Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev

This commit is contained in:
jrblixt
2017-05-12 02:04:58 -06:00
80 changed files with 14328 additions and 1845 deletions
+16 -1
View File
@@ -91,7 +91,18 @@ ecc-key.pem
certreq.der
certreq.pem
pkcs7cert.der
pkcs7signedData.der
pkcs7signedData_RSA_SHA.der
pkcs7signedData_RSA_SHA_noattr.der
pkcs7signedData_RSA_SHA224.der
pkcs7signedData_RSA_SHA256.der
pkcs7signedData_RSA_SHA384.der
pkcs7signedData_RSA_SHA512.der
pkcs7signedData_ECDSA_SHA.der
pkcs7signedData_ECDSA_SHA_noattr.der
pkcs7signedData_ECDSA_SHA224.der
pkcs7signedData_ECDSA_SHA256.der
pkcs7signedData_ECDSA_SHA384.der
pkcs7signedData_ECDSA_SHA512.der
pkcs7envelopedDataDES3.der
pkcs7envelopedDataAES128CBC.der
pkcs7envelopedDataAES192CBC.der
@@ -196,7 +207,11 @@ wrapper/CSharp/x64/
# Visual Studio Code Workspace Files
*.vscode
IDE/INTIME-RTOS/Debug_*
# Hexiwear
IDE/HEXIWEAR/wolfSSL_HW/Debug
# Binaries
wolfcrypt/src/port/intel/qat_test
+11
View File
@@ -13,3 +13,14 @@ if [ "$DIR" = "ARDUINO" ]; then
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
fi
#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
# they are included inline and should not be compiled directly
ARDUINO_DIR=${PWD}
cd ../../
rm bio.c
rm evp.c
cd $ARDUINO_DIR
# end script in the origin directory for any future functionality that may be added.
#End UPDATE: 19 Apr 2017
+143
View File
@@ -0,0 +1,143 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" moduleId="org.eclipse.cdt.core.settings" name="Debug">
<macros>
<stringMacro name="PROJECT_KSDK_PATH" type="VALUE_TEXT" value="~/Work/KSDK_1.3.0"/>
</macros>
<externalSettings>
<externalSetting>
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfSSL_HW"/>
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfSSL_HW/Debug"/>
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl_hw" srcPrefixMapping="" srcRootPath=""/>
</externalSetting>
</externalSettings>
<extensions>
<extension id="org.eclipse.cdt.managedbuilder.core.ManagedBuildManager" point="org.eclipse.cdt.core.ScannerInfoProvider"/>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactExtension="a" artifactName="wolfssl_hw" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" name="Debug" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug">
<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395." name="/" resourcePath="">
<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug.955851768" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.1637878147" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.none" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.596937133" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.412948756" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1412387181" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.1877241998" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.2038051180" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.max" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1062002269" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.1592667634" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m4" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1112951710" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1079530716" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.192917244" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.2108482930" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.500222702" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.175873499" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1700937041" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1874549763" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.178137928" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1274071175" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.655658023" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.1937238341" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1476617138" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1035232247" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto.8601271" name="Link-time optimizer (-flto)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto" value="false" valueType="boolean"/>
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.817253425" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
<builder buildPath="${workspace_loc:/wolfSSL_HW}/Debug" id="ilg.gnuarmeclipse.managedbuild.cross.builder.2043375702" keepEnvironmentInBuildfile="false" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1135882719" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.369489760" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1086496768" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989" name="Cross ARM GNU C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.9643995" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.349147702" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="false" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}/../../../&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/devices&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/CMSIS/Include&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/devices/MK64F12/startup&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/drivers/inc&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/hal/inc&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/osa/inc&quot;"/>
<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/utilities/inc&quot;"/>
</option>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1294205548" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
<listOptionValue builtIn="false" value="&quot;CPU_MK64FN1M0VMD12&quot;"/>
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
</option>
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726" name="Cross ARM GNU C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths.1452713629" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths" useByScannerDiscovery="false"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs.497680378" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
<listOptionValue builtIn="false" value="&quot;CPU_MK64FN1M0VMD12&quot;"/>
</option>
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.506002589" name="Cross ARM GNU C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.1489822225" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.575756954" name="Cross ARM GNU C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.11344634" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths.1878565771" name="Library search path (-L)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths" valueType="libPaths">
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/Project_Settings/Linker_Files&quot;"/>
</option>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1517060693" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="-specs=nosys.specs -specs=nano.specs -Xlinker -z -Xlinker muldefs" valueType="string"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile.468376236" name="Script files (-T)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;MK64FN1M0xxx12_flash.ld&quot;"/>
</option>
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.955790366" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
<additionalInput kind="additionalinput" paths="$(LIBS)"/>
</inputType>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1962941231" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1365673947" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.790507756" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.1929510617" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.573901902" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.2051558160" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.851594065" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.1352373056" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
</tool>
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.934998862" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.1738611770" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
</tool>
</toolChain>
</folderInfo>
<sourceEntries>
<entry excluding="wolfcrypt/src/integer.c|wolfcrypt/src/misc.c|src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|SDK|wolfssl/wolfcrypt/port|wolfcrypt/src/port|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="wolfSSL_HW.ilg.gnuarmeclipse.managedbuild.cross.target.elf.1053752509" name="Executable" projectType="ilg.gnuarmeclipse.managedbuild.cross.target.elf"/>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="Debug">
<resource resourceType="PROJECT" workspacePath="/wolfSSL_HW"/>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>
@@ -0,0 +1,19 @@
Sources/main.c
Project_Settings/Linker_Files/MK64FN1M0xxx12_flash.ld
SDK/platform/CMSIS/Include/core_cmSimd.h
SDK/platform/devices/MK64F12/include/MK64F12.h
SDK/platform/CMSIS/Include/arm_common_tables.h
SDK/platform/CMSIS/Include/arm_const_structs.h
SDK/platform/devices/MK64F12/include/MK64F12_features.h
SDK/platform/CMSIS/Include/core_cm4.h
SDK/platform/CMSIS/Include/core_cmFunc.h
SDK/platform/CMSIS/Include/core_cmInstr.h
SDK/platform/devices/fsl_device_registers.h
SDK/platform/devices/MK64F12/include/fsl_bitaccess.h
SDK/platform/CMSIS/Include/arm_math.h
SDK/platform/devices/MK64F12/include/MK64F12_extension.h
Project_Settings/Startup_Code/startup.c
Project_Settings/Startup_Code/system_MK64F12.c
Project_Settings/Startup_Code/startup.h
Project_Settings/Startup_Code/startup_MK64F12.S
Project_Settings/Startup_Code/system_MK64F12.h
+50
View File
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>wolfSSL_HW</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
</natures>
<linkedResources>
<link>
<name>src</name>
<type>2</type>
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/src</locationURI>
</link>
<link>
<name>wolfcrypt</name>
<type>2</type>
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt</locationURI>
</link>
<link>
<name>wolfssl</name>
<type>2</type>
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfssl</locationURI>
</link>
</linkedResources>
<variableList>
<variable>
<name>PROJECT_KSDK_PATH</name>
<value>file:/.KSDK_1.3.0</value>
</variable>
</variableList>
</projectDescription>
@@ -0,0 +1,2 @@
eclipse.preferences.version=1
versionGenerated/versionGenerated=1.0.0.RT7_b1550-0615
+6
View File
@@ -0,0 +1,6 @@
#define FREESCALE_KSDK_BM
#define FREESCALE_KSDK_1_3
#define FSL_HW_CRYPTO_MANUAL_SELECTION
#define NO_MAIN_DRIVER
#define USE_CERT_BUFFERS_1024
#define ECC_USER_CURVES
+2 -2
View File
@@ -2,7 +2,7 @@
## Overview
This port is for the tenAsys INtime RTOS available [here](http://www.tenasys.com/tenasys-products/intime-rtos-family/overview-rtos).
This port is for the tenAsys INtime RTOS available [here](http://www.tenasys.com/intime).
To enable use the define `INTIME_RTOS`.
@@ -148,7 +148,7 @@ Client connected successfully
Using Non-Blocking I/O: 0
Message for server: Client:
Recieved: I hear ya fa shizzle!
Received: I hear ya fa shizzle!
The client has closed the connection.
```
-3
View File
@@ -13,9 +13,6 @@ extern "C" {
#undef INTIME_RTOS
#define INTIME_RTOS
#undef INTIME_RTOS_MUTEX_MAX
#define INTIME_RTOS_MUTEX_MAX 10
#undef WOLF_EXAMPLES_STACK
#define WOLF_EXAMPLES_STACK 65536
+1 -1
View File
@@ -122,7 +122,7 @@ int wolfExample_TLSClient(const char* ip, int port)
printf("Read error. Error: %d\n", ret);
goto exit;
}
printf("Recieved: \t%s\n", rcvBuff);
printf("Received: \t%s\n", rcvBuff);
}
exit:
+1 -1
View File
@@ -10,4 +10,4 @@ include IDE/ROWLEY-CROSSWORKS-ARM/include.am
include IDE/ARDUINO/include.am
include IDE/INTIME-RTOS/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR
+12 -1
View File
@@ -54,7 +54,18 @@ CLEANFILES+= cert.der \
pkcs7envelopedDataAES128CBC.der \
pkcs7envelopedDataAES192CBC.der \
pkcs7envelopedDataAES256CBC.der \
pkcs7signedData.der
pkcs7signedData_RSA_SHA.der \
pkcs7signedData_RSA_SHA_noattr.der \
pkcs7signedData_RSA_SHA224.der \
pkcs7signedData_RSA_SHA256.der \
pkcs7signedData_RSA_SHA384.der \
pkcs7signedData_RSA_SHA512.der \
pkcs7signedData_ECDSA_SHA.der \
pkcs7signedData_ECDSA_SHA_noattr.der \
pkcs7signedData_ECDSA_SHA224.der \
pkcs7signedData_ECDSA_SHA256.der \
pkcs7signedData_ECDSA_SHA384.der \
pkcs7signedData_ECDSA_SHA512.der
exampledir = $(docdir)/example
dist_example_DATA=
+68 -3
View File
@@ -3,7 +3,7 @@
Note 1)
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
key cipher suites with
WOLFSSL_STATIC_DH
@@ -12,11 +12,11 @@ key cipher suites with
WOLFSSL_STATIC_PSK
though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS. Since current
versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites.
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites.
@@ -34,6 +34,71 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes ***
********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
Release 3.11.0 of wolfSSL has bug fixes and new features including:
- Code updates for warnings reported by Coverity scans
- Testing and warning fixes for FreeBSD on PowerPC
- Updates and refactoring done to ASN1 parsing functions
- Change max PSK identity buffer to account for an identity length of 128 characters
- Update Arduino script to handle recent files and additions
- Added support for PKCS#7 Signed Data with ECDSA
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
- Added support for HAproxy load balancer
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
- Fix to not send session ID on server side if session cache is off unless we're echoing
session ID as part of session tickets
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
- Fixes for TLS elliptic curve selection on private key import.
- Fixes for RNG with Intel rdrand and rdseed speedups.
- Improved performance with Intel rdrand to use full 64-bit output
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
- Removed RNG ARC4 support
- Added ECC helpers to get size and id from curve name.
- Added ECC Cofactor DH (ECC-CDH) support
- Added ECC private key only import / export functions.
- Added PKCS8 create function
- Improvements to TLS layer CTX handling for switching keys / certs.
- Added check for duplicate certificate policy OID in certificates.
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
- Fixes for building CRL with Windows
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
- Added port for tenAsys INtime RTOS
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
- Updated WPA Supplicant support
- Added support for Nginx
- Update stunnel port for version 5.40
- Fixes for STM32 hardware crypto acceleration
- Extended test code coverage in bundled test.c
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
- Fix for a double free case when adding CA cert into X509_store.
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
Release 3.10.2 of wolfSSL has bug fixes and new features including:
+68 -3
View File
@@ -4,7 +4,7 @@
```
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
key cipher suites with
WOLFSSL_STATIC_DH
@@ -13,12 +13,12 @@ key cipher suites with
WOLFSSL_STATIC_PSK
though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS. Since current
versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites.
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites.
```
@@ -38,6 +38,71 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended.
```
# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
## Release 3.11.0 of wolfSSL has bug fixes and new features including:
- Code updates for warnings reported by Coverity scans
- Testing and warning fixes for FreeBSD on PowerPC
- Updates and refactoring done to ASN1 parsing functions
- Change max PSK identity buffer to account for an identity length of 128 characters
- Update Arduino script to handle recent files and additions
- Added support for PKCS#7 Signed Data with ECDSA
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
- Added support for HAproxy load balancer
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
- Fix to not send session ID on server side if session cache is off unless we're echoing
session ID as part of session tickets
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
- Fixes for TLS elliptic curve selection on private key import.
- Fixes for RNG with Intel rdrand and rdseed speedups.
- Improved performance with Intel rdrand to use full 64-bit output
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
- Removed RNG ARC4 support
- Added ECC helpers to get size and id from curve name.
- Added ECC Cofactor DH (ECC-CDH) support
- Added ECC private key only import / export functions.
- Added PKCS8 create function
- Improvements to TLS layer CTX handling for switching keys / certs.
- Added check for duplicate certificate policy OID in certificates.
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
- Fixes for building CRL with Windows
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
- Added port for tenAsys INtime RTOS
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
- Updated WPA Supplicant support
- Added support for Nginx
- Update stunnel port for version 5.40
- Fixes for STM32 hardware crypto acceleration
- Extended test code coverage in bundled test.c
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
- Fix for a double free case when adding CA cert into X509_store.
