Finished, go to next
* epoch. */
ssl->keys.dtls_epoch++;
ssl->keys.dtls_sequence_number = 1;
}
#endif
}
}
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
return ret;
}
#endif
#ifdef WOLFSSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
@@ -8146,7 +8117,7 @@ int SendCertificate(WOLFSSL* ssl)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
}
sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)
@@ -8361,7 +8332,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
}
#endif
sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
application_data);
application_data, 0);
if (sendSz < 0)
return BUILD_MSG_ERROR;
@@ -8512,7 +8483,7 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
/* only send encrypted alert if handshake actually complete, otherwise
other side may not be able to handle it */
if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert);
sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,alert,0);
else {
AddRecordHeader(output, ALERT_SIZE, alert, ssl);
@@ -10141,7 +10112,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)
@@ -12313,7 +12284,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake);
handshake, 1);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0) {
#ifdef WOLFSSL_SMALL_STACK
@@ -12686,7 +12657,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output,
MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
input, inputSz, handshake);
input, inputSz, handshake, 1);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)

83
src/ssl.c
View File

@@ -16422,6 +16422,23 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
char * wolf_OBJ_nid2ln(int n) {
(void)n;
WOLFSSL_ENTER("wolf_OBJ_nid2ln");
WOLFSSL_STUB("wolf_OBJ_nid2ln");
return NULL;
}
int wolf_OBJ_txt2nid(const char* s) {
(void)s;
WOLFSSL_ENTER("wolf_OBJ_txt2nid");
WOLFSSL_STUB("wolf_OBJ_txt2nid");
return 0;
}
WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
(void)filename;
(void)mode;
@@ -16502,6 +16519,13 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
/* stunnel compatability functions*/
#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
void WOLFSSL_ERR_remove_thread_state(void* pid)
{
(void) pid;
return;
}
int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
@@ -16567,6 +16591,19 @@ WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
return NULL;
}
int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator,
void (*callback) (int, int, void *))
{
(void)prime_len;
(void)generator;
(void)callback;
(void)dh;
WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
WOLFSSL_STUB("wolfSSL_DH_generate_parameters_ex");
return -1;
}
void wolfSSL_ERR_load_crypto_strings(void)
{
@@ -16865,6 +16902,52 @@ void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
if (ctx)
ctx->sniRecvCbArg = arg;
}
long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
{
WOLFSSL_ENTER("SSL_CTX_clear_options");
WOLFSSL_STUB("SSL_CTX_clear_options");
(void)ctx;
(void)opt;
return opt;
}
void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*))
{
WOLFSSL_ENTER("wolfSSL_THREADID_set_callback");
WOLFSSL_STUB("wolfSSL_THREADID_set_callback");
(void)threadid_func;
return;
}
void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
{
WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric");
WOLFSSL_STUB("wolfSSL_THREADID_set_numeric");
(void)id;
(void)val;
return;
}
WOLFSSL_X509* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX* ctx,
WOLFSSL_X509_NAME* name)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
WOLFSSL_STUB("wolfSSL_X509_STORE_get1_certs");
(void)ctx;
(void)name;
return NULL;
}
void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){
(void) sk;
(void) f;
WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
WOLFSSL_STUB("wolfSSL_sk_X509_pop_free");
}
#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)

2
wolfcrypt/src/aes.c
View File

@@ -2166,7 +2166,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
wc_AesEncrypt(aes, in + offset, out + offset);
wc_AesDecrypt(aes, in + offset, out + offset);
/* XOR block with IV for CBC */
for (i = 0; i < AES_BLOCK_SIZE; i++)

12
wolfcrypt/src/asn.c
View File

@@ -1980,11 +1980,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
mp_int* keyInt = GetDsaInt(key, i);
/* leading zero */
if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
lbit = 1;
else
lbit = 0;
lbit = mp_leading_bit(keyInt);
rawLen = mp_unsigned_bin_size(keyInt) + lbit;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
@@ -5606,11 +5602,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
mp_int* keyInt = GetRsaInt(key, i);
/* leading zero */
if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
lbit = 1;
else
lbit = 0;
lbit = mp_leading_bit(keyInt);
rawLen = mp_unsigned_bin_size(keyInt) + lbit;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,

17
wolfcrypt/src/random.c
View File

@@ -1285,6 +1285,23 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_VXWORKS)
#include <randomNumGen.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) {
STATUS status;
/* RANDOM ENTORPY INJECT component must be enabled in VSB project */
status = randBytes (output, sz);
if (status == ERROR) {
WOLFSSL_MSG("Random seed failed! Enable RANDOM ENTROPY INJECT.");
return RNG_FAILURE_E;
}
return 0;
}
#elif defined(CUSTOM_RAND_GENERATE)
/* Implement your own random generation function

