mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 08:40:49 +02:00
Merge branch 'master' of https://github.com/jrblixt/wolfssl into unitTest_api_dev
This commit is contained in:
+16
-1
@@ -91,7 +91,18 @@ ecc-key.pem
|
||||
certreq.der
|
||||
certreq.pem
|
||||
pkcs7cert.der
|
||||
pkcs7signedData.der
|
||||
pkcs7signedData_RSA_SHA.der
|
||||
pkcs7signedData_RSA_SHA_noattr.der
|
||||
pkcs7signedData_RSA_SHA224.der
|
||||
pkcs7signedData_RSA_SHA256.der
|
||||
pkcs7signedData_RSA_SHA384.der
|
||||
pkcs7signedData_RSA_SHA512.der
|
||||
pkcs7signedData_ECDSA_SHA.der
|
||||
pkcs7signedData_ECDSA_SHA_noattr.der
|
||||
pkcs7signedData_ECDSA_SHA224.der
|
||||
pkcs7signedData_ECDSA_SHA256.der
|
||||
pkcs7signedData_ECDSA_SHA384.der
|
||||
pkcs7signedData_ECDSA_SHA512.der
|
||||
pkcs7envelopedDataDES3.der
|
||||
pkcs7envelopedDataAES128CBC.der
|
||||
pkcs7envelopedDataAES192CBC.der
|
||||
@@ -196,7 +207,11 @@ wrapper/CSharp/x64/
|
||||
|
||||
# Visual Studio Code Workspace Files
|
||||
*.vscode
|
||||
|
||||
IDE/INTIME-RTOS/Debug_*
|
||||
|
||||
# Hexiwear
|
||||
IDE/HEXIWEAR/wolfSSL_HW/Debug
|
||||
|
||||
# Binaries
|
||||
wolfcrypt/src/port/intel/qat_test
|
||||
|
||||
@@ -13,3 +13,14 @@ if [ "$DIR" = "ARDUINO" ]; then
|
||||
else
|
||||
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
|
||||
fi
|
||||
|
||||
#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
|
||||
# they are included inline and should not be compiled directly
|
||||
|
||||
ARDUINO_DIR=${PWD}
|
||||
cd ../../
|
||||
rm bio.c
|
||||
rm evp.c
|
||||
cd $ARDUINO_DIR
|
||||
# end script in the origin directory for any future functionality that may be added.
|
||||
#End UPDATE: 19 Apr 2017
|
||||
|
||||
@@ -0,0 +1,143 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
||||
<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395">
|
||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" moduleId="org.eclipse.cdt.core.settings" name="Debug">
|
||||
<macros>
|
||||
<stringMacro name="PROJECT_KSDK_PATH" type="VALUE_TEXT" value="~/Work/KSDK_1.3.0"/>
|
||||
</macros>
|
||||
<externalSettings>
|
||||
<externalSetting>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfSSL_HW"/>
|
||||
<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfSSL_HW/Debug"/>
|
||||
<entry flags="RESOLVED" kind="libraryFile" name="wolfssl_hw" srcPrefixMapping="" srcRootPath=""/>
|
||||
</externalSetting>
|
||||
</externalSettings>
|
||||
<extensions>
|
||||
<extension id="org.eclipse.cdt.managedbuilder.core.ManagedBuildManager" point="org.eclipse.cdt.core.ScannerInfoProvider"/>
|
||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
||||
</extensions>
|
||||
</storageModule>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
<configuration artifactExtension="a" artifactName="wolfssl_hw" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" name="Debug" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug">
|
||||
<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395." name="/" resourcePath="">
|
||||
<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug.955851768" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.1637878147" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.none" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.596937133" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.412948756" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1412387181" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.1877241998" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.2038051180" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.max" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1062002269" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.1592667634" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m4" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1112951710" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1079530716" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.192917244" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.2108482930" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.500222702" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.175873499" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1700937041" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1874549763" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.178137928" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1274071175" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.655658023" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.1937238341" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1476617138" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1035232247" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto.8601271" name="Link-time optimizer (-flto)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto" value="false" valueType="boolean"/>
|
||||
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.817253425" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