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
## Release 3.10.2 of wolfSSL has bug fixes and new features including:
+17
View File
@@ -16,6 +16,7 @@
# 1024/client-cert.pem
# server-ecc-comp.pem
# client-ca.pem
# test/digsigku.pem
# updates the following crls:
# crl/cliCrl.pem
# crl/crl.pem
@@ -225,6 +226,22 @@ function run_renewcerts(){
echo ""
cat client-cert.pem client-ecc-cert.pem > client-ca.pem
############################################################
###### update the self-signed test/digsigku.pem ##########
############################################################
echo "Updating test/digsigku.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
rm digsigku.csr
openssl x509 -in digsigku.pem -text > tmp.pem
mv tmp.pem digsigku.pem
mv digsigku.pem test/digsigku.pem
############################################################
########## make .der files from .pem files #################
############################################################
+7
View File
@@ -163,6 +163,13 @@ userNotice.1=@policy_usr
[ policy_usr ]
explicitText="Test of duplicate OIDs with different qualifiers"
# create certificate without the digitalSignature bit set and uses sha1 sig
[ digsigku ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical, CA:TRUE
keyUsage=critical, nonRepudiation, keyEncipherment
#tsa default
[ tsa ]
default_tsa = tsa_config1
+23 -18
View File
@@ -1,17 +1,16 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e3:81:4b:48:a5:70:61:70
Signature Algorithm: ecdsa-with-SHA1
Serial Number: 16393466893990650224 (0xe3814b48a5706170)
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
Validity
Not Before: Sep 10 00:45:36 2014 GMT
Not After : Jun 6 00:45:36 2017 GMT
Not Before: May 3 00:07:20 2017 GMT
Not After : Jan 28 00:07:20 2020 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
@@ -19,34 +18,40 @@ Certificate:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
serial:E3:81:4B:48:A5:70:61:70
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Non Repudiation, Key Encipherment
Signature Algorithm: ecdsa-with-SHA1
30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae:
c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18:
65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c:
e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00
30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e:
b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24:
2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb:
89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62
-----BEGIN CERTIFICATE-----
MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx
MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw
MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2
7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi
puPT5p95PCnYxn2I9GAMSAA=
l5Ihf/DPGNqREQI0huggWDMLgDSJ2KOCAQ0wggEJMB0GA1UdDgQWBBRdXSbvrH42
+Zt2FStKJQIj77KJMDCBxgYDVR0jBIG+MIG7gBRdXSbvrH42+Zt2FStKJQIj77KJ
MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk
Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i
-----END CERTIFICATE-----
+89 -9
View File
@@ -6,7 +6,7 @@
#
#
AC_INIT([wolfssl],[3.10.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.11.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
WOLFSSL_LIBRARY_VERSION=11:0:0
WOLFSSL_LIBRARY_VERSION=12:0:0
# | | |
# +------+ | +---+
# | | |
@@ -140,6 +140,7 @@ then
enable_shared=yes
enable_static=yes
enable_dtls=yes
enable_tls13=yes
enable_openssh=yes
enable_opensslextra=yes
enable_savesession=yes
@@ -148,6 +149,7 @@ then
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
enable_aesctr=yes
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
@@ -190,6 +192,7 @@ then
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
enable_haproxy=yes
enable_stunnel=yes
enable_nginx=yes
enable_pwdbased=yes
@@ -231,6 +234,22 @@ then
fi
# TLS v1.3
AC_ARG_ENABLE([tls13],
[ --enable-tls13 Enable wolfSSL TLS v1.3 (default: disabled)],
[ ENABLED_TLS13=$enableval ],
[ ENABLED_TLS13=no ]
)
if test "$ENABLED_TLS13" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_FFDHE_2048 $AM_CFLAGS"
AM_CFLAGS="-DWC_RSA_PSS $AM_CFLAGS"
fi
# check if TLS v1.3 was enabled for conditionally running tls13.test script
AM_CONDITIONAL([BUILD_TLS13], [test "x$ENABLED_TLS13" = "xyes"])
AC_ARG_ENABLE([rng],
[AS_HELP_STRING([--enable-rng Enable compiling and using RNG (default: enabled)])],
[ ENABLED_RNG=$enableval ],
@@ -280,6 +299,14 @@ AC_ARG_ENABLE([nginx],
[ ENABLED_NGINX=no ]
)
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
[ --enable-haproxy Enable haproxy (default: disabled)],
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
@@ -602,6 +629,23 @@ fi
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
# AES-CTR
AC_ARG_ENABLE([aesctr],
[ --enable-aesctr Enable wolfSSL AES-CTR support (default: disabled)],
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
if test "$ENABLED_AESCTR" = "yes"
then
if test "x$ENABLED_FORTRESS" != "xyes"
then
# This is already implied by fortress build
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
# AES-ARM
AC_ARG_ENABLE([armasm],
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
@@ -818,6 +862,10 @@ if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_SESSIONCERTS=yes
fi
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
if test "$ENABLED_SESSIONCERTS" = "yes"
then
@@ -903,6 +951,10 @@ AC_ARG_ENABLE([hkdf],
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
@@ -1369,6 +1421,10 @@ then
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
@@ -1806,9 +1862,10 @@ AC_ARG_ENABLE([ocspstapling],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST=yes
echo "ELLO"
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
@@ -1833,7 +1890,7 @@ AC_ARG_ENABLE([ocspstapling2],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
@@ -1861,7 +1918,7 @@ AC_ARG_ENABLE([crl],
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CRL=yes
fi
@@ -2138,7 +2195,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
@@ -2167,7 +2224,7 @@ AC_ARG_ENABLE([tlsx],
[ ENABLED_TLSX=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_TLSX=yes
fi
@@ -2418,6 +2475,21 @@ fi
if test "$ENABLED_NGINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
fi
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
@@ -3023,7 +3095,12 @@ AC_ARG_ENABLE([mcapi],
if test "$ENABLED_MCAPI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
@@ -3516,6 +3593,7 @@ echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR"
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"
@@ -3559,6 +3637,7 @@ echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * HAPROXY: $ENABLED_HAPROXY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * NGINX: $ENABLED_NGINX"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
@@ -3566,6 +3645,7 @@ echo " * DTLS: $ENABLED_DTLS"
echo " * SCTP: $ENABLED_SCTP"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * TLS v1.3: $ENABLED_TLS13"
echo " * OCSP: $ENABLED_OCSP"
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
+124 -87
View File
@@ -165,6 +165,11 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
#ifndef NO_SESSION_CACHE
WOLFSSL_SESSION* benchSession = NULL;
#endif
#ifdef WOLFSSL_TLS13
byte* reply[80];
char msg[] = "hello wolfssl!";
#endif
(void)resumeSession;
while (loops--) {
@@ -179,6 +184,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
#ifndef NO_SESSION_CACHE
@@ -206,6 +212,16 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
err_sys("SSL_connect failed");
}
#ifdef WOLFSSL_TLS13
if (resumeSession) {
if (wolfSSL_write(ssl, msg, sizeof(msg)-1) <= 0)
err_sys("SSL_write failed");
if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
err_sys("SSL_read failed");
}
#endif
wolfSSL_shutdown(ssl);
#ifndef NO_SESSION_CACHE
if (i == (times-1) && resumeSession) {
@@ -242,6 +258,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
@@ -408,15 +425,13 @@ static int StartTLS_Init(SOCKET_T* sockfd)
if (sockfd == NULL)
return BAD_FUNC_ARG;
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
/* S: 220 <host> SMTP service ready */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received");
}
@@ -427,12 +442,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
err_sys("failed to send STARTTLS EHLO command\n");
/* S: 250 <host> offers a warm hug of welcome */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received");
}
@@ -444,12 +459,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
}
/* S: 220 Go ahead */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received, expected 220");
}
@@ -538,7 +553,6 @@ static void Usage(void)
#endif
printf("-B <num> Benchmark throughput using <num> bytes and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-t Track wolfSSL memory use\n");
printf("-d Disable peer checks\n");
printf("-D Override Date Errors example\n");
printf("-e List Every cipher suite available, \n");
@@ -601,6 +615,18 @@ static void Usage(void)
#endif
#ifdef HAVE_WNR
printf("-q <file> Whitewood config file, default %s\n", wnrConfig);
#endif
printf("-H Force use of the default cipher suite list\n");
#ifdef WOLFSSL_TLS13
printf("-J Use HelloRetryRequest to choose group for KE\n");
printf("-K Key Exchange for PSK not using (EC)DHE\n");
printf("-I Update keys and IVs before sending data\n");
#ifndef NO_DH
printf("-y Key Share with FFDHE named groups only\n");
#endif
#ifdef HAVE_ECC
printf("-Y Key Share with ECC named groups only\n");
#endif
#endif
}
@@ -693,6 +719,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_EXTENDED_MASTER
byte disableExtMasterSecret = 0;
#endif
#ifdef WOLFSSL_TLS13
int helloRetry = 0;
int onlyKeyShare = 0;
int noPskDheKe = 0;
#endif
int updateKeysIVs = 0;
#ifdef HAVE_OCSP
int useOcsp = 0;
@@ -730,14 +762,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)minDhKeyBits;
(void)alpnList;
(void)alpn_opt;
(void)updateKeysIVs;
StackTrap();
#ifndef WOLFSSL_VXWORKS
/* Not used: j, t, y, I, J, K, Q, Y */
/* Not used: j, t, Q */
while ((ch = mygetopt(argc, argv, "?"
"ab:c:defgh:ik:l:mnop:q:rsuv:wxz"
"A:B:CDE:F:GHL:M:NO:PRS:TUVW:XZ:")) != -1) {
"ab:c:defgh:ik:l:mnop:q:rsuv:wxyz"
"A:B:CDE:F:GHIJKL:M:NO:PRS:TUVW:XYZ:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -830,7 +863,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
if (version < 0 || version > 4) {
Usage();
exit(MY_EX_USAGE);
}
@@ -1007,6 +1040,35 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
break;
case 'J' :
#ifdef WOLFSSL_TLS13
helloRetry = 1;
#endif
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'I' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
@@ -1130,6 +1192,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
case 3:
method = wolfTLSv1_2_client_method();
break;
#ifdef WOLFSSL_TLS13
case 4:
method = wolfTLSv1_3_client_method();
break;
#endif
#endif
#ifdef WOLFSSL_DTLS
@@ -1405,6 +1472,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
wolfSSL_CTX_free(ctx);
@@ -1415,45 +1487,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_KeepArrays(ssl);
#endif
#if 0 /* all enabled and supported ECC curves will be added automatically */
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp256r1");
#ifdef WOLFSSL_TLS13
if (!helloRetry) {
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
err_sys("unable to use DH 2048-bit parameters");
}
#endif
}
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP384R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp384r1");
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= SSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
!= SSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
}
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP521R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp521r1");
}
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP224R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp224r1");
}
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP192R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp192r1");
}
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160R1)
!= SSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp160r1");
}
#endif
}
else {
wolfSSL_NoKeyShares(ssl);
}
#endif
#ifdef HAVE_SESSION_TICKET
@@ -1718,6 +1774,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, msg, msgSz);
@@ -1751,7 +1812,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
}
} while (err == WC_PENDING_E);
} while (err == WC_PENDING_E || err == SSL_ERROR_WANT_READ);
if (ret > 0) {
reply[ret] = 0;
printf("Server response: %s\n", reply);
@@ -1852,45 +1913,21 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
#if 0 /* all enabled and supported ECC curves will be added automatically */
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp256r1");
#ifdef WOLFSSL_TLS13
#ifdef HAVE_FFDHE_2048
if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
err_sys("unable to use DH 2048-bit parameters");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp384r1");
#endif
if (wolfSSL_UseKeyShare(sslResume,
WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp521r1");
if (wolfSSL_UseKeyShare(sslResume,
WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp224r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp192r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
!= SSL_SUCCESS) {
wolfSSL_free(sslResume);
wolfSSL_CTX_free(ctx);
err_sys("unable to set curve secp160r1");
}
#endif
#endif
#ifndef WOLFSSL_CALLBACKS
+42 -5
View File
@@ -304,7 +304,11 @@ static void Usage(void)
#endif
printf("-g Return basic HTML web page\n");
printf("-C <num> The number of connections to accept, default: 1\n");
printf("-U Force use of the default cipher suite list\n");
printf("-H Force use of the default cipher suite list\n");
#ifdef WOLFSSL_TLS13
printf("-K Key Exchange for PSK not using (EC)DHE\n");
printf("-U Update keys and IVs before sending\n");
#endif
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -386,6 +390,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
const char* wnrConfigFile = wnrConfig;
#endif
char buffer[CYASSL_MAX_ERROR_SZ];
#ifdef WOLFSSL_TLS13
int noPskDheKe = 0;
#endif
int updateKeysIVs = 0;
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
@@ -421,6 +429,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void)alpn_opt;
(void)crlFlags;
(void)readySignal;
(void)updateKeysIVs;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
@@ -429,10 +438,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
/* Not Used: h, m, t, x, y, z, F, J, K, M, Q, T, U, V, W, X, Y */
/* Not Used: h, m, t, x, y, z, F, J, M, Q, T, V, W, X, Y */
while ((ch = mygetopt(argc, argv, "?"
"abc:defgijk:l:nop:q:rsuv:w"
"A:B:C:D:E:GHIL:NO:PR:S:YZ:")) != -1) {
"A:B:C:D:E:GHIKL:NO:PR:S:UYZ:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -500,7 +509,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
if (version < 0 || version > 4) {
Usage();
exit(MY_EX_USAGE);
}
@@ -634,6 +643,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useWebServerMsg = 1;
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'U' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
@@ -696,6 +717,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
break;
#endif
#ifdef WOLFSSL_TLS13
case 4:
method = wolfTLSv1_3_server_method_ex;
break;
#endif
#ifdef CYASSL_DTLS
#ifndef NO_OLD_TLS
case -1:
@@ -914,6 +941,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
while (1) {
/* allow resume option */
if (resumeCount > 1) {
@@ -1174,6 +1206,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
printf("Client message: %s\n", input);
}
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
#endif
/* Write data */
if (!useWebServerMsg) {
write_msg = msg;
@@ -1196,7 +1233,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif
}
} while (err == WC_PENDING_E);
} while (err == WC_PENDING_E || err == SSL_ERROR_WANT_WRITE);
if (ret != write_msg_sz) {
printf("SSL_write msg error %d, %s\n", err,
ERR_error_string(err, buffer));
+7 -2
View File
@@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_docdir}/wolfssl/README.txt
%{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.11
%{_libdir}/libwolfssl.so.11.0.0
%{_libdir}/libwolfssl.so.12
%{_libdir}/libwolfssl.so.12.0.0
%files devel
%defattr(-,root,root,-)
@@ -159,6 +159,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/openssl/rsa.h
%{_includedir}/cyassl/openssl/sha.h
%{_includedir}/cyassl/openssl/ssl.h
%{_includedir}/cyassl/openssl/ssl23.h
%{_includedir}/cyassl/openssl/stack.h
%{_includedir}/cyassl/openssl/ui.h
%{_includedir}/cyassl/openssl/x509.h
@@ -172,6 +173,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/callbacks.h
%{_includedir}/wolfssl/certs_test.h
%{_includedir}/wolfssl/crl.h
%{_includedir}/wolfssl/io.h
%{_includedir}/wolfssl/wolfcrypt/aes.h
%{_includedir}/wolfssl/wolfcrypt/cmac.h
%{_includedir}/wolfssl/wolfcrypt/arc4.h
@@ -264,6 +266,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/openssl/rsa.h
%{_includedir}/wolfssl/openssl/sha.h
%{_includedir}/wolfssl/openssl/ssl.h
%{_includedir}/wolfssl/openssl/ssl23.h
%{_includedir}/wolfssl/openssl/stack.h
%{_includedir}/wolfssl/openssl/ui.h
%{_includedir}/wolfssl/openssl/x509.h
@@ -277,6 +280,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/wolfssl.pc
%changelog
* Thu May 04 2017 Jacob Barthelmeh <jacob@wolfssl.com>
- Added header for wolfssl/io.h, wolfssl/openssl/ssl23.h, cyassl/openssl/ssl23.h
* Thu Feb 09 2017 Jacob Barthelmeh <jacob@wolfssl.com>
- Added header for wolfssl/wolfcrypt/wolfmath.h
* Fri Nov 11 2016 Jacob Barthelmeh <jacob@wolfssl.com>
+4
View File
@@ -62,6 +62,10 @@ dist_noinst_SCRIPTS+= scripts/openssl.test
endif
endif
if BUILD_TLS13
dist_noinst_SCRIPTS+= scripts/tls13.test
endif
EXTRA_DIST += scripts/testsuite.pcap \
scripts/ping.test
+312
View File
@@ -0,0 +1,312 @@
#!/bin/sh
# tls13.test
# copyright wolfSSL 2016
# getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite
# use server port zero hack to get one
port=0
no_pid=-1
server_pid=$no_pid
counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_psk_ready$$
echo "ready file $ready_file"
create_port() {
while [ ! -s $ready_file -a "$counter" -lt 50 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
# get created port 0 ephemeral port
port=`cat $ready_file`
else
echo -e "NO ready file ending test..."
do_cleanup
fi
}
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
do_cleanup() {
echo "in cleanup"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
echo "got trap"
do_cleanup
exit -1
}
trap do_trap INT TERM
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# Usual TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 not enabled"
do_cleanup
exit 1
fi
echo ""
# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 HelloRetryRequest"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -J -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 HelloRetryRequest not working"
do_cleanup
exit 1
fi
echo ""
# Resumption TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 resumption"
port=0
./examples/server/server -v 4 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 resumption not working"
do_cleanup
exit 1
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client and ECC certificates.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC certificates"
port=0
./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -A certs/server-ecc.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 ECC certificates not working"
do_cleanup
exit 1
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client and DH Key.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - DH Key Exchange"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -y -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 DH Key Exchange not working"
do_cleanup
exit 1
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client and ECC Key.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC Key Exchange"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -Y -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 ECDH Key Exchange not working"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suites"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - only TLS v1.3"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-GCM SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-GCM SHA-256"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES256-GCM SHA-384"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES256-GCM-SHA384 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES256-GCM SHA-384"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - CHACHA20-POLY1305 SHA-256"
do_cleanup
exit 1
fi
echo ""
./examples/client/client -v 4 -e 2>&1 | grep -- '-CCM'
if [ $? -eq 0 ]; then
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM SHA-256"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM-8 SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-8-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM-8 SHA-256"
do_cleanup
exit 1
fi
echo ""
fi
# TLS 1.3 server / TLS 1.2 client.
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
# TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client downgrading to TLS v1.2"
port=0
./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data.