2
wolfcrypt/src/signature.c
View File

@@ -175,7 +175,7 @@ int wc_SignatureGenerate(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len, RNG* rng)
const void* key, word32 key_len, WC_RNG* rng)
{
int ret, hash_len;
byte *hash_data = NULL;

13
wolfcrypt/user-crypto/include.am Normal file
View File

@@ -0,0 +1,13 @@
if BUILD_FAST_RSA
include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h
endif
# user crypto plug in example
EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac
EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh
EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h
EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c
EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep
EXTRA_DIST+= wolfcrypt/user-crypto/README.txt
EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am

2
wolfcrypt/user-crypto/include/user_rsa.h
View File

@@ -106,7 +106,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
word32*);
#ifdef WOLFSSL_CERT_GEN
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)
/* abstracted BN operations with RSA key */
WOLFSSL_API int wc_Rsa_leading_bit(void* BN);
WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN);

91
wolfcrypt/user-crypto/src/rsa.c
View File

@@ -91,22 +91,56 @@ int wc_InitRsaKey(RsaKey* key, void* heap)
}
#ifdef WOLFSSL_CERT_GEN /* three functions needed for cert gen */
/* three functions needed for cert and key gen */
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)
/* return 1 if there is a leading bit*/
int wc_Rsa_leading_bit(void* bn)
{
int ret = 0;
if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) {
USER_DEBUG(("Rsa leading bit error\n"));
int dataSz;
Ipp32u* data;
Ipp32u q;
int qSz = sizeof(Ipp32u);
if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) {
USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n"));
return USER_CRYPTO_ERROR;
}
return (ret % 8)? 1 : 0; /* if mod 8 bit then an extra byte is needed */
/* convert from size in binary to Ipp32u */
dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0);
data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (data == NULL) {
USER_DEBUG(("Rsa leading bit memory error\n"));
return 0;
}
/* extract value from BN */
if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) {
USER_DEBUG(("Rsa leading bit error\n"));
XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return 0;
}
/* use method like what's used in wolfssl tfm.c */
q = data[dataSz - 1];
ret = 0;
while (qSz > 0) {
if (q != 0)
ret = (q & 0x80) != 0;
q >>= 8;
qSz--;
}
XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return ret;
}
/* get the size in bytes of BN
cuts off if extra byte is needed so recommended to check wc_Rsa_leading_bit
and adding it to this return value before mallocing memory needed */
/* get the size in bytes of BN */
int wc_Rsa_unsigned_bin_size(void* bn)
{
int ret = 0;
@@ -114,7 +148,7 @@ int wc_Rsa_unsigned_bin_size(void* bn)
USER_DEBUG(("Rsa unsigned bin size error\n"));
return USER_CRYPTO_ERROR;
}
return ret / 8; /* size in bytes */
return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */
}
#ifndef MP_OKAY
@@ -125,12 +159,12 @@ int wc_Rsa_unsigned_bin_size(void* bn)
int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen)
{
if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) {
USER_DEBUG(("Rsa unsigned bin error\n"));
USER_DEBUG(("Rsa to unsigned bin error\n"));
return USER_CRYPTO_ERROR;
}
return MP_OKAY;
}
#endif /* WOLFSSL_CERT_GEN */
#endif /* WOLFSSL_CERT_GEN or WOLFSSL_KEY_GEN */
#ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */
@@ -1936,6 +1970,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
IppsBigNumState* pSrcPublicExp;
Ipp8u* scratchBuffer;
Ipp8u eAry[8];
int trys = 8; /* Miller-Rabin test parameter */
IppsPrimeState* pPrime;
@@ -2015,11 +2050,16 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
/* set up initial value of pScrPublicExp */
leng = (int)sizeof(long); /* # of Ipp32u in long */
/* place the value of e into the array eAry then load into BN */
for (i = 0; i < leng; i++) {
eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF;
}
ret = init_bn(&pSrcPublicExp, leng);
if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR;
ret = ippsSetOctString_BN((Ipp8u*)&e, leng, pSrcPublicExp);
ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp);
if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR;
@@ -2300,10 +2340,12 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
return USER_CRYPTO_ERROR;
#endif
if (ippsExtGet_BN(NULL, &rawLen, NULL, key->n) != ippStsNoErr)
leadingBit = wc_Rsa_leading_bit(key->n);
rawLen = wc_Rsa_unsigned_bin_size(key->n);
if ((int)rawLen < 0) {
return USER_CRYPTO_ERROR;
leadingBit = rawLen % 8; /* check for if an extra byte is needed */
rawLen = rawLen/8; /* convert to byte size */
}
rawLen = rawLen + leadingBit;
n[0] = ASN_INTEGER;
nSz = SetLength(rawLen, n + 1) + 1; /* int tag */
@@ -2339,10 +2381,12 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
}
#endif
if (ippsExtGet_BN(NULL, &rawLen, NULL, key->e) != ippStsNoErr)
leadingBit = wc_Rsa_leading_bit(key->e);
rawLen = wc_Rsa_unsigned_bin_size(key->e);
if ((int)rawLen < 0) {
return USER_CRYPTO_ERROR;
leadingBit = rawLen % 8;
rawLen = rawLen/8;
}
rawLen = rawLen + leadingBit;
e[0] = ASN_INTEGER;
eSz = SetLength(rawLen, e + 1) + 1; /* int tag */
@@ -2510,15 +2554,18 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
Ipp32u isZero;
IppsBigNumState* keyInt = GetRsaInt(key, i);
/* leading zero */
ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */
ippsExtGet_BN(NULL, (int*)&rawLen, NULL, keyInt); /* bit length */
if (rawLen % 8 || !isZero)
rawLen = wc_Rsa_unsigned_bin_size(keyInt);
if ((int)rawLen < 0) {
return USER_CRYPTO_ERROR;
}
/* leading zero */
if (!isZero || wc_Rsa_leading_bit(keyInt))
lbit = 1;
else
lbit = 0;
rawLen /= 8; /* convert to bytes */
rawLen += lbit;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
@@ -2548,6 +2595,8 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
}
else {
ret = USER_CRYPTO_ERROR;
USER_DEBUG(("ippsGetOctString_BN error %s\n",
ippGetStatusString(err)));
break;
}
}