|
||||
<builder buildPath="${workspace_loc:/wolfSSL_HW}/Debug" id="ilg.gnuarmeclipse.managedbuild.cross.builder.2043375702" keepEnvironmentInBuildfile="false" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1135882719" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.369489760" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
|
||||
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1086496768" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989" name="Cross ARM GNU C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.9643995" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.349147702" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="false" valueType="includePath">
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}}/../../../""/>
|
||||
<listOptionValue builtIn="false" value=""${workspace_loc:/${ProjName}}""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/devices""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/CMSIS/Include""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/devices/MK64F12/startup""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/drivers/inc""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/hal/inc""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/osa/inc""/>
|
||||
<listOptionValue builtIn="false" value=""${PROJECT_KSDK_PATH}/platform/utilities/inc""/>
|
||||
</option>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1294205548" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value=""CPU_MK64FN1M0VMD12""/>
|
||||
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
|
||||
</option>
|
||||
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726" name="Cross ARM GNU C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths.1452713629" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths" useByScannerDiscovery="false"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs.497680378" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
|
||||
<listOptionValue builtIn="false" value=""CPU_MK64FN1M0VMD12""/>
|
||||
</option>
|
||||
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.506002589" name="Cross ARM GNU C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.1489822225" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.575756954" name="Cross ARM GNU C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.11344634" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths.1878565771" name="Library search path (-L)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths" valueType="libPaths">
|
||||
<listOptionValue builtIn="false" value=""${ProjDirPath}/Project_Settings/Linker_Files""/>
|
||||
</option>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1517060693" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="-specs=nosys.specs -specs=nano.specs -Xlinker -z -Xlinker muldefs" valueType="string"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile.468376236" name="Script files (-T)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile" valueType="stringList">
|
||||
<listOptionValue builtIn="false" value=""MK64FN1M0xxx12_flash.ld""/>
|
||||
</option>
|
||||
<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.955790366" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
|
||||
<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
|
||||
<additionalInput kind="additionalinput" paths="$(LIBS)"/>
|
||||
</inputType>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1962941231" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1365673947" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.790507756" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.1929510617" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.573901902" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.2051558160" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.851594065" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.1352373056" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
|
||||
</tool>
|
||||
<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.934998862" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
|
||||
<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.1738611770" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
|
||||
</tool>
|
||||
</toolChain>
|
||||
</folderInfo>
|
||||
<sourceEntries>
|
||||
<entry excluding="wolfcrypt/src/integer.c|wolfcrypt/src/misc.c|src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|SDK|wolfssl/wolfcrypt/port|wolfcrypt/src/port|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
|
||||
</sourceEntries>
|
||||
</configuration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
||||
</cconfiguration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
||||
<project id="wolfSSL_HW.ilg.gnuarmeclipse.managedbuild.cross.target.elf.1053752509" name="Executable" projectType="ilg.gnuarmeclipse.managedbuild.cross.target.elf"/>
|
||||
</storageModule>
|
||||