echo -e "\n\nTLS v1.3 KeyUpdate"
port=0
./examples/server/server -v 4 -U -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -I -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 KeyUpdate"
do_cleanup
exit 1
fi
echo ""
echo -e "\nALL Tests Passed"
exit 0
+2 -1
View File
@@ -262,7 +262,8 @@ src_libwolfssl_la_SOURCES += \
src/io.c \
src/keys.c \
src/ssl.c \
src/tls.c
src/tls.c \
src/tls13.c
if BUILD_OCSP
src_libwolfssl_la_SOURCES += src/ocsp.c
+991 -416
View File
File diff suppressed because it is too large Load Diff
+41 -15
View File
@@ -1024,45 +1024,72 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
char reqSzStr[6];
char* req = (char*)buf;
const char* blankStr = " ";
const char* http11Str = " HTTP/1.1";
const char* hostStr = "\r\nHost: ";
const char* contentLenStr = "\r\nContent-Length: ";
const char* contentTypeStr = "\r\nContent-Type: ";
const char* doubleCrLfStr = "\r\n\r\n";
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
contentTypeStrLen, doubleCrLfStrLen;
reqTypeLen = (word32)XSTRLEN(reqType);
domainNameLen = (word32)XSTRLEN(domainName);
reqSzStrLen = wolfIO_Word16ToString(reqSzStr, (word16)reqSz);
contentTypeLen = (word32)XSTRLEN(contentType);
/* determine max length */
maxLen = reqTypeLen + domainNameLen + pathLen + reqSzStrLen + contentTypeLen + 56;
blankStrLen = (word32)XSTRLEN(blankStr);
http11StrLen = (word32)XSTRLEN(http11Str);
hostStrLen = (word32)XSTRLEN(hostStr);
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
/* determine max length and check it */
maxLen =
reqTypeLen +
blankStrLen +
pathLen +
http11StrLen +
hostStrLen +
domainNameLen +
contentLenStrLen +
reqSzStrLen +
contentTypeStrLen +
contentTypeLen +
doubleCrLfStrLen +
1 /* null term */;
if (maxLen > (word32)bufSize)
return 0;
XSTRNCPY((char*)buf, reqType, reqTypeLen);
buf += reqTypeLen;
XSTRNCPY((char*)buf, " ", 1);
buf += 1;
XSTRNCPY((char*)buf, blankStr, blankStrLen+1);
buf += blankStrLen;
XSTRNCPY((char*)buf, path, pathLen);
buf += pathLen;
XSTRNCPY((char*)buf, " HTTP/1.1", 9);
buf += 9;
XSTRNCPY((char*)buf, http11Str, http11StrLen+1);
buf += http11StrLen;
if (domainNameLen > 0) {
XSTRNCPY((char*)buf, "\r\nHost: ", 8);
buf += 8;
XSTRNCPY((char*)buf, hostStr, hostStrLen+1);
buf += hostStrLen;
XSTRNCPY((char*)buf, domainName, domainNameLen);
buf += domainNameLen;
}
if (reqSz > 0 && reqSzStrLen > 0) {
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
buf += 18;
XSTRNCPY((char*)buf, contentLenStr, contentLenStrLen+1);
buf += contentLenStrLen;
XSTRNCPY((char*)buf, reqSzStr, reqSzStrLen);
buf += reqSzStrLen;
}
if (contentTypeLen > 0) {
XSTRNCPY((char*)buf, "\r\nContent-Type: ", 16);
buf += 16;
XSTRNCPY((char*)buf, contentTypeStr, contentTypeStrLen+1);
buf += contentTypeStrLen;
XSTRNCPY((char*)buf, contentType, contentTypeLen);
buf += contentTypeLen;
}
XSTRNCPY((char*)buf, "\r\n\r\n", 4);
buf += 4;
XSTRNCPY((char*)buf, doubleCrLfStr, doubleCrLfStrLen+1);
buf += doubleCrLfStrLen;
#ifdef WOLFIO_DEBUG
printf("HTTP %s: %s", reqType, req);
@@ -1221,7 +1248,6 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz)
domainName = (char*)XMALLOC(MAX_URL_ITEM_SIZE, crl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (domainName == NULL) {
XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
+112 -8
View File
@@ -1053,8 +1053,109 @@ int SetCipherSpecs(WOLFSSL* ssl)
return UNSUPPORTED_SUITE;
} /* switch */
} /* if */
if (ssl->options.cipherSuite0 != ECC_BYTE &&
ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
/* TLSi v1.3 cipher suites, 0x13 */
if (ssl->options.cipherSuite0 == TLS13_BYTE) {
switch (ssl->options.cipherSuite) {
#ifdef WOLFSSL_TLS13
#ifdef BUILD_TLS_AES_128_GCM_SHA256
case TLS_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = 0;
ssl->specs.sig_algo = 0;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_NONCE_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_AES_256_GCM_SHA384
case TLS_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = 0;
ssl->specs.sig_algo = 0;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_NONCE_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
case TLS_CHACHA20_POLY1305_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = 0;
ssl->specs.sig_algo = 0;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
ssl->options.oldPoly = 0; /* use recent padding RFC */
break;
#endif
#ifdef BUILD_TLS_AES_128_CCM_SHA256
case TLS_AES_128_CCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = 0;
ssl->specs.sig_algo = 0;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_NONCE_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_AES_128_CCM_8_SHA256
case TLS_AES_128_CCM_8_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = 0;
ssl->specs.sig_algo = 0;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_NONCE_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
#endif
#endif /* WOLFSSL_TLS13 */
}
}
if (ssl->options.cipherSuite0 != ECC_BYTE &&
ssl->options.cipherSuite0 != CHACHA_BYTE &&
ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
switch (ssl->options.cipherSuite) {
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
@@ -1993,8 +2094,11 @@ int SetCipherSpecs(WOLFSSL* ssl)
#ifndef NO_TLS
ssl->options.tls = 1;
ssl->hmac = TLS_hmac;
if (ssl->version.minor >= 2)
if (ssl->version.minor >= 2) {
ssl->options.tls1_1 = 1;
if (ssl->version.minor >= 4)
ssl->options.tls1_3 = 1;
}
#endif
}
@@ -2278,7 +2382,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (enc->des3 == NULL)
return MEMORY_E;
XMEMSET(enc->des3, 0, sizeof(Aes));
XMEMSET(enc->des3, 0, sizeof(Des3));
}
if (dec) {
if (dec->des3 == NULL)
@@ -2452,14 +2556,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
AESGCM_IMP_IV_SZ);
AEAD_MAX_IMP_SZ);
}
if (dec) {
gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
AESGCM_IMP_IV_SZ);
AEAD_MAX_IMP_SZ);
}
}
else {
@@ -2468,14 +2572,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
AESGCM_IMP_IV_SZ);
AEAD_MAX_IMP_SZ);
}
if (dec) {
gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
AESGCM_IMP_IV_SZ);
AEAD_MAX_IMP_SZ);
}
}
if (enc)
+34 -15
View File
@@ -110,9 +110,9 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
}
static int xstat2err(int stat)
static int xstat2err(int st)
{
switch (stat) {
switch (st) {
case CERT_GOOD:
return 0;
case CERT_REVOKED:
@@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (ret != OCSP_INVALID_STATUS)
return ret;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
if (ret == 0) {
@@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
return ret;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
@@ -537,7 +537,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
if (cm == NULL)
return NULL;
ret = AllocDer(&derCert, issuer->derCert->length,
issuer->derCert->type, NULL);
if (ret == 0) {
@@ -556,8 +555,13 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
else
InitOcspRequest(certId, &cert, 0, NULL);
else {
ret = InitOcspRequest(certId, &cert, 0, NULL);
if (ret != 0) {
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
}
FreeDecodedCert(&cert);
}
@@ -608,7 +612,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
byte* p;
int len;
int dataAlloced = 0;
OcspResponse* ret;
OcspResponse* ret = NULL;
if (bio == NULL)
return NULL;
@@ -624,9 +628,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
long l;
i = XFTELL(bio->file);
if (i < 0)
return NULL;
XFSEEK(bio->file, 0, SEEK_END);
l = XFTELL(bio->file);
if (l < 0)
return NULL;
XFSEEK(bio->file, i, SEEK_SET);
/* check calulated length */
if (l - i <= 0)
return NULL;
data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL)
return NULL;
@@ -637,8 +650,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
else
return NULL;
p = data;
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
if (len > 0) {
p = data;
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
}
if (dataAlloced)
XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
@@ -687,8 +702,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
return NULL;
}
GetSequence(*data, &idx, &length, len);
(*data) += idx + length;
if (GetSequence(*data, &idx, &length, len) >= 0)
(*data) += idx + length;
return resp;
}
@@ -742,11 +757,15 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
DYNAMIC_TYPE_TMP_BUFFER);
bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (bs->status == NULL || bs->source == NULL) {
if (bs->status) XFREE(bs->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_OCSP_RESPONSE_free(bs);
bs = NULL;
}
XMEMCPY(bs->status, response->status, sizeof(CertStatus));
XMEMCPY(bs->source, response->source, response->maxIdx);
else {
XMEMCPY(bs->status, response->status, sizeof(CertStatus));
XMEMCPY(bs->source, response->source, response->maxIdx);
}
return bs;
}
@@ -765,7 +784,7 @@ OcspRequest* wolfSSL_OCSP_REQUEST_new(void)
void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
{
FreeOcspRequest(request);
XFREE(request, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(request, NULL, DYNAMIC_TYPE_OPENSSL);
}
int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
+10 -2
View File
@@ -1175,9 +1175,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
return -1;
}
ret = (int)XFREAD(loadBuf, fileSz, 1, file);
ret = (int)XFREAD(loadBuf, 1, fileSz, file);
XFCLOSE(file);
if (ret != fileSz) {
free(loadBuf);
return -1;
}
if (typeKey == SSL_FILETYPE_PEM) {
byte* saveBuf = (byte*)malloc(fileSz);
int saveBufSz = 0;
@@ -2208,6 +2213,9 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
case wolfssl_aes_gcm:
if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
{
/* scratch buffer, sniffer ignores auth tag*/
byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
byte nonce[AESGCM_NONCE_SZ];
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
@@ -2217,7 +2225,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AESGCM_NONCE_SZ,
NULL, 0,
authTag, sizeof(authTag),
NULL, 0) < 0) {
Trace(BAD_DECRYPT);
ret = -1;
+546 -184
View File
File diff suppressed because it is too large Load Diff
+2724 -51
View File
File diff suppressed because it is too large Load Diff
+5425
View File
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.10.4
Version: 3.11.0
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}
+37 -4
View File
@@ -373,8 +373,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
/* invalid ca file */
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
#ifndef WOLFSSL_TIRTOS
/* invalid path */
@@ -2031,7 +2032,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE))
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY)
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{
@@ -4108,7 +4109,39 @@ static void test_wolfSSL_BIO(void)
#endif
}
static void test_wolfSSL_DES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
WOLFSSL_DES_key_schedule key;
printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
/* Encrypt messages */
wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
/* Decrypt messages */
int ret1 = 0;
int ret2 = 0;
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret1,0);
wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret2,0);
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| wolfCrypt ASN
*----------------------------------------------------------------------------*/
@@ -4466,7 +4499,7 @@ void ApiTest(void)
test_wolfSSL_set_options();
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
test_wolfSSL_DES_ecb_encrypt();
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
/* wolfCrypt ASN tests */
+1
View File
@@ -20,6 +20,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-tls13.conf \
tests/test-qsh.conf \
tests/test-psk-no-id.conf \
tests/test-dtls.conf \
+10
View File
@@ -564,6 +564,16 @@ int SuiteTest(void)
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_TLS13
/* add TLSv13 extra suites */
strcpy(argv0[1], "tests/test-tls13.conf");
printf("starting TLSv13 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
+95
View File
@@ -0,0 +1,95 @@
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
# server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
# client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
# server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
# client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
-v 4
-l TLS13-CHACH20-POLY1305-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES256-GCM-SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-CCM-SHA256
-v 4
-l TLS13-AES128-CCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
-v 4
-l TLS13-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
+76 -22
View File
@@ -52,6 +52,11 @@
#else
#include <nio.h>
#endif
#elif defined(FREESCALE_KSDK_BM)
#include "fsl_debug_console.h"
#include "fsl_os_abstraction.h"
#undef printf
#define printf PRINTF
#else
#include <stdio.h>
#endif
@@ -592,12 +597,13 @@ static INLINE int bench_stats_sym_check(double start)
static void bench_stats_sym_finish(const char* desc, int doAsync, int count, double start)
{
double total, persec;
double total, persec = 0;
END_INTEL_CYCLES
total = current_time(0) - start;
persec = 1 / total * count;
if (count > 0)
persec = 1 / total * count;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
@@ -615,13 +621,19 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, dou
#endif
}
static void bench_stats_asym_finish(const char* algo, int strength,
/* declare here rather than creating a static function to avoid warning of not
* used in the case of something like a leanpsk only build */
void bench_stats_asym_finish(const char* algo, int strength,
const char* desc, int doAsync, int count, double start);
void bench_stats_asym_finish(const char* algo, int strength,
const char* desc, int doAsync, int count, double start)
{
double total, each, opsSec, milliEach;
double total, each = 0, opsSec, milliEach;
total = current_time(0) - start;
each = total / count; /* per second */
if (count > 0)
each = total / count; /* per second */
opsSec = count / total; /* ops/per second */
milliEach = each * 1000; /* milliseconds */
@@ -1315,7 +1327,11 @@ void bench_poly1305()
bench_stats_start(&count, &start);
do {
for (i = 0; i < numBlocks; i++) {
wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
if (ret != 0) {
printf("Poly1305Update failed: %d\n", ret);
break;
}
}
wc_Poly1305Final(&enc, mac);
count += i;
@@ -1570,7 +1586,7 @@ void bench_chacha(void)
void bench_chacha20_poly1305_aead(void)
{
double start;
int i, count;
int ret, i, count;
byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
XMEMSET(authTag, 0, sizeof(authTag));
@@ -1578,8 +1594,12 @@ void bench_chacha20_poly1305_aead(void)
bench_stats_start(&count, &start);
do {
for (i = 0; i < numBlocks; i++) {
wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
bench_plain, BENCH_SIZE, bench_cipher, authTag);
if (ret < 0) {
printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
break;
}
}
count += i;
} while (bench_stats_sym_check(start));
@@ -2110,14 +2130,14 @@ void bench_cmac(void)
double start;
int ret, i, count;
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
if (ret != 0) {
printf("InitCmac failed, ret = %d\n", ret);
return;
}
bench_stats_start(&count, &start);
do {
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
if (ret != 0) {
printf("InitCmac failed, ret = %d\n", ret);
return;
}
for (i = 0; i < numBlocks; i++) {
ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE);
if (ret != 0) {
@@ -2125,6 +2145,7 @@ void bench_cmac(void)
return;
}
}
/* Note: final force zero's the Cmac struct */
ret = wc_CmacFinal(&cmac, digest, &digestSz);
if (ret != 0) {
printf("CmacFinal failed, ret = %d\n", ret);
@@ -2281,7 +2302,9 @@ void bench_rsa(int doAsync)
}
#ifdef WC_RSA_BLINDING
wc_RsaSetRNG(&rsaKey[i], &rng);
ret = wc_RsaSetRNG(&rsaKey[i], &rng);
if (ret != 0)
goto exit;
#endif
/* decode the private key */
@@ -3014,11 +3037,24 @@ void bench_eccEncrypt(void)
int ret, i, count;
double start;
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
if (ret != 0) {
printf("wc_ecc_encrypt make key A failed: %d\n", ret);
return;
}
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
if (ret != 0) {
printf("wc_ecc_encrypt make key B failed: %d\n", ret);
wc_ecc_free(&userA);
return;
}
wc_ecc_make_key(&rng, keySize, &userA);
wc_ecc_make_key(&rng, keySize, &userB);
ret = wc_ecc_make_key(&rng, keySize, &userA);
if (ret != 0)
goto exit;
ret = wc_ecc_make_key(&rng, keySize, &userB);
if (ret != 0)
goto exit;
for (i = 0; i < (int)sizeof(msg); i++)
msg[i] = i;
@@ -3053,6 +3089,12 @@ exit_enc:
exit_dec:
bench_stats_asym_finish("ECC", keySize * 8, "decrypt", 0, count, start);
exit:
if (ret != 0) {
printf("bench_eccEncrypt failed! %d\n", ret);
}
/* cleanup */
wc_ecc_free(&userB);
wc_ecc_free(&userA);
@@ -3065,14 +3107,18 @@ void bench_curve25519KeyGen(void)
{
curve25519_key genKey;
double start;
int i, count;
int ret, i, count;
/* Key Gen */
bench_stats_start(&count, &start);
do {
for (i = 0; i < genTimes; i++) {
wc_curve25519_make_key(&rng, 32, &genKey);
ret = wc_curve25519_make_key(&rng, 32, &genKey);
wc_curve25519_free(&genKey);
if (ret != 0) {
printf("wc_curve25519_make_key failed: %d\n", ret);
break;
}
}
count += i;
} while (bench_stats_sym_check(start));
@@ -3098,7 +3144,8 @@ void bench_curve25519KeyAgree(void)
}
ret = wc_curve25519_make_key(&rng, 32, &genKey2);
if (ret != 0) {
printf("curve25519_make_key failed\n");
printf("curve25519_make_key failed: %d\n", ret);
wc_curve25519_free(&genKey);
return;
}
@@ -3109,7 +3156,7 @@ void bench_curve25519KeyAgree(void)
x = sizeof(shared);
ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x);
if (ret != 0) {
printf("curve25519_shared_secret failed\n");
printf("curve25519_shared_secret failed: %d\n", ret);
goto exit;
}
}
@@ -3288,6 +3335,13 @@ exit_ed_verify:
return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
}
#elif defined(FREESCALE_KSDK_BM)
double current_time(int reset)
{
return (double)OSA_TimeGetMsec() / 1000;
}
#elif defined(WOLFSSL_EMBOS)
#include "RTOS.h"
+2 -4
View File
@@ -2133,7 +2133,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int ret = 0;
CRYP_HandleTypeDef hcryp;
XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef));
/* load key into correct registers */
switch(aes->rounds) {
case 10: /* 128-bit key */
@@ -2148,8 +2148,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
default:
break;
}
XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef));
hcryp.Instance = CRYP;
hcryp.Init.DataType = CRYP_DATATYPE_8B;
hcryp.Init.pKey = (uint8_t*)aes->key;
@@ -4445,7 +4443,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
/* argument checks */
if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
authTag == NULL || authIn == NULL || authTagSz > AES_BLOCK_SIZE) {
authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
+106 -79
View File
@@ -729,7 +729,8 @@ static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
return ret;
if (*len > 0) {
if (input[*inOutIdx] == 0x00) {