4
wolfssl/internal.h
View File

@@ -1445,8 +1445,9 @@ typedef struct Keys {
word16 dtls_peer_handshake_number;
word16 dtls_expected_peer_handshake_number;
word16 dtls_epoch; /* Current tx epoch */
word32 dtls_sequence_number; /* Current tx sequence */
word32 dtls_prev_sequence_number; /* Previous epoch's seq number*/
word16 dtls_epoch; /* Current tx epoch */
word16 dtls_handshake_number; /* Current tx handshake seq */
#endif
@@ -2289,6 +2290,7 @@ typedef struct DtlsRecordLayerHeader {
typedef struct DtlsPool {
buffer buf[DTLS_POOL_SZ];
word16 epoch[DTLS_POOL_SZ];
int used;
} DtlsPool;

4
wolfssl/openssl/crypto.h
View File

@@ -14,6 +14,8 @@
WOLFSSL_API const char* wolfSSLeay_version(int type);
WOLFSSL_API unsigned long wolfSSLeay(void);
#define CRYPTO_THREADID void
#define SSLeay_version wolfSSLeay_version
#define SSLeay wolfSSLeay
@@ -28,6 +30,8 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA;
typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
long argl, void* argp);
#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback
#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric
#endif /* HAVE_STUNNEL */
#endif /* header */

1
wolfssl/openssl/dh.h
View File

@@ -50,5 +50,6 @@ typedef WOLFSSL_DH DH;
#ifdef HAVE_STUNNEL
#define DH_generate_parameters wolfSSL_DH_generate_parameters
#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex
#endif /* HAVE_STUNNEL */
#endif /* header */

2
wolfssl/openssl/opensslv.h
View File

@@ -8,7 +8,7 @@
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x0090700fL
#define OPENSSL_VERSION_NUMBER 0x10001000L
#else
#define OPENSSL_VERSION_NUMBER 0x0090810fL
#endif

6
wolfssl/openssl/ssl.h
View File

@@ -431,6 +431,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
#define OBJ_nid2ln wolf_OBJ_nid2ln
#define OBJ_txt2nid wolf_OBJ_txt2nid
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
@@ -477,6 +479,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define CRYPTO_dynlock_value WOLFSSL_dynlock_value
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
@@ -492,6 +496,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define PSK_MAX_PSK_LEN 256
#define PSK_MAX_IDENTITY_LEN 128
#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state
#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
#endif /* HAVE_STUNNEL */

18
wolfssl/ssl.h
View File

@@ -1620,6 +1620,8 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
WOLFSSL_API char * wolf_OBJ_nid2ln(int n);
WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
@@ -1643,6 +1645,9 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch
WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int, void *), void *cb_arg);
WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
void (*callback) (int, int, void *));
WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
@@ -1708,6 +1713,19 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv);
WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX*,
WOLFSSL_X509_NAME*);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
#endif /* HAVE_STUNNEL */
#ifdef WOLFSSL_JNI

4
wolfssl/wolfcrypt/ecc.h
View File

@@ -85,6 +85,10 @@ typedef struct {
* Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
*/
#ifndef USE_FAST_MATH
#error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
#endif
#ifndef FP_MAX_BITS_ECC
#define FP_MAX_BITS_ECC 528
#endif

2
wolfssl/wolfcrypt/signature.h
View File

@@ -54,7 +54,7 @@ WOLFSSL_API int wc_SignatureGenerate(
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
RNG* rng);
WC_RNG* rng);
#ifdef __cplusplus
} /* extern "C" */