<storageModule moduleId="scannerConfiguration">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
||||
<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
||||
</scannerConfigBuildInfo>
|
||||
<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152">
|
||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
||||
</scannerConfigBuildInfo>
|
||||
</storageModule>
|
||||
<storageModule moduleId="refreshScope" versionNumber="2">
|
||||
<configuration configurationName="Debug">
|
||||
<resource resourceType="PROJECT" workspacePath="/wolfSSL_HW"/>
|
||||
</configuration>
|
||||
</storageModule>
|
||||
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
|
||||
</cproject>
|
||||
@@ -0,0 +1,19 @@
|
||||
Sources/main.c
|
||||
Project_Settings/Linker_Files/MK64FN1M0xxx12_flash.ld
|
||||
SDK/platform/CMSIS/Include/core_cmSimd.h
|
||||
SDK/platform/devices/MK64F12/include/MK64F12.h
|
||||
SDK/platform/CMSIS/Include/arm_common_tables.h
|
||||
SDK/platform/CMSIS/Include/arm_const_structs.h
|
||||
SDK/platform/devices/MK64F12/include/MK64F12_features.h
|
||||
SDK/platform/CMSIS/Include/core_cm4.h
|
||||
SDK/platform/CMSIS/Include/core_cmFunc.h
|
||||
SDK/platform/CMSIS/Include/core_cmInstr.h
|
||||
SDK/platform/devices/fsl_device_registers.h
|
||||
SDK/platform/devices/MK64F12/include/fsl_bitaccess.h
|
||||
SDK/platform/CMSIS/Include/arm_math.h
|
||||
SDK/platform/devices/MK64F12/include/MK64F12_extension.h
|
||||
Project_Settings/Startup_Code/startup.c
|
||||
Project_Settings/Startup_Code/system_MK64F12.c
|
||||
Project_Settings/Startup_Code/startup.h
|
||||
Project_Settings/Startup_Code/startup_MK64F12.S
|
||||
Project_Settings/Startup_Code/system_MK64F12.h
|
||||
@@ -0,0 +1,50 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>wolfSSL_HW</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
||||
<triggers>clean,full,incremental,</triggers>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
||||
<triggers>full,incremental,</triggers>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
||||
<nature>org.eclipse.cdt.core.ccnature</nature>
|
||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
||||
</natures>
|
||||
<linkedResources>
|
||||
<link>
|
||||
<name>src</name>
|
||||
<type>2</type>
|
||||
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/src</locationURI>
|
||||
</link>
|
||||
<link>
|
||||
<name>wolfcrypt</name>
|
||||
<type>2</type>
|
||||
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt</locationURI>
|
||||
</link>
|
||||
<link>
|
||||
<name>wolfssl</name>
|
||||
<type>2</type>
|
||||
<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfssl</locationURI>
|
||||
</link>
|
||||
</linkedResources>
|
||||
<variableList>
|
||||
<variable>
|
||||
<name>PROJECT_KSDK_PATH</name>
|
||||
<value>file:/.KSDK_1.3.0</value>
|
||||
</variable>
|
||||
</variableList>
|
||||
</projectDescription>
|
||||
@@ -0,0 +1,2 @@
|
||||
eclipse.preferences.version=1
|
||||
versionGenerated/versionGenerated=1.0.0.RT7_b1550-0615
|
||||
@@ -0,0 +1,6 @@
|
||||
#define FREESCALE_KSDK_BM
|
||||
#define FREESCALE_KSDK_1_3
|
||||
#define FSL_HW_CRYPTO_MANUAL_SELECTION
|
||||
#define NO_MAIN_DRIVER
|
||||
#define USE_CERT_BUFFERS_1024
|
||||
#define ECC_USER_CURVES
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
## Overview
|
||||
|
||||
This port is for the tenAsys INtime RTOS available [here](http://www.tenasys.com/tenasys-products/intime-rtos-family/overview-rtos).
|
||||
This port is for the tenAsys INtime RTOS available [here](http://www.tenasys.com/intime).
|
||||
|
||||
To enable use the define `INTIME_RTOS`.
|
||||
|
||||
@@ -148,7 +148,7 @@ Client connected successfully
|
||||
Using Non-Blocking I/O: 0
|
||||
Message for server: Client:
|
||||
|
||||
Recieved: I hear ya fa shizzle!
|
||||
Received: I hear ya fa shizzle!
|
||||
|
||||
The client has closed the connection.
|
||||
```
|
||||
|
||||
@@ -13,9 +13,6 @@ extern "C" {
|
||||
#undef INTIME_RTOS
|
||||
#define INTIME_RTOS
|
||||
|
||||
#undef INTIME_RTOS_MUTEX_MAX
|
||||
#define INTIME_RTOS_MUTEX_MAX 10
|
||||
|
||||
#undef WOLF_EXAMPLES_STACK
|
||||
#define WOLF_EXAMPLES_STACK 65536
|
||||
|
||||
|
||||
@@ -122,7 +122,7 @@ int wolfExample_TLSClient(const char* ip, int port)
|
||||
printf("Read error. Error: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
printf("Recieved: \t%s\n", rcvBuff);
|
||||
printf("Received: \t%s\n", rcvBuff);
|
||||
}
|
||||
|
||||
exit:
|
||||
|
||||
+1
-1
@@ -10,4 +10,4 @@ include IDE/ROWLEY-CROSSWORKS-ARM/include.am
|
||||
include IDE/ARDUINO/include.am
|
||||
include IDE/INTIME-RTOS/include.am
|
||||
|
||||
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO
|
||||
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR
|
||||
|
||||
+12
-1
@@ -54,7 +54,18 @@ CLEANFILES+= cert.der \
|
||||
pkcs7envelopedDataAES128CBC.der \
|
||||
pkcs7envelopedDataAES192CBC.der \
|
||||
pkcs7envelopedDataAES256CBC.der \
|
||||
pkcs7signedData.der
|
||||
pkcs7signedData_RSA_SHA.der \