/* remove leading zero, unless there is only one 0x00 byte */
if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
(*inOutIdx)++;
(*len)--;
@@ -985,6 +986,17 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
if (GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
/* extra sanity check that length is greater than 0 */
if (length <= 0) {
WOLFSSL_MSG("Error length was 0 in CheckBitString");
return BUFFER_E;
}
if (idx + 1 > maxIdx) {
WOLFSSL_MSG("Attempted buffer read larger than input buffer");
return BUFFER_E;
}
b = input[idx];
if (zeroBits && b != 0x00)
return ASN_EXPECT_0_E;
@@ -993,11 +1005,9 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
if (b != 0) {
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
return ASN_PARSE_E;
if (((input[idx + length - 1] >> b) & 0x01) != 0x01)
return ASN_PARSE_E;
}
idx++;
length--;
length--; /* length has been checked for greater than 0 */
*inOutIdx = idx;
if (len != NULL)
@@ -1049,19 +1059,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
if ((val >> 8) != 0) {
len = 2;
lastByte = val >> 8;
lastByte = (byte)(val >> 8);
}
else {
len = 1;
lastByte = val;
lastByte = (byte)val;
}
while (((lastByte >> unusedBits) & 0x01) == 0x00)
unusedBits++;
idx = SetBitString(len, unusedBits, output);
output[idx++] = val;
output[idx++] = val >> 8;
output[idx++] = (byte)val;
output[idx++] = (byte)(val >> 8);
return idx;
}
@@ -2144,11 +2154,11 @@ static int CheckAlgo(int first, int second, int* id, int* version)
switch (second) {
case 1:
*id = PBE_SHA1_RC4_128;
*version = PKCS12;
*version = PKCS12v1;
return 0;
case 3:
*id = PBE_SHA1_DES3;
*version = PKCS12;
*version = PKCS12v1;
return 0;
default:
return ALGO_ID_E;
@@ -2256,7 +2266,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
#endif
else if (version == PKCS12) {
else if (version == PKCS12v1) {
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
@@ -2302,7 +2312,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
Des dec;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12)
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION);
@@ -2322,7 +2332,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
Des3 dec;
byte* desIv = key + 24;
if (version == PKCS5v2 || version == PKCS12)
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
if (ret != 0) {
@@ -2371,56 +2381,63 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
int* algoID, void* heap)
{
word32 tmpIdx = 0;
#ifdef HAVE_ECC
#ifdef HAVE_ECC
ecc_key ecc;
#endif
#ifndef NO_RSA
#endif
#ifndef NO_RSA
RsaKey rsa;
#endif
#endif
if (algoID == NULL) {
return BAD_FUNC_ARG;
}
*algoID = 0;
#ifndef NO_RSA
wc_InitRsaKey(&rsa, heap);
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
*algoID = RSAk;
}
else {
WOLFSSL_MSG("Not RSA DER key");
}
wc_FreeRsaKey(&rsa);
#endif /* NO_RSA */
#ifdef HAVE_ECC
if (*algoID != RSAk) {
tmpIdx = 0;
wc_ecc_init_ex(&ecc, heap, INVALID_DEVID);
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
*algoID = ECDSAk;
/* sanity check on arguments */
if (curveOID == NULL || oidSz == NULL) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
/* now find oid */
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
#ifndef NO_RSA
if (wc_InitRsaKey(&rsa, heap) == 0) {
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
*algoID = RSAk;
}
else {
WOLFSSL_MSG("Not ECC DER key either");
WOLFSSL_MSG("Not RSA DER key");
}
wc_ecc_free(&ecc);
wc_FreeRsaKey(&rsa);
}
#endif /* HAVE_ECC */
else {
WOLFSSL_MSG("GetKeyOID wc_InitRsaKey failed");
}
#endif /* NO_RSA */
#ifdef HAVE_ECC
if (*algoID != RSAk) {
tmpIdx = 0;
if (wc_ecc_init_ex(&ecc, heap, INVALID_DEVID) == 0) {
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
*algoID = ECDSAk;
/* sanity check on arguments */
if (curveOID == NULL || oidSz == NULL) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
/* now find oid */
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
}
else {
WOLFSSL_MSG("Not ECC DER key either");
}
wc_ecc_free(&ecc);
}
else {
WOLFSSL_MSG("GetKeyOID wc_ecc_init_ex failed");
}
}
#endif /* HAVE_ECC */
/* if flag is not set then is neither RSA or ECC key that could be
* found */
@@ -3869,7 +3886,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
}
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int GetTimeString(byte* date, int format, char* buf, int len)
{
struct tm t;
@@ -4686,7 +4703,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(encodedSig, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
break;
}
@@ -6404,9 +6421,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
/* extra header information for encrypted key */
if (cipher_info != NULL) {
size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info);
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+2))
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+2);
XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
XSTRNCAT(header, "DEK-Info: ", 10);
XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen);
XSTRNCAT(header, "\n\n", 2);
}
@@ -7386,7 +7407,7 @@ static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
/* encode Subject Key Identifier, return total bytes written
* RFC5280 : non-critical */
static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
{
byte skid_len[1 + MAX_LENGTH_SZ];
byte skid_enc_len[MAX_LENGTH_SZ];
@@ -7437,27 +7458,26 @@ static int SetAKID(byte* output, word32 outSz,
{
byte *enc_val;
int ret, enc_valSz;
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04};
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
static const byte akid_cs[] = { 0x80 };
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap,
DYNAMIC_TYPE_TMP_BUFFER);
enc_valSz = length + 3 + sizeof(akid_cs);
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (enc_val == NULL)
return MEMORY_E;
/* sequence for ContentSpec & value */
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
akid_cs, sizeof(akid_cs), input, length);
if (enc_valSz == 0) {
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
input, length);
if (ret > 0) {
enc_valSz = ret;
ret = SetOidValue(output, outSz, akid_oid,
sizeof(akid_oid), enc_val, enc_valSz);
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
enc_val, enc_valSz);
}
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
@@ -7700,7 +7720,6 @@ int SetName(byte* output, word32 outputSz, CertName* name)
firstSz = SetObjectId(JOINT_LEN + 1, firstLen);
}
thisLen += firstSz;
thisLen++; /* object id */
seqSz = SetSequence(thisLen, sequence);
thisLen += seqSz;
@@ -7924,6 +7943,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
if (cert->skidSz > (int)sizeof(der->skid))
return SKID_E;
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and
cert (CTC_MAX_SKID_SIZE). */
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
cert->skid, cert->skidSz);
if (der->skidSz <= 0)
@@ -8645,9 +8666,11 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
heap = eccKey->heap;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (certSignCtx == NULL) {
return BAD_FUNC_ARG;
}
#endif
if (certSignCtx->sig == NULL) {
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
@@ -8984,6 +9007,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
/* Set KeyUsage from human readable string */
int wc_SetKeyUsage(Cert *cert, const char *value)
{
int ret = 0;
char *token, *str, *ptr;
word32 len;
@@ -9025,14 +9049,16 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
cert->keyUsage |= KEYUSE_ENCIPHER_ONLY;
else if (!XSTRNCASECMP(token, "decipherOnly", len))
cert->keyUsage |= KEYUSE_DECIPHER_ONLY;
else
return KEYUSAGE_E;
else {
ret = KEYUSAGE_E;
break;
}
token = XSTRTOK(NULL, ",", &ptr);
}
XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return ret;
}
#endif /* WOLFSSL_CERT_EXT */
@@ -9620,7 +9646,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
/* build DER formatted ECC key, include optional public key if requested,
* return length on success, negative on error */
static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
int public)
int pubIn)
{
byte curve[MAX_ALGO_SZ+2];
byte ver[MAX_VERSION_SZ];
@@ -9661,8 +9687,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
}
prvidx += privSz;
/* public */
if (public) {
/* pubIn */
if (pubIn) {
ret = wc_ecc_export_x963(key, NULL, &pubSz);
if (ret != LENGTH_ONLY_E) {
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9681,8 +9707,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx);
else /* leading zero */
pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx);
/* SetBitString adds leading zero */
pubidx += SetBitString(pubSz, 0, pub + pubidx);
pub[pubidx++] = (byte)0; /* leading zero */
ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
if (ret != 0) {
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9699,7 +9726,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
if (totalSz > (int)inLen) {
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (public) {
if (pubIn) {
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return BAD_FUNC_ARG;
@@ -9723,8 +9750,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
XMEMCPY(output + idx, curve, curveidx);
idx += curveidx;
/* public */
if (public) {
/* pubIn */
if (pubIn) {
XMEMCPY(output + idx, pub, pubidx);
/* idx += pubidx; not used after write, if more data remove comment */
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9879,7 +9906,7 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->thisDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->thisDate,
@@ -9900,7 +9927,7 @@ static int DecodeSingleResponse(byte* source,
idx++;
if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->nextDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->nextDate,
+442
View File
@@ -48,6 +48,448 @@
/* user's own math lib */
#endif
#ifdef HAVE_FFDHE_2048
static const byte dh_ffdhe2048_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe2048_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe2048_Get(void)
{
static const DhParams ffdhe2048 = {
dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
};
return &ffdhe2048;
}
#endif
#ifdef HAVE_FFDHE_3072
static const byte dh_ffdhe3072_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe3072_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe3072_Get(void)
{
static const DhParams ffdhe3072 = {
dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
};
return &ffdhe3072;
}
#endif
#ifdef HAVE_FFDHE_4096
static const byte dh_ffdhe4096_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe4096_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe4096_Get(void)
{
static const DhParams ffdhe4096 = {
dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
};
return &ffdhe4096;
}
#endif
#ifdef HAVE_FFDHE_6144
static const byte dh_ffdhe6144_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe6144_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe6144_Get(void)
{
static const DhParams ffdhe6144 = {
dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
};
return &ffdhe6144;
}
#endif
#ifdef HAVE_FFDHE_8192
static const byte dh_ffdhe8192_p[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const byte dh_ffdhe8192_g[] = { 0x02 };
const DhParams* wc_Dh_ffdhe8192_Get(void)
{
static const DhParams ffdhe8192 = {
dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
};
return &ffdhe8192;
}
#endif
int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
{
+24 -21
View File
@@ -1864,6 +1864,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
err = mp_copy(P->y, y);
if (err == MP_OKAY)
err = mp_copy(P->z, z);
if (err != MP_OKAY) {
goto done;
}
#else
/* Use destination directly */
x = P->x;
@@ -1871,10 +1875,6 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
z = P->z;
#endif
if (err != MP_OKAY) {
goto done;
}
/* first map z back to normal */
err = mp_montgomery_reduce(z, modulus, mp);
@@ -1913,10 +1913,11 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
err = mp_copy(y, P->y);
if (err == MP_OKAY)
err = mp_copy(z, P->z);
#endif
done:
/* clean up */
#endif
/* clean up */
mp_clear(&t1);
mp_clear(&t2);
@@ -3883,12 +3884,12 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
siglen The length of the signature (octets)
hash The hash (message digest) that was signed
hashlen The length of the hash (octets)
stat Result of signature, 1==valid, 0==invalid
res Result of signature, 1==valid, 0==invalid
key The corresponding public ECC key
return MP_OKAY if successful (even if the signature is not valid)
*/
int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* stat, ecc_key* key)
word32 hashlen, int* res, ecc_key* key)
{
int err;
mp_int *r = NULL, *s = NULL;
@@ -3898,7 +3899,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
s = &s_lcl;
#endif
if (sig == NULL || hash == NULL || stat == NULL || key == NULL) {
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
return ECC_BAD_ARG_E;
}
@@ -3908,7 +3909,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
key->state = ECC_STATE_VERIFY_DECODE;
/* default to invalid signature */
*stat = 0;
*res = 0;
/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
* If either of those don't allocate correctly, none of
@@ -3928,7 +3929,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
case ECC_STATE_VERIFY_DO:
key->state = ECC_STATE_VERIFY_DO;
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, stat, key);
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);
if (err < 0) {
break;
}
@@ -3974,12 +3975,12 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
s The signature S component to verify
hash The hash (message digest) that was signed
hashlen The length of the hash (octets)
stat Result of signature, 1==valid, 0==invalid
res Result of signature, 1==valid, 0==invalid
key The corresponding public ECC key
return MP_OKAY if successful (even if the signature is not valid)
*/
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* stat, ecc_key* key)
word32 hashlen, int* res, ecc_key* key)
{
int err;
#ifndef WOLFSSL_ATECC508A
@@ -3995,11 +3996,11 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
byte sigRS[ATECC_KEY_SIZE*2];
#endif
if (r == NULL || s == NULL || hash == NULL || stat == NULL || key == NULL)
if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL)
return ECC_BAD_ARG_E;
/* default to invalid signature */
*stat = 0;
*res = 0;
/* is the IDX valid ? */
if (wc_ecc_is_valid_idx(key->idx) != 1) {
@@ -4016,7 +4017,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
testDev->eccVerify.s = s;
testDev->eccVerify.hash = hash;
testDev->eccVerify.hashlen = hashlen;
testDev->eccVerify.stat = stat;
testDev->eccVerify.stat = res;
testDev->eccVerify.key = key;
return WC_PENDING_E;
}
@@ -4034,7 +4035,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
return err;
}
err = atcatls_verify(hash, sigRS, key->pubkey, (bool*)stat);
err = atcatls_verify(hash, sigRS, key->pubkey, (bool*)res);
if (err != ATCA_SUCCESS) {
return BAD_COND_E;
}
@@ -4087,7 +4088,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
err = IntelQaEcdsaVerify(&key->asyncDev, &e.raw, &key->pubkey.x->raw,
&key->pubkey.y->raw, &r->raw, &s->raw, &curve->Af->raw,
&curve->Bf->raw, &curve->prime->raw, &curve->order->raw,
&curve->Gx->raw, &curve->Gy->raw, stat);
&curve->Gx->raw, &curve->Gy->raw, res);
mp_clear(&e);
@@ -4187,7 +4188,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* does v == r */
if (err == MP_OKAY) {
if (mp_cmp(&v, r) == MP_EQ)
*stat = 1;
*res = 1;
}
/* cleanup */
@@ -6132,8 +6133,6 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
if (err != MP_OKAY)
break;
for (y = 0; y < (1UL<<FP_LUT); y++) {
if (err != MP_OKAY)
break;
if (lut_orders[y].ham != (int)x) continue;
/* perform the add */
@@ -6562,9 +6561,13 @@ done:
mp_clear(&tka);
mp_clear(&order);
#ifdef WOLFSSL_SMALL_STACK
if (kb[0])
#endif
ForceZero(kb[0], KB_SIZE);
#ifdef WOLFSSL_SMALL_STACK
if (kb[1])
#endif
ForceZero(kb[1], KB_SIZE);
#ifdef WOLFSSL_SMALL_STACK
+6 -6
View File
@@ -207,11 +207,11 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
siglen is the length of sig byte array
msg the array of bytes containing the message
msglen length of msg array
stat will be 1 on successful verify and 0 on unsuccessful
return 0 and stat of 1 on success
res will be 1 on successful verify and 0 on unsuccessful
return 0 and res of 1 on success
*/
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key)
word32 msglen, int* res, ed25519_key* key)
{
byte rcheck[ED25519_KEY_SIZE];
byte h[SHA512_DIGEST_SIZE];
@@ -223,11 +223,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
Sha512 sha;
/* sanity check on arguments */
if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
if (sig == NULL || msg == NULL || res == NULL || key == NULL)
return BAD_FUNC_ARG;
/* set verification failed by default */
*stat = 0;
*res = 0;
/* check on basics needed to verify signature */
if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
@@ -279,7 +279,7 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
return SIG_VERIFY_E;
/* set the verification status */
*stat = 1;
*res = 1;
return ret;
}
+26 -22
View File
@@ -60,7 +60,7 @@ WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void)
WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ctx){
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
}
return ctx;
@@ -172,15 +172,17 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in, int inl)
{
int ret = 0;
switch (ctx->cipherType) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
if (ctx->enc)
wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
else
wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
@@ -198,43 +200,45 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
if (ctx->enc)
wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
else
wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
if (ctx->enc)
wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
else
wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_CBC_TYPE:
if (ctx->enc)
wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
else
wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
break;
#if defined(WOLFSSL_DES_ECB)
case DES_ECB_TYPE:
wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_ECB_TYPE:
if (ctx->enc)
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
else
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
break;
#endif
#endif
#endif /* WOLFSSL_DES_ECB */
#endif /* !NO_DES3 */
default:
return 0;
}
(void)in;
(void)inl;
(void)out;
return 1;
}
if (ret != 0)
return 0; /* failure */
(void)in;
(void)inl;
(void)out;
return 1; /* success */
}
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
@@ -327,7 +331,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
int fl ;
if (ctx == NULL) return BAD_FUNC_ARG;
if (ctx == NULL || out == NULL) return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
*outl = 0;
+99 -65
View File
@@ -788,40 +788,25 @@ int wolfSSL_GetHmacMaxSize(void)
}
#ifdef HAVE_HKDF
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz)
/* HMAC-KDF-Extract.
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
* type The hash algorithm type.
* salt The optional salt value.
* saltSz The size of the salt.
* inKey The input keying material.
* inKeySz The size of the input keying material.
* out The pseudorandom key with the length that of the hash.
* returns 0 on success, otherwise failure.
*/
int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out)
{
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper */
Hmac myHmac;
#ifdef WOLFSSL_SMALL_STACK
byte* tmp;
byte* prk;
#else
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
byte prk[MAX_DIGEST_SIZE];
#endif
int ret;
const byte* localSalt; /* either points to user input or tmp */
int hashSz = wc_HmacSizeByType(type);
word32 outIdx = 0;
byte n = 0x1;
int ret;
if (hashSz < 0)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return MEMORY_E;
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (prk == NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
localSalt = salt;
if (localSalt == NULL) {
@@ -834,45 +819,94 @@ int wolfSSL_GetHmacMaxSize(void)
if (ret == 0)
ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
if (ret == 0)
ret = wc_HmacFinal(&myHmac, prk);
if (ret == 0) {
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
ret = wc_HmacSetKey(&myHmac, type, prk, hashSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, info, infoSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, &n, 1);
if (ret != 0)
break;
ret = wc_HmacFinal(&myHmac, tmp);
if (ret != 0)
break;
left = min(left, (word32)hashSz);
XMEMCPY(out+outIdx, tmp, left);
outIdx += hashSz;
n++;
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ret = wc_HmacFinal(&myHmac, out);
return ret;
}
/* HMAC-KDF-Expand.
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
* type The hash algorithm type.
* inKey The input key.
* inKeySz The size of the input key.
* info The application specific information.
* infoSz The size of the application specific information.
* out The output keying material.
* returns 0 on success, otherwise failure.
*/
int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz, byte* out, word32 outSz)
{
byte tmp[MAX_DIGEST_SIZE];
Hmac myHmac;
int ret = 0;
word32 outIdx = 0;
word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1;
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, info, infoSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, &n, 1);
if (ret != 0)
break;
ret = wc_HmacFinal(&myHmac, tmp);
if (ret != 0)
break;
left = min(left, hashSz);
XMEMCPY(out+outIdx, tmp, left);
outIdx += hashSz;
n++;
}
return ret;
}
/* HMAC-KDF.
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
* type The hash algorithm type.
* inKey The input keying material.
* inKeySz The size of the input keying material.
* salt The optional salt value.
* saltSz The size of the salt.
* info The application specific information.
* infoSz The size of the application specific information.
* out The output keying material.
* returns 0 on success, otherwise failure.
*/
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz)
{
byte prk[MAX_DIGEST_SIZE];
int hashSz = wc_HmacSizeByType(type);
int ret;
if (hashSz < 0)
return BAD_FUNC_ARG;
ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk);
if (ret != 0)
return ret;
return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz);
}
#endif /* HAVE_HKDF */
#endif /* HAVE_FIPS */
+17 -32
View File
@@ -161,7 +161,7 @@ void WOLFSSL_MSG(const char* msg)
}
void WOLFSSL_BUFFER(byte* buffer, word32 length)
void WOLFSSL_BUFFER(const byte* buffer, word32 length)
{
#define LINE_LEN 16
@@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
* mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function
* name where WOLFSSL_ERROR is called at.
*/
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
@@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error)
}
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Internal function that is called by wolfCrypt_Init() */
@@ -286,25 +286,10 @@ int wc_LoggingInit(void)
/* internal function that is called by wolfCrypt_Cleanup */
int wc_LoggingCleanup(void)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
/* clear logging entries */
wc_ClearErrorNodes();
/* free all nodes from error queue */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
}
wc_UnLockMutex(&debug_mutex);
/* free mutex */
if (wc_FreeMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Bad Mutex free");
return BAD_MUTEX_E;
@@ -313,10 +298,10 @@ int wc_LoggingCleanup(void)
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* peek at an error node
*
* index : if -1 then the most recent node is looked at, otherwise search
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
* file : pointer to internal file string
* reason : pointer to internal error reason
@@ -325,7 +310,7 @@ int wc_LoggingCleanup(void)
* Returns a negative value in error case, on success returns the nodes error
* value which is positve (absolute value)
*/
int wc_PeekErrorNode(int index, const char **file, const char **reason,
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
int *line)
{
struct wc_error_queue* err;
@@ -335,7 +320,7 @@ int wc_PeekErrorNode(int index, const char **file, const char **reason,
return BAD_MUTEX_E;
}
if (index < 0) {
if (idx < 0) {
err = wc_last_node;
if (err == NULL) {
WOLFSSL_MSG("No Errors in queue");
@@ -347,7 +332,7 @@ int wc_PeekErrorNode(int index, const char **file, const char **reason,
int i;
err = (struct wc_error_queue*)wc_errors;
for (i = 0; i < index; i++) {
for (i = 0; i < idx; i++) {
if (err == NULL) {
WOLFSSL_MSG("Error node not found. Bad index?");
wc_UnLockMutex(&debug_mutex);
@@ -441,10 +426,10 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
}
/* Removes the error node at the specified index.
* index : if -1 then the most recent node is looked at, otherwise search
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
*/
void wc_RemoveErrorNode(int index)
void wc_RemoveErrorNode(int idx)
{
struct wc_error_queue* current;
@@ -453,11 +438,11 @@ void wc_RemoveErrorNode(int index)
return;
}
if (index == -1)
if (idx == -1)
current = wc_last_node;
else {
current = (struct wc_error_queue*)wc_errors;
for (; current != NULL && index > 0; index--)
for (; current != NULL && idx > 0; idx--)
current = current->next;
}
if (current != NULL) {
@@ -473,6 +458,8 @@ void wc_RemoveErrorNode(int index)
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
/* Clears out the list of error nodes.
*/
void wc_ClearErrorNodes(void)
@@ -499,8 +486,6 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
int wc_SetLoggingHeap(void* h)
{
+1 -1
View File
@@ -360,7 +360,7 @@ int wc_Md5Update(Md5* md5, const byte* data, word32 len)
local = (byte*)md5->buffer;
/* check that internal buffLen is valid */
if (md5->buffLen > MD5_BLOCK_SIZE)
if (md5->buffLen >= MD5_BLOCK_SIZE)
return BUFFER_E;
while (len) {
+941 -230
View File
File diff suppressed because it is too large Load Diff
+12 -10
View File
@@ -592,19 +592,21 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
return BAD_FUNC_ARG;
}
if (additional == NULL && addSz > 0) {
return BAD_FUNC_ARG;
}
/* additional allowed to be 0 */
if (addSz > 0) {
if (additional == NULL)
return BAD_FUNC_ARG;
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
return ret;
}
}
}
/* input plus padding */
+4 -4
View File
@@ -656,7 +656,7 @@ static void scryptSalsa(word32* out, word32* in)
out[i] = in[i] + x[i];
#else
for (i = 0; i < 16; i++)
out[i] = ByteReverseWord32(in[i] + x[i]);
out[i] = ByteReverseWord32(ByteReverseWord32(in[i]) + x[i]);
#endif
}
@@ -806,15 +806,15 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
bSz = 128 * blockSize;
blocksSz = bSz * parallel;
blocks = XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (blocks == NULL)
goto end;
/* Temporary for scryptROMix. */
v = XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (v == NULL)
goto end;
/* Temporary for scryptBlockMix. */
y = XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (y == NULL)
goto end;
+11 -12
View File
@@ -209,7 +209,7 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
int ret;
int ret = DRBG_FAILURE;
byte ctr;
int i;
int len;
@@ -257,9 +257,8 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
wc_Sha256Free(&sha);
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
@@ -342,8 +341,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
ret = wc_Sha256Update(&sha, data, sizeof(data));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
if (ret == 0)
wc_Sha256Free(&sha);
wc_Sha256Free(&sha);
if (ret == 0) {
XMEMCPY(&checkBlock, digest, sizeof(word32));
@@ -363,14 +361,14 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
drbg->lastBlock = checkBlock;
}
if (out != NULL) {
if (out != NULL && outSz != 0) {
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else if (out != NULL && outSz != 0) {
else {
XMEMCPY(out, digest, outSz);
outSz = 0;
}
@@ -430,8 +428,8 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
if (ret == 0)
wc_Sha256Free(&sha);
wc_Sha256Free(&sha);
if (ret == 0) {
array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE);
@@ -533,7 +531,8 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
/* configure async RNG source if available */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, devId);
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
rng->heap, rng->devId);
if (ret != 0)
return ret;
#endif
@@ -612,7 +611,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
return NitroxRngGenerateBlock(rng, output, sz);
}
#endif
@@ -687,7 +686,7 @@ int wc_FreeRng(WC_RNG* rng)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfAsync_DevCtxFree(&rng->asyncDev);
wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
#endif
#ifdef HAVE_HASHDRBG
+144 -23
View File
@@ -261,7 +261,7 @@ int wc_FreeRsaKey(RsaKey* key)
}
#ifndef WC_NO_RSA_OAEP
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
/* Uses MGF1 standard as a mask generation function
hType: hash type used
seed: seed to use for generating mask
@@ -572,6 +572,50 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
#endif /* !WC_NO_RSA_OAEP */
#ifdef WC_RSA_PSS
static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, WC_RNG* rng, enum wc_HashType hType, int mgf,
void* heap)
{
int ret;
int hLen, i;
byte* s;
byte* m;
byte* h;
byte salt[WC_MAX_DIGEST_SIZE];
hLen = wc_HashGetDigestSize(hType);
if (hLen < 0)
return hLen;
s = m = pkcsBlock;
XMEMSET(m, 0, 8);
m += 8;
XMEMCPY(m, input, inputLen);
m += inputLen;
if ((ret = wc_RNG_GenerateBlock(rng, salt, hLen)) != 0)
return ret;
XMEMCPY(m, salt, hLen);
m += hLen;
h = pkcsBlock + pkcsBlockLen - 1 - hLen;
if ((ret = wc_Hash(hType, s, (word32)(m - s), h, hLen)) != 0)
return ret;
pkcsBlock[pkcsBlockLen - 1] = 0xbc;
ret = RsaMGF(mgf, h, hLen, pkcsBlock, pkcsBlockLen - hLen - 1, heap);
if (ret != 0)
return ret;
pkcsBlock[0] &= 0x7f;
m = pkcsBlock + pkcsBlockLen - 1 - hLen - hLen - 1;
*(m++) ^= 0x01;
for (i = 0; i < hLen; i++)
m[i] ^= salt[i];
return 0;
}
#endif
static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
@@ -635,16 +679,25 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
case WC_RSA_PKCSV15_PAD:
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
padValue, rng);
padValue, rng);
break;
#ifndef WC_NO_RSA_OAEP
case WC_RSA_OAEP_PAD:
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
ret = RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen,
padValue, rng, hType, mgf, optLabel, labelLen, heap);
padValue, rng, hType, mgf, optLabel, labelLen, heap);
break;
#endif
#ifdef WC_RSA_PSS
case WC_RSA_PSS_PAD:
WOLFSSL_MSG("wolfSSL Using RSA PSS padding");
ret = RsaPad_PSS(input, inputLen, pkcsBlock, pkcsBlockLen,
rng, hType, mgf, heap);
break;
#endif
default:
WOLFSSL_MSG("Unknown RSA Pad Type");
ret = RSA_PAD_E;
@@ -748,6 +801,53 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
#endif /* WC_NO_RSA_OAEP */
#ifdef WC_RSA_PSS
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, enum wc_HashType hType, int mgf,
void* heap)
{
int ret;
byte* tmp;
int hLen, i;
hLen = wc_HashGetDigestSize(hType);
if (hLen < 0)
return hLen;
if (pkcsBlock[pkcsBlockLen - 1] != 0xbc)
return BAD_PADDING_E;
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen,
tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
tmp[0] &= 0x7f;
for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) {
if (tmp[i] != pkcsBlock[i]) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_PADDING_E;
}
}
if (tmp[i] != (pkcsBlock[i] ^ 0x01)) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_PADDING_E;
}
for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++)
pkcsBlock[i] ^= tmp[i];
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
*output = pkcsBlock + i;
return hLen;
}
#endif
/* UnPad plaintext, set start to *output, return length of plaintext,
* < 0 on error */
@@ -817,6 +917,14 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
break;
#endif
#ifdef WC_RSA_PSS
case WC_RSA_PSS_PAD:
WOLFSSL_MSG("wolfSSL Using RSA PSS un-padding");
ret = RsaUnPad_PSS((byte*)pkcsBlock, pkcsBlockLen, out, hType, mgf,
heap);
break;
#endif
default:
WOLFSSL_MSG("Unknown RSA UnPad Type");
ret = RSA_PAD_E;
@@ -1105,7 +1213,8 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD or
WC_RSA_PSS_PAD
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
mgf : type of mask generation function to use
label : optional label
@@ -1146,17 +1255,15 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
/* Async operations that include padding */
if (rsa_type == RSA_PUBLIC_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_ENCRYPT_EXPTMOD;
key->state = RSA_STATE_ENCRYPT_RES;
key->dataLen = key->n.raw.len;
ret = NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
break;
return NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
}
else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
key->state = RSA_STATE_ENCRYPT_EXPTMOD;
key->state = RSA_STATE_ENCRYPT_RES;
key->dataLen = key->n.raw.len;
ret = NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
break;
return NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
}
}
#endif
@@ -1214,7 +1321,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD
WC_RSA_PSS_PAD
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
mgf : type of mask generation function to use
label : optional label
@@ -1235,29 +1343,25 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
case RSA_STATE_NONE:
case RSA_STATE_DECRYPT_EXPTMOD:
key->state = RSA_STATE_DECRYPT_EXPTMOD;
key->dataLen = inLen;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
/* Async operations that include padding */
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
key->dataLen = 0;
if (rsa_type == RSA_PRIVATE_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_DECRYPT_UNPAD;
key->state = RSA_STATE_DECRYPT_RES;
key->data = NULL;
ret = NitroxRsaPrivateDecrypt(in, inLen, out, outLen, key);
if (ret > 0) {
if (outPtr)
*outPtr = in;
}
break;
if (outPtr)
*outPtr = in;
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen, key);
}
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
key->state = RSA_STATE_DECRYPT_UNPAD;
key->state = RSA_STATE_DECRYPT_RES;
key->data = NULL;
ret = NitroxRsaSSL_Verify(in, inLen, out, outLen, key);
break;
return NitroxRsaSSL_Verify(in, inLen, out, &key->dataLen, key);
}
}
#endif
@@ -1269,7 +1373,6 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
}
/* if not doing this inline then allocate a buffer for it */
key->dataLen = inLen;
if (outPtr == NULL) {
key->data = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
key->dataIsAlloc = 1;
@@ -1324,6 +1427,11 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
/* return event ret */
ret = key->asyncDev.event.ret;
if (ret == 0) {
/* convert result */
byte* dataLen = (byte*)&key->dataLen;
ret = (dataLen[0] << 8) | (dataLen[1]);
}
}
#endif
break;
@@ -1448,6 +1556,19 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
}
#ifdef WC_RSA_PSS
int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf, RsaKey* key)
{
WC_RNG* rng = NULL;
#ifdef WC_RSA_BLINDING
rng = key->rng;
#endif
return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD,
hash, mgf, NULL, 0, rng);
}
#endif
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, WC_RNG* rng)
+1 -1
View File
@@ -450,7 +450,7 @@ int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
#endif /* WOLFSSL_ASYNC_CRYPT */
/* check that internal buffLen is valid */
if (sha->buffLen > SHA_BLOCK_SIZE)
if (sha->buffLen >= SHA_BLOCK_SIZE)
return BUFFER_E;
while (len) {
+1 -1
View File
@@ -522,7 +522,7 @@ static int InitSha256(Sha256* sha256)
local = (byte*)sha256->buffer;
/* check that internal buffLen is valid */
if (sha256->buffLen > SHA256_BLOCK_SIZE)
if (sha256->buffLen >= SHA256_BLOCK_SIZE)
return BUFFER_E;
SAVE_XMM_YMM; /* for Intel AVX */
+1 -1
View File
@@ -560,7 +560,7 @@ static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
}
/* check that internal buffLen is valid */
if (sha512->buffLen > SHA512_BLOCK_SIZE)
if (sha512->buffLen >= SHA512_BLOCK_SIZE)
return BUFFER_E;
SAVE_XMM_YMM; /* for Intel AVX */
+6 -3
View File
@@ -349,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
/* Set k = H(N, g) */
r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
for (i = 0; (word32)i < nSz - gSz; i++)
SrpHashUpdate(&hash, &pad, 1);
for (i = 0; (word32)i < nSz - gSz; i++) {
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
}
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
if (!r) r = SrpHashFinal(&hash, srp->k);
@@ -552,6 +553,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
byte counter[4];
int r = BAD_FUNC_ARG;
XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->key == NULL)
return MEMORY_E;
@@ -568,7 +571,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
if (!r) r = SrpHashUpdate(&hash, secret, size);
if (!r) r = SrpHashUpdate(&hash, counter, 4);
if(j + digestSz > srp->keySz) {
if (j + digestSz > srp->keySz) {
if (!r) r = SrpHashFinal(&hash, digest);
XMEMCPY(srp->key + j, digest, srp->keySz - j);
j = srp->keySz;
+2
View File
@@ -2283,6 +2283,8 @@ void fp_free(fp_int* a)
/* clear one (frees) */
void mp_clear (mp_int * a)
{
if (a == NULL)
return;
fp_clear(a);
}
+54 -31
View File
@@ -74,17 +74,31 @@ int wolfCrypt_Init(void)
int ret = 0;
if (initRefCount == 0) {
WOLFSSL_ENTER("wolfCrypt_Init");
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_HardwareStart();
ret = wolfAsync_HardwareStart();
if (ret != 0) {
WOLFSSL_MSG("Async hardware start failed");
return ret;
}
#endif
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
InitMemoryTracker();
ret = InitMemoryTracker();
if (ret != 0) {
WOLFSSL_MSG("InitMemoryTracker failed");
return ret;
}
#endif
#if WOLFSSL_CRYPT_HW_MUTEX
/* If crypto hardware mutex protection is enabled, then initialize it */
wolfSSL_CryptHwMutexInit();
ret = wolfSSL_CryptHwMutexInit();
if (ret != 0) {
WOLFSSL_MSG("Hw crypt mutex init failed");
return ret;
}
#endif
/* if defined have fast RSA then initialize Intel IPP */
@@ -102,7 +116,11 @@ int wolfCrypt_Init(void)
#endif
#if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
ksdk_port_init();
ret = ksdk_port_init();
if (ret != 0) {
WOLFSSL_MSG("KSDK port init failed");
return ret;
}
#endif
#ifdef WOLFSSL_ATMEL
@@ -124,14 +142,14 @@ int wolfCrypt_Init(void)
}
#endif
#ifdef HAVE_ECC
#ifdef ECC_CACHE_CURVE
if ((ret = wc_ecc_curve_cache_init()) != 0) {
WOLFSSL_MSG("Error creating curve cache");
return ret;
}
#endif
#ifdef HAVE_ECC
#ifdef ECC_CACHE_CURVE
if ((ret = wc_ecc_curve_cache_init()) != 0) {
WOLFSSL_MSG("Error creating curve cache");
return ret;
}
#endif
#endif
initRefCount = 1;
}
@@ -145,7 +163,8 @@ int wolfCrypt_Cleanup(void)
{
int ret = 0;
WOLFSSL_ENTER("wolfCrypt_Cleanup");
if (initRefCount == 1) {
WOLFSSL_ENTER("wolfCrypt_Cleanup");
#ifdef HAVE_ECC
#ifdef FP_ECC
@@ -154,21 +173,22 @@ int wolfCrypt_Cleanup(void)
#ifdef ECC_CACHE_CURVE
wc_ecc_curve_cache_free();
#endif
#endif
#endif /* HAVE_ECC */
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
ret = wc_LoggingCleanup();
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
ret = wc_LoggingCleanup();
#endif
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
ShowMemoryTracker();
#endif
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
ShowMemoryTracker();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_HardwareStop();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_HardwareStop();
#endif
initRefCount = 0; /* allow re-init */
initRefCount = 0; /* allow re-init */
}
return ret;
}
@@ -310,11 +330,17 @@ wolfSSL_Mutex* wc_InitAndAllocMutex()
{
wolfSSL_Mutex* m = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), NULL,
DYNAMIC_TYPE_MUTEX);
if (m && wc_InitMutex(m) == 0)
return m;
if (m != NULL) {
if (wc_InitMutex(m) != 0) {
WOLFSSL_MSG("Init Mutex failed");
XFREE(m, NULL, DYNAMIC_TYPE_MUTEX);
m = NULL;
}
}
else {
WOLFSSL_MSG("Memory error with Mutex allocation");
}
XFREE(m, NULL, DYNAMIC_TYPE_MUTEX);
m = NULL;
return m;
}
@@ -1006,9 +1032,6 @@ int wolfSSL_CryptHwMutexUnLock(void) {
}
#elif defined(INTIME_RTOS)
#ifndef INTIME_RTOS_MUTEX_MAX
#define INTIME_RTOS_MUTEX_MAX 10
#endif
int wc_InitMutex(wolfSSL_Mutex* m)
{
@@ -1019,7 +1042,7 @@ int wolfSSL_CryptHwMutexUnLock(void) {
*m = CreateRtSemaphore(
1, /* initial unit count */
INTIME_RTOS_MUTEX_MAX, /* maximum unit count */
1, /* maximum unit count */
PRIORITY_QUEUING /* creation flags: FIFO_QUEUING or PRIORITY_QUEUING */
);
if (*m == BAD_RTHANDLE) {
+635 -274
View File
File diff suppressed because it is too large Load Diff
+8 -1
View File
@@ -155,12 +155,19 @@ enum wolfSSL_ErrorCodes {
HTTP_TIMEOUT = -417, /* HTTP timeout for OCSP or CRL req */
WRITE_DUP_READ_E = -418, /* Write dup write side can't read */
WRITE_DUP_WRITE_E = -419, /* Write dup read side can't write */
INVALID_CERT_CTX_E = -420, /* TLS cert ctx not matching */
BAD_KEY_SHARE_DATA = -421, /* Key Share data invalid */
MISSING_HANDSHAKE_DATA = -422, /* Handshake message missing data */
BAD_BINDER = -423, /* Binder does not match */
EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */
INVALID_PARAMETER = -425, /* Security parameter invalid */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
COMPRESSION_ERROR = -502 /* compression mismatch */
COMPRESSION_ERROR = -502, /* compression mismatch */
KEY_SHARE_ERROR = -503 /* key share mismatch */
/* end negotiation parameter errors only 10 for now */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+306 -34
View File
@@ -627,6 +627,29 @@ typedef byte word24[3];
#endif
#endif
#if defined(WOLFSSL_TLS13)
#ifdef HAVE_AESGCM
#ifndef NO_SHA256
#define BUILD_TLS_AES_128_GCM_SHA256
#endif
#ifdef WOLFSSL_SHA384
#define BUILD_TLS_AES_256_GCM_SHA384
#endif
#endif
#ifdef HAVE_CHACHA
#ifndef NO_SHA256
#define BUILD_TLS_CHACHA20_POLY1305_SHA256
#endif
#endif
#ifdef HAVE_AESCCM
#ifndef NO_SHA256
#define BUILD_TLS_AES_128_CCM_SHA256
#define BUILD_TLS_AES_128_CCM_8_SHA256
#endif
#endif
#endif
#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
@@ -853,6 +876,13 @@ enum {
TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
/* TLS v1.3 cipher suites */
TLS_AES_128_GCM_SHA256 = 0x01,
TLS_AES_256_GCM_SHA384 = 0x02,
TLS_CHACHA20_POLY1305_SHA256 = 0x03,
TLS_AES_128_CCM_SHA256 = 0x04,
TLS_AES_128_CCM_8_SHA256 = 0x05,
/* Renegotiation Indication Extension Special Suite */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
};
@@ -876,6 +906,7 @@ enum Misc {
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
TLS13_BYTE = 0x13, /* TLS v.13 first byte of cipher suite */
SEND_CERT = 1,
SEND_BLANK_CERT = 2,
@@ -888,6 +919,9 @@ enum Misc {
TLSv1_MINOR = 1, /* TLSv1 minor version number */
TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
NO_COMPRESSION = 0,
@@ -927,9 +961,13 @@ enum Misc {
SEQ_SZ = 8, /* 64 bit sequence number */
ALERT_SIZE = 2, /* level + description */
VERIFY_HEADER = 2, /* always use 2 bytes */
EXTS_SZ = 2, /* always use 2 bytes */
EXT_ID_SZ = 2, /* always use 2 bytes */
MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
SESSION_HINT_SZ = 4, /* session timeout hint */
SESSION_ADD_SZ = 4, /* session age add */
MAX_LIFETIME = 604800, /* maximum ticket lifetime */
RAN_LEN = 32, /* random length */
SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
@@ -946,6 +984,7 @@ enum Misc {
OPAQUE64_LEN = 8, /* 8 bytes */
COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */
KE_GROUP_LEN = 2, /* key exchange group length */
SERVER_ID_LEN = 20, /* server session id length */
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
@@ -986,6 +1025,11 @@ enum Misc {
MAX_PRF_HALF = 256, /* Maximum half secret len */
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224, /* Maximum digest len */
PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
MAX_LABEL_SZ = 34, /* Maximum length of a label */
MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
OPAQUE8_LEN + MAX_DIGEST_SIZE,
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
@@ -1004,6 +1048,7 @@ enum Misc {
AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
AEAD_NONCE_SZ = 12,
AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
@@ -1017,6 +1062,7 @@ enum Misc {
AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
AESCCM_NONCE_SZ = 12,
CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
@@ -1055,7 +1101,10 @@ enum Misc {
DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
NULL_TERM_LEN = 1, /* length of null '\0' termination character */
MAX_PSK_KEY_LEN = 64, /* max psk key supported */
MIN_PSK_ID_LEN = 6, /* min length of identities */
MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
@@ -1086,11 +1135,7 @@ enum Misc {
/* Set max implicit IV size for AEAD cipher suites */
#ifdef HAVE_CHACHA
#define AEAD_MAX_IMP_SZ 12
#else
#define AEAD_MAX_IMP_SZ 4
#endif
#define AEAD_MAX_IMP_SZ 12
/* Set max explicit IV size for AEAD cipher suites */
#define AEAD_MAX_EXP_SZ 8
@@ -1199,10 +1244,12 @@ enum states {
SERVER_HELLOVERIFYREQUEST_COMPLETE,
SERVER_HELLO_COMPLETE,
SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
SERVER_CERT_COMPLETE,
SERVER_KEYEXCHANGE_COMPLETE,
SERVER_HELLODONE_COMPLETE,
SERVER_FINISHED_COMPLETE,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_COMPLETE,
CLIENT_KEYEXCHANGE_COMPLETE,
@@ -1229,6 +1276,7 @@ WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
#ifdef WOLFSSL_DTLS
WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
@@ -1290,6 +1338,9 @@ struct WOLFSSL_METHOD {
byte downgrade; /* whether to downgrade version, default no */
};
/* wolfSSL buffer type - internal uses "buffer" type */
typedef WOLFSSL_BUFFER_INFO buffer;
/* defaults to client */
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
@@ -1298,10 +1349,40 @@ WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 size, word32 totalSz, int sniff);
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
/* wolfSSL buffer type - internal uses "buffer" type */
typedef WOLFSSL_BUFFER_INFO buffer;
/* TLS v1.3 needs these */
WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
word32);
WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
word32);
WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
word32 hashSigAlgoSz);
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
#endif
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz);
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
word32* inOutIdx, byte type,
word32 size, word32 totalSz);
WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
word32* inOutIdx, word32 totalSz);
WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
word32* inOutIdx, word32 helloSz);
#endif
#ifndef NO_CERTS
/* wolfSSL DER buffer */
@@ -1403,11 +1484,10 @@ typedef struct Suites {
} Suites;
WOLFSSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
word16, word16, word16, int);
WOLFSSL_LOCAL
int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
word16, word16, word16, int);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED
typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
@@ -1458,7 +1538,7 @@ struct WOLFSSL_OCSP {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OcspEntry* ocspList; /* OCSP response list */
wolfSSL_Mutex ocspLock; /* OCSP list lock */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
int(*statusCb)(WOLFSSL*, void*);
#endif
};
@@ -1650,6 +1730,10 @@ typedef struct Keys {
word32 padSz; /* how much to advance after decrypt part */
byte encryptionOn; /* true after change cipher spec */
byte decryptedCur; /* only decrypt current record once */
#ifdef WOLFSSL_TLS13
byte updateResponseReq:1; /* KeyUpdate response from peer required. */
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
#endif
} Keys;
@@ -1663,16 +1747,28 @@ typedef enum {
TLSX_TRUNCATED_HMAC = 0x0004,
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
TLSX_SESSION_TICKET = 0x0023,
#ifdef WOLFSSL_TLS13
TLSX_KEY_SHARE = 0x0028,
#ifndef NO_PSK
TLSX_PRE_SHARED_KEY = 0x0029,
#endif
TLSX_SUPPORTED_VERSIONS = 0x002b,
#ifndef NO_PSK
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
#endif
#endif
TLSX_RENEGOTIATION_INFO = 0xff01
} TLSX_Type;
typedef struct TLSX {
TLSX_Type type; /* Extension Type */
void* data; /* Extension Data */
word32 val; /* Extension Value */
byte resp; /* IsResponse Flag */
struct TLSX* next; /* List Behavior */
} TLSX;
@@ -1688,12 +1784,13 @@ WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
#endif
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType);
WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output,
byte msgType);
#endif
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte isRequest, Suites *suites);
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
byte msgType, Suites *suites);
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
@@ -1785,8 +1882,10 @@ typedef struct {
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
byte status_type, byte options, void* heap, int devId);
#ifndef NO_CERTS
WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
void* heap);
#endif
WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
@@ -1807,8 +1906,10 @@ typedef struct CSRIv2 {
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
byte status_type, byte options, void* heap, int devId);
#ifndef NO_CERTS
WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
byte isPeer, void* heap);
#endif
WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
byte index);
WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
@@ -1869,6 +1970,10 @@ WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
typedef struct SessionTicket {
word32 lifetime;
#ifdef WOLFSSL_TLS13
word64 seen;
word32 ageAdd;
#endif
byte* data;
word16 size;
} SessionTicket;
@@ -1923,6 +2028,69 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
#endif /* HAVE_QSH */
#ifdef WOLFSSL_TLS13
/* Key Share - TLS v1.3 Specification */
/* The KeyShare extension information - entry in a linked list. */
typedef struct KeyShareEntry {
word16 group; /* NamedGroup */
byte* ke; /* Key exchange data */
word32 keLen; /* Key exchange data length */
void* key; /* Private key */
word32 keyLen; /* Private key length */
struct KeyShareEntry* next; /* List pointer */
} KeyShareEntry;
WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
byte* data, KeyShareEntry **kse);
WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
#ifndef NO_PSK
/* The PreSharedKey extension information - entry in a linked list. */
typedef struct PreSharedKey {
word16 identityLen; /* Length of identity */
byte* identity; /* PSK identity */
word32 ticketAge; /* Age of the ticket */
byte binderLen; /* Length of HMAC */
byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */
byte hmac; /* HMAC algorithm */
byte resumption:1; /* Resumption PSK */
byte chosen:1; /* Server's choice */
struct PreSharedKey* next; /* List pointer */
} PreSharedKey;
WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
byte* output, byte msgType);
WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
byte msgType);
WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
word16 len, word32 age, byte hmac,
byte resumption,
PreSharedKey **preSharedKey);
enum PskKeyExchangeMode {
PSK_KE,
PSK_DHE_KE
};
WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
#endif /* NO_PSK */
/* The types of keys to derive for. */
enum DeriveKeyType {
handshake_key,
traffic_key,
update_traffic_key
};
/* The key update request values for KeyUpdate message. */
enum KeyUpdateRequest {
update_not_requested,
update_requested
};
#endif /* WOLFSSL_TLS13 */
/* wolfSSL context type */
struct WOLFSSL_CTX {
@@ -1944,9 +2112,12 @@ struct WOLFSSL_CTX {
#ifdef OPENSSL_EXTRA
STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
STACK_OF(WOLFSSL_X509)* x509Chain;
#endif
#ifdef WOLFSSL_TLS13
int certChainCnt;
#endif
DerBuffer* privateKey;
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
#endif
@@ -1978,6 +2149,10 @@ struct WOLFSSL_CTX {
byte minDowngrade; /* minimum downgrade version */
byte haveEMS; /* have extended master secret extension */
byte useClientOrder; /* Use client's cipher preference order */
#ifdef WOLFSSL_TLS13
byte noTicketTls13; /* Server won't create new Ticket */
byte noPskDheKe; /* Don't use (EC)DHE with PSK */
#endif
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
byte dtlsSctp; /* DTLS-over-SCTP mode */
word16 dtlsMtuSz; /* DTLS MTU size */
@@ -2015,7 +2190,7 @@ struct WOLFSSL_CTX {
byte havePSK; /* psk key set by user */
wc_psk_client_callback client_psk_cb; /* client callback */
wc_psk_server_callback server_psk_cb; /* server callback */
char server_hint[MAX_PSK_ID_LEN];
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
#endif /* NO_PSK */
#ifdef HAVE_ANON
byte haveAnon; /* User wants to allow Anon suites */
@@ -2030,11 +2205,11 @@ struct WOLFSSL_CTX {
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
#endif
#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX)
#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
@@ -2104,6 +2279,7 @@ int DeriveTlsKeys(WOLFSSL* ssl);
WOLFSSL_LOCAL
int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 inSz, word16 sz);
#ifndef NO_CERTS
WOLFSSL_LOCAL
int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
@@ -2169,10 +2345,11 @@ enum KeyExchangeAlgorithm {
/* Supported Authentication Schemes */
enum SignatureAlgorithm {
anonymous_sa_algo,
rsa_sa_algo,
dsa_sa_algo,
ecc_dsa_sa_algo
anonymous_sa_algo = 0,
rsa_sa_algo = 1,
dsa_sa_algo = 2,
ecc_dsa_sa_algo = 3,
rsa_pss_sa_algo = 8
};
@@ -2274,6 +2451,21 @@ typedef struct Hashes {
#endif
} Hashes;
WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
#ifdef WOLFSSL_TLS13
typedef union Digest {
#ifndef NO_WOLFSSL_SHA256
Sha256 sha256;
#endif
#ifdef WOLFSSL_SHA384
Sha384 sha384;
#endif
#ifdef WOLFSSL_SHA512
Sha512 sha512;
#endif
} Digest;
#endif
/* Static x509 buffer */
typedef struct x509_buffer {
@@ -2299,6 +2491,9 @@ struct WOLFSSL_SESSION {
word16 haveEMS; /* ext master secret flag */
#ifdef SESSION_CERTS
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
#endif
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
defined(HAVE_SESSION_TICKET))
ProtocolVersion version; /* which version was used */
byte cipherSuite0; /* first byte, normally 0 */
byte cipherSuite; /* 2nd byte, actual suite */
@@ -2308,6 +2503,11 @@ struct WOLFSSL_SESSION {
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
#endif
#ifdef HAVE_SESSION_TICKET
#ifdef WOLFSSL_TLS13
byte namedGroup;
word32 ticketSeen; /* Time ticket seen (ms) */
word32 ticketAdd; /* Added by client */
#endif
byte* ticket;
word16 ticketLen;
byte staticTicket[SESSION_TICKET_LEN];
@@ -2353,9 +2553,12 @@ enum ConnectState {
enum AcceptState {
ACCEPT_BEGIN = 0,
ACCEPT_CLIENT_HELLO_DONE,
ACCEPT_HELLO_RETRY_REQUEST_DONE,
ACCEPT_FIRST_REPLY_DONE,
SERVER_HELLO_SENT,
SERVER_EXTENSIONS_SENT,
CERT_SENT,
CERT_VERIFY_SENT,
CERT_STATUS_SENT,
KEY_EXCHANGE_SENT,
CERT_REQ_SENT,
@@ -2395,6 +2598,9 @@ typedef struct Buffers {
DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
/* chain after self, in DER, with leading size for each cert */
#ifdef WOLFSSL_TLS13
int certChainCnt;
#endif
#endif
#ifdef WOLFSSL_DTLS
WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
@@ -2412,6 +2618,16 @@ typedef struct Buffers {
#endif /* HAVE_PK_CALLBACKS */
} Buffers;
/* sub-states for send/do key share (key exchange) */
enum asyncState {
TLS_ASYNC_BEGIN = 0,
TLS_ASYNC_BUILD,
TLS_ASYNC_DO,
TLS_ASYNC_VERIFY,
TLS_ASYNC_FINALIZE,
TLS_ASYNC_END
};
typedef struct Options {
#ifndef NO_PSK
wc_psk_client_callback client_psk_cb;
@@ -2439,6 +2655,7 @@ typedef struct Options {
word16 haveSessionId:1; /* server may not send */
word16 tls:1; /* using TLS ? */
word16 tls1_1:1; /* using TLSv1.1+ ? */
word16 tls1_3:1; /* using TLSv1.3+ ? */
word16 dtls:1; /* using datagrams ? */
word16 connReset:1; /* has the peer reset */
word16 isClosed:1; /* if we consider conn closed */
@@ -2456,6 +2673,7 @@ typedef struct Options {
word16 havePeerVerify:1; /* and peer's cert verify */
word16 usingPSK_cipher:1; /* are using psk as cipher */
word16 usingAnon_cipher:1; /* are we using an anon cipher */
word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
word16 sendAlertState:1; /* nonblocking resume */
word16 partialWrite:1; /* only one msg per write call */
word16 quietShutdown:1; /* don't send close notify */
@@ -2475,6 +2693,9 @@ typedef struct Options {
word16 createTicket:1; /* Server to create new Ticket */
word16 useTicket:1; /* Use Ticket not session cache */
word16 rejectTicket:1; /* Callback rejected ticket */
#ifdef WOLFSSL_TLS13
word16 noTicketTls13:1; /* Server won't create new Ticket */
#endif
#endif
#ifdef WOLFSSL_DTLS
word16 dtlsHsRetain:1; /* DTLS retaining HS data */
@@ -2523,14 +2744,19 @@ typedef struct Arrays {
word32 pendingMsgOffset; /* current offset into defrag buffer */
#ifndef NO_PSK
word32 psk_keySz; /* actual size */
char client_identity[MAX_PSK_ID_LEN];
char server_hint[MAX_PSK_ID_LEN];
char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
byte psk_key[MAX_PSK_KEY_LEN];
#endif
byte clientRandom[RAN_LEN];
byte serverRandom[RAN_LEN];
byte sessionID[ID_LEN];
byte sessionIDSz;
#ifdef WOLFSSL_TLS13
byte clientSecret[SECRET_LEN];
byte serverSecret[SECRET_LEN];
byte secret[SECRET_LEN];
#endif
byte masterSecret[SECRET_LEN];
#ifdef WOLFSSL_DTLS
byte cookie[MAX_COOKIE_LEN];
@@ -2714,10 +2940,12 @@ typedef struct DtlsMsg {
/* Handshake messages received from peer (plus change cipher */
typedef struct MsgsReceived {
word16 got_hello_request:1;
word16 got_client_hello:1;
word16 got_client_hello:2;
word16 got_server_hello:1;
word16 got_hello_verify_request:1;
word16 got_session_ticket:1;
word16 got_hello_retry_request:1;
word16 got_encrypted_extensions:1;
word16 got_certificate:1;
word16 got_certificate_status:1;
word16 got_server_key_exchange:1;
@@ -2726,6 +2954,7 @@ typedef struct MsgsReceived {
word16 got_certificate_verify:1;
word16 got_client_key_exchange:1;
word16 got_finished:1;
word16 got_key_update:1;
word16 got_change_cipher:1;
} MsgsReceived;
@@ -2858,6 +3087,9 @@ struct WOLFSSL {
byte maxRequest;
byte user_set_QSHSchemes;
#endif
#ifdef WOLFSSL_TLS13
word16 namedGroup;
#endif
#ifdef HAVE_NTRU
word16 peerNtruKeyLen;
byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
@@ -2905,6 +3137,9 @@ struct WOLFSSL {
CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
void* fuzzerCtx; /* user defined pointer */
#endif
#ifdef WOLFSSL_TLS13
buffer clientCertCtx; /* Certificate context in request */
#endif
#ifdef KEEP_PEER_CERT
WOLFSSL_X509 peerCert; /* X509 peer cert */
#endif
@@ -2941,7 +3176,7 @@ struct WOLFSSL {
#endif /* user turned on */
#ifdef HAVE_ALPN
char* alpn_client_list; /* keep the client's list */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
@@ -2955,7 +3190,7 @@ struct WOLFSSL {
#ifdef OPENSSL_EXTRA
byte* ocspResp;
int ocspRespSz;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
char* url;
#endif
#endif
@@ -3094,6 +3329,8 @@ enum HandShakeType {
server_hello = 2,
hello_verify_request = 3, /* DTLS addition */
session_ticket = 4,
hello_retry_request = 6,
encrypted_extensions = 8,
certificate = 11,
server_key_exchange = 12,
certificate_request = 13,
@@ -3102,6 +3339,7 @@ enum HandShakeType {
client_key_exchange = 16,
finished = 20,
certificate_status = 22,
key_update = 24,
change_cipher_hs = 55, /* simulate unique handshake type for sanity
checks. record layer change_cipher
conflicts with handshake finished */
@@ -3121,13 +3359,27 @@ WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
WOLFSSL_LOCAL int SendTls13EncryptedExtensions(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13Certificate(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13CertificateRequest(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13Finished(WOLFSSL*);
WOLFSSL_LOCAL int SendTls13NewSessionTicket(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
@@ -3140,6 +3392,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
@@ -3155,7 +3408,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
@@ -3207,12 +3461,20 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
#endif /* NO_WOLFSSL_CLIENT */
WOLFSSL_LOCAL int SendTls13CertificateVerify(WOLFSSL*);
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*);
#endif
WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
#endif /* NO_WOLFSSL_SERVER */
@@ -3239,7 +3501,9 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
#endif /* NO_TLS */
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
#endif
WOLFSSL_LOCAL word32 LowResTimer(void);
#ifndef NO_CERTS
@@ -3283,10 +3547,18 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
#endif
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput,
int sizeOnly, int asyncOkay);
#ifdef WOLFSSL_TLS13
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
int inSz, int type, int hashOutput, int sizeOnly);
#endif
WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
+3
View File
@@ -90,6 +90,9 @@
#include <netdb.h>
#include <netinet/in.h>
#include <io.h>
/* <sys/socket.h> defines these, to avoid conflict, do undef */
#undef SOCKADDR
#undef SOCKADDR_IN
#elif defined(WOLFSSL_PRCONNECT_PRO)
#include <prconnect_pro/prconnect_pro.h>
#include <sys/types.h>
+2 -2
View File
@@ -37,7 +37,7 @@
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
@@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
+2 -2
View File
@@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
#define SSLEAY_VERSION 0x0090600fL
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
#define FIPS_mode wolfSSL_FIPS_mode
#define FIPS_mode_set wolfSSL_FIPS_mode_set
@@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL)
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* header */
+1 -1
View File
@@ -5,7 +5,7 @@
/* api version compatibility */
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001000L
+11
View File
@@ -99,12 +99,23 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
WOLFSSL_API
int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API
int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
#if !defined(NO_FILESYSTEM)
WOLFSSL_API
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
WOLFSSL_API
WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x,
pem_password_cb *cb, void *u);
WOLFSSL_API
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x,
pem_password_cb *cb, void *u);
#endif /* NO_FILESYSTEM */
#define PEM_read_X509 wolfSSL_PEM_read_X509
#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey
#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey
/* RSA */
#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
+25 -4
View File
@@ -118,6 +118,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
#define SSL_get_privatekey wolfSSL_get_privatekey
#define SSLv23_method wolfSSLv23_method
#define SSLv3_server_method wolfSSLv3_server_method
@@ -322,6 +323,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define EVP_PKEY_new wolfSSL_PKEY_new
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
@@ -338,6 +341,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
@@ -473,7 +477,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_POCO_LIB)
defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY)
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_NAME_free wolfSSL_X509_NAME_free
@@ -508,7 +512,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB */
#ifdef WOLFSSL_HAPROXY
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x)
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* WOLFSSL_HAPROXY */
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
@@ -703,7 +720,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
#define NID_tlsfeature 92 /* id-pe 24 */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING
@@ -714,7 +733,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
/* Nginx checks these to see if the error was a handshake error. */
#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E
@@ -775,6 +793,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
#define SSL_select_next_proto wolfSSL_select_next_proto
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb
#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated
#endif
+108 -21
View File
@@ -68,10 +68,16 @@
extern "C" {
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
typedef struct WOLFSSL WOLFSSL;
#endif
typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
#endif
typedef struct WOLFSSL_STACK WOLFSSL_STACK;
typedef struct WOLFSSL_X509 WOLFSSL_X509;
@@ -270,6 +276,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
#ifdef WOLFSSL_TLS13
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
#endif
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
@@ -288,6 +298,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
#ifdef WOLFSSL_TLS13
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
#endif
#ifdef WOLFSSL_DTLS
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
@@ -382,12 +396,23 @@ WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*);
WOLFSSL_API int wolfSSL_connect(WOLFSSL*); /* please see note at top of README
if you get an error from connect */
/* please see note at top of README if you get an error from connect */
WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
#endif
WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
#ifdef WOLFSSL_TLS13
WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
#endif
WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
WOLFSSL_API void wolfSSL_free(WOLFSSL*);
WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
@@ -490,6 +515,7 @@ WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
@@ -1688,7 +1714,7 @@ enum {
WOLFSSL_MAX_ALPN_NUMBER = 257
};
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
unsigned char* outLen, const unsigned char* in, unsigned int inLen,
void *arg);
@@ -1783,7 +1809,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
#endif
#endif
/* Elliptic Curves */
/* Named Groups */
enum {
#if 0 /* Not Supported */
WOLFSSL_ECC_SECT163K1 = 1,
@@ -1815,6 +1841,19 @@ enum {
WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
#ifdef WOLFSSL_TLS13
/* Not implemented. */
WOLFSSL_ECC_X25519 = 29,
/* Not implemented. */
WOLFSSL_ECC_X448 = 30,
/* Not implemented. */
WOLFSSL_FFDHE_2048 = 256,
WOLFSSL_FFDHE_3072 = 257,
WOLFSSL_FFDHE_4096 = 258,
WOLFSSL_FFDHE_6144 = 259,
WOLFSSL_FFDHE_8192 = 260,
#endif
};
#ifdef HAVE_SUPPORTED_CURVES
@@ -1827,6 +1866,11 @@ WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
#endif
#endif
#ifdef WOLFSSL_TLS13
WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, unsigned short group);
WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
#endif
/* Secure Renegotiation */
#ifdef HAVE_SECURE_RENEGOTIATION
@@ -1964,7 +2008,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
WOLFSSL_API void wolfSSL_cert_service(void);
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
char* buf, int len);
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
@@ -1992,6 +2036,7 @@ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
unsigned char* der, long derSz);
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
#ifndef NO_RSA
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
long derSz);
@@ -2035,6 +2080,7 @@ struct WOLFSSL_X509_NAME_ENTRY {
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
@@ -2046,7 +2092,7 @@ WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
@@ -2060,6 +2106,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
@@ -2078,7 +2125,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/openssl/crypto.h>
@@ -2174,10 +2221,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_NGINX)
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
@@ -2210,7 +2257,7 @@ WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
int *line, const char **data, int *flags);
#endif
#ifdef WOLFSSL_NGINX
#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY
/* Not an OpenSSL API. */
WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
/* Not an OpenSSL API. */
@@ -2218,6 +2265,7 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
/* Not an OpenSSL API. */
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
void *b, void *c);
@@ -2277,19 +2325,58 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
#endif /* WOLFSSL_NGINX */
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
const unsigned char **data, unsigned int *len);
const unsigned char **data, unsigned int *len);
WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned int *outlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len);
#ifdef WOLFSSL_HAPROXY
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
#endif
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor);
WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
WOLFSSL_API void ERR_load_SSL_strings(void);
#ifdef __cplusplus
} /* extern "C" */
+66 -56
View File
@@ -302,8 +302,8 @@ static INLINE void InitTcpReady(tcp_ready* ready)
ready->srfName = NULL;
#ifdef SINGLE_THREADED
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#endif
}
@@ -1008,6 +1008,9 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
#ifndef NO_PSK
/* identity is OpenSSL testing default for openssl s_client, keep same */
static const char* kIdentityStr = "Client_identity";
static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
char* identity, unsigned int id_max_len, unsigned char* key,
unsigned int key_max_len)
@@ -1016,9 +1019,8 @@ static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
(void)hint;
(void)key_max_len;
/* identity is OpenSSL testing default for openssl s_client, keep same */
strncpy(identity, "Client_identity", id_max_len);
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len);
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
unsigned binary */
@@ -1037,8 +1039,8 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
(void)ssl;
(void)key_max_len;
/* identity is OpenSSL testing default for openssl s_client, keep same */
if (strncmp(identity, "Client_identity", 15) != 0)
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
return 0;
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
@@ -1109,6 +1111,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
{
int ret;
long int fileSz;
FILE* file;
if (fname == NULL || buf == NULL || bufLen == NULL)
@@ -1126,9 +1129,10 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
}
fseek(file, 0, SEEK_END);
*bufLen = ftell(file);
fileSz = (int)ftell(file);
rewind(file);
if (*bufLen > 0) {
if (fileSz > 0) {
*bufLen = (size_t)fileSz;
*buf = (byte*)malloc(*bufLen);
if (*buf == NULL) {
ret = MEMORY_E;
@@ -1736,12 +1740,13 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_ecc_init(&myKey);
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
wc_ecc_free(&myKey);
ret = wc_ecc_init(&myKey);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
wc_ecc_free(&myKey);
}
wc_FreeRng(&rng);
return ret;
@@ -1758,12 +1763,13 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
(void)ssl;
(void)ctx;
wc_ecc_init(&myKey);
ret = wc_ecc_import_x963(key, keySz, &myKey);
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
wc_ecc_free(&myKey);
ret = wc_ecc_init(&myKey);
if (ret == 0) {
ret = wc_ecc_import_x963(key, keySz, &myKey);
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
wc_ecc_free(&myKey);
}
return ret;
}
@@ -1843,16 +1849,17 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
wc_FreeRng(&rng);
return ret;
@@ -1871,12 +1878,13 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
(void)ssl;
(void)ctx;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wc_FreeRsaKey(&myKey);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wc_FreeRsaKey(&myKey);
}
return ret;
}
@@ -1898,17 +1906,18 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) {
*outSz = ret;
ret = 0; /* reset to success */
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) {
*outSz = ret;
ret = 0; /* reset to success */
}
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
wc_FreeRng(&rng);
return ret;
@@ -1925,20 +1934,21 @@ static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
(void)ssl;
(void)ctx;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
if (ret != 0) {
wc_FreeRsaKey(&myKey);
return ret;
}
#endif
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
if (ret != 0) {
wc_FreeRsaKey(&myKey);
return ret;
}
#endif
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
return ret;
}
+2 -2
View File
@@ -28,8 +28,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "3.10.4"
#define LIBWOLFSSL_VERSION_HEX 0x03010004
#define LIBWOLFSSL_VERSION_STRING "3.11.0"
#define LIBWOLFSSL_VERSION_HEX 0x03011000
#ifdef __cplusplus
}
+5 -5
View File
@@ -130,7 +130,7 @@ enum Misc_ASN {
PKCS5 = 5, /* PKCS oid tag */
PKCS5v2 = 6, /* PKCS #5 v2.0 */
PKCS8v0 = 0, /* default PKCS#8 version */
PKCS12 = 12, /* PKCS #12 */
PKCS12v1 = 12, /* PKCS #12 */
MAX_UNICODE_SZ = 256,
ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
@@ -193,7 +193,7 @@ enum Misc_ASN {
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
TRAILING_ZERO = 1, /* Used for size of zero pad */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */
#endif
};
@@ -743,7 +743,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
word32* oidSz, int* algoID, void* heap);
typedef struct tm wolfssl_tm;
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
#endif
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
@@ -873,7 +873,7 @@ struct CertStatus {
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
byte* thisDateAsn;
byte* nextDateAsn;
#endif
@@ -924,7 +924,7 @@ struct OcspRequest {
int nonceSz;
void* heap;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
void* ssl;
#endif
};
+13 -4
View File
@@ -30,10 +30,19 @@
extern "C" {
#endif
/* Opaque keys. Only key pointers are used for arguments */
typedef struct ecc_key ecc_key;
typedef struct RsaKey RsaKey;
typedef struct WC_RNG WC_RNG;
/* guard on redeclaration */
#ifndef WC_ECCKEY_TYPE_DEFINED
typedef struct ecc_key ecc_key;
#define WC_ECCKEY_TYPE_DEFINED
#endif
#ifndef WC_RSAKEY_TYPE_DEFINED
typedef struct RsaKey RsaKey;
#define WC_RSAKEY_TYPE_DEFINED
#endif
#ifndef WC_RNG_TYPE_DEFINED
typedef struct WC_RNG WC_RNG;
#define WC_RNG_TYPE_DEFINED
#endif
/* Certificate file Type */
enum CertType {
+22
View File
@@ -37,6 +37,12 @@
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
typedef struct DhParams {
const byte* p;
word32 p_len;
const byte* g;
word32 g_len;
} DhParams;
/* Diffie-Hellman Key */
typedef struct DhKey {
@@ -48,6 +54,22 @@ typedef struct DhKey {
} DhKey;
#ifdef HAVE_FFDHE_2048
WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
#endif
#ifdef HAVE_FFDHE_3072
WOLFSSL_API const DhParams* wc_Dh_ffdhe3072_Get(void);
#endif
#ifdef HAVE_FFDHE_4096
WOLFSSL_API const DhParams* wc_Dh_ffdhe4096_Get(void);
#endif
#ifdef HAVE_FFDHE_6144
WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void);
#endif
#ifdef HAVE_FFDHE_8192
WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
#endif
WOLFSSL_API int wc_InitDhKey(DhKey* key);
WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
WOLFSSL_API void wc_FreeDhKey(DhKey* key);
+15 -2
View File
@@ -150,6 +150,14 @@ typedef enum ecc_curve_id {
ECC_BRAINPOOLP320R1,
ECC_BRAINPOOLP384R1,
ECC_BRAINPOOLP512R1,
/* Twisted Edwards Curves */
#ifdef HAVE_CURVE25519
ECC_X25519,
#endif
#ifdef HAVE_X448
ECC_X448,
#endif
} ecc_curve_id;
#ifdef HAVE_OID_ENCODING
@@ -262,7 +270,7 @@ enum {
};
/* An ECC Key */
typedef struct ecc_key {
struct ecc_key {
int type; /* Public or Private */
int idx; /* Index into the ecc_sets[] for the parameters of
this curve if -1, this key is using user supplied
@@ -287,7 +295,12 @@ typedef struct ecc_key {
CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
} ecc_key;
};
#ifndef WC_ECCKEY_TYPE_DEFINED
typedef struct ecc_key ecc_key;
#define WC_ECCKEY_TYPE_DEFINED
#endif
/* ECC predefined curve sets */
+12 -4
View File
@@ -180,10 +180,18 @@ WOLFSSL_API void wc_HmacFree(Hmac*);
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
#ifdef HAVE_HKDF
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out);
WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
#endif /* HAVE_HKDF */
#ifdef __cplusplus
+2 -2
View File
@@ -79,7 +79,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
void WOLFSSL_MSG(const char* msg);
void WOLFSSL_BUFFER(byte* buffer, word32 length);
void WOLFSSL_BUFFER(const byte* buffer, word32 length);
#else /* DEBUG_WOLFSSL */
@@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#endif /* DEBUG_WOLFSSL */
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
const char* file, void* ctx);
+12 -2
View File
@@ -81,7 +81,7 @@ enum {
/* RSA */
typedef struct RsaKey {
struct RsaKey {
mp_int n, e, d, p, q, dP, dQ, u;
void* heap; /* for user memory overrides */
byte* data; /* temp buffer for async RSA */
@@ -98,7 +98,13 @@ typedef struct RsaKey {
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
byte dataIsAlloc;
} RsaKey;
};
#ifndef WC_RSAKEY_TYPE_DEFINED
typedef struct RsaKey RsaKey;
#define WC_RSAKEY_TYPE_DEFINED
#endif
#endif /*HAVE_FIPS */
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
@@ -120,6 +126,9 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf,
RsaKey* key);
WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
#ifndef HAVE_FIPS /* to avoid asn duplicate symbols @wc_fips */
@@ -150,6 +159,7 @@ WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
/* Padding types */
#define WC_RSA_PKCSV15_PAD 0
#define WC_RSA_OAEP_PAD 1
#define WC_RSA_PSS_PAD 2
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng, int type,
+42 -27
View File
@@ -367,7 +367,7 @@
#define USE_CERT_BUFFERS_2048
/* uTasker port uses RAW sockets, use I/O callbacks
* See wolfSSL uTasker example for sample callbacks */
* See wolfSSL uTasker example for sample callbacks */
#define WOLFSSL_USER_IO
/* uTasker filesystem not ported */
@@ -421,26 +421,26 @@
#endif
#ifdef WOLFSSL_NRF5x
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_ASN_TIME
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
#define NO_WRITEV
#define SINGLE_THREADED
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define USE_WOLFSSL_MEMORY
#define WOLFSSL_NRF51
#define WOLFSSL_USER_IO
#define NO_SESSION_CACHE
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_ASN_TIME
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define NO_MAIN_DRIVER
#define NO_WRITEV
#define SINGLE_THREADED
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define USE_WOLFSSL_MEMORY
#define WOLFSSL_NRF51
#define WOLFSSL_USER_IO
#define NO_SESSION_CACHE
#endif
/* Micrium will use Visual Studio for compilation but not the Win32 API */
#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
!defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
!defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
!defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
!defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
#define USE_WINDOWS_API
#endif
@@ -759,7 +759,9 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_USER_IO
#define SINGLE_THREADED
#define NO_FILESYSTEM
#define USER_TICKS
#ifndef TIME_OVERRIDES
#define USER_TICKS
#endif
#endif /* FREESCALE_KSDK_BM */
#ifdef FREESCALE_COMMON
@@ -800,14 +802,24 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_AES_DIRECT
#endif
#include "fsl_common.h"
#ifdef FREESCALE_KSDK_1_3
#include "fsl_device_registers.h"
#else
#include "fsl_common.h"
#endif
/* random seed */
#define NO_OLD_RNGNAME
#if defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
#define FREESCALE_KSDK_2_0_TRNG
#elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
#define FREESCALE_KSDK_2_0_RNGA
#ifdef FREESCALE_KSDK_1_3
#include "fsl_rnga_driver.h"
#define FREESCALE_RNGA
#define RNGA_INSTANCE (0)
#else
#define FREESCALE_KSDK_2_0_RNGA
#endif
#elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS)
#define FREESCALE_RNGA
#define RNGA_INSTANCE (0)
@@ -948,9 +960,9 @@ extern void uITRON4_free(void *p) ;
#define NO_OLD_RNGNAME
#ifdef WOLFSSL_STM32_CUBEMX
#include "stm32f2xx_hal.h"
#ifndef STM32_HAL_TIMEOUT
#define STM32_HAL_TIMEOUT 0xFF
#endif
#ifndef STM32_HAL_TIMEOUT
#define STM32_HAL_TIMEOUT 0xFF
#endif
#else
#include "stm32f2xx.h"
#include "stm32f2xx_cryp.h"
@@ -974,9 +986,9 @@ extern void uITRON4_free(void *p) ;
#endif
#ifdef WOLFSSL_STM32_CUBEMX
#include "stm32f4xx_hal.h"
#ifndef STM32_HAL_TIMEOUT
#define STM32_HAL_TIMEOUT 0xFF
#endif
#ifndef STM32_HAL_TIMEOUT
#define STM32_HAL_TIMEOUT 0xFF
#endif
#else
#include "stm32f4xx.h"
#include "stm32f4xx_cryp.h"
@@ -1528,7 +1540,7 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
#define OPENSSL_NO_ENGINE
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@@ -1547,6 +1559,9 @@ extern void uITRON4_free(void *p) ;
#ifndef HAVE_SNI
#define HAVE_SNI
#endif
#endif
#if defined(WOLFSSL_NGINX)
#define SSL_CTRL_SET_TLSEXT_HOSTNAME
#endif
+1 -1
View File
@@ -293,7 +293,7 @@
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifndef USE_WINDOWS_API
#define XSNPRINTF snprintf
#else
+6
View File
@@ -33,9 +33,15 @@
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
typedef struct WOLFSSL WOLFSSL;
#endif
typedef struct WOLF_EVENT WOLF_EVENT;
#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
#endif
typedef unsigned short WOLF_EVENT_FLAG;