|
||||
pkcs7signedData_RSA_SHA_noattr.der \
|
||||
pkcs7signedData_RSA_SHA224.der \
|
||||
pkcs7signedData_RSA_SHA256.der \
|
||||
pkcs7signedData_RSA_SHA384.der \
|
||||
pkcs7signedData_RSA_SHA512.der \
|
||||
pkcs7signedData_ECDSA_SHA.der \
|
||||
pkcs7signedData_ECDSA_SHA_noattr.der \
|
||||
pkcs7signedData_ECDSA_SHA224.der \
|
||||
pkcs7signedData_ECDSA_SHA256.der \
|
||||
pkcs7signedData_ECDSA_SHA384.der \
|
||||
pkcs7signedData_ECDSA_SHA512.der
|
||||
|
||||
exampledir = $(docdir)/example
|
||||
dist_example_DATA=
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
Note 1)
|
||||
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
|
||||
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
|
||||
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
|
||||
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
|
||||
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
|
||||
key cipher suites with
|
||||
WOLFSSL_STATIC_DH
|
||||
@@ -12,11 +12,11 @@ key cipher suites with
|
||||
WOLFSSL_STATIC_PSK
|
||||
|
||||
though static key cipher suites are deprecated and will be removed from future
|
||||
versions of TLS. They also lower your security by removing PFS. Since current
|
||||
versions of TLS. They also lower your security by removing PFS. Since current
|
||||
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
|
||||
used in order to build with NTRU suites.
|
||||
|
||||
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
|
||||
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
|
||||
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
|
||||
in the event that you desire that, i.e., you're not using TLS cipher suites.
|
||||
|
||||
@@ -34,6 +34,71 @@ before calling wolfSSL_new(); Though it's not recommended.
|
||||
|
||||
*** end Notes ***
|
||||
|
||||
********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
|
||||
|
||||
Release 3.11.0 of wolfSSL has bug fixes and new features including:
|
||||
|
||||
- Code updates for warnings reported by Coverity scans
|
||||
- Testing and warning fixes for FreeBSD on PowerPC
|
||||
- Updates and refactoring done to ASN1 parsing functions
|
||||
- Change max PSK identity buffer to account for an identity length of 128 characters
|
||||
- Update Arduino script to handle recent files and additions
|
||||
- Added support for PKCS#7 Signed Data with ECDSA
|
||||
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
|
||||
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
|
||||
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
|
||||
- Added support for HAproxy load balancer
|
||||
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
|
||||
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
|
||||
- Fix to not send session ID on server side if session cache is off unless we're echoing
|
||||
session ID as part of session tickets
|
||||
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
|
||||
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
|
||||
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
|
||||
- Fixes for TLS elliptic curve selection on private key import.
|
||||
- Fixes for RNG with Intel rdrand and rdseed speedups.
|
||||
- Improved performance with Intel rdrand to use full 64-bit output
|
||||
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
|
||||
- Removed RNG ARC4 support
|
||||
- Added ECC helpers to get size and id from curve name.
|
||||
- Added ECC Cofactor DH (ECC-CDH) support
|
||||
- Added ECC private key only import / export functions.
|
||||
- Added PKCS8 create function
|
||||
- Improvements to TLS layer CTX handling for switching keys / certs.
|
||||
- Added check for duplicate certificate policy OID in certificates.
|
||||
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
|
||||
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
|
||||
- Fixes for building CRL with Windows
|
||||
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
|
||||
- Added port for tenAsys INtime RTOS
|
||||
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
|
||||
- Updated WPA Supplicant support
|
||||
- Added support for Nginx
|
||||
- Update stunnel port for version 5.40
|
||||
- Fixes for STM32 hardware crypto acceleration
|
||||
- Extended test code coverage in bundled test.c
|
||||
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
|
||||
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
|
||||
|
||||
|
||||
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
|
||||
|
||||
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
|
||||
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
|
||||
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
|
||||
- Fix for a double free case when adding CA cert into X509_store.
|
||||
|
||||
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
|
||||
|
||||
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
|
||||
|
||||
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
|
||||
|
||||
|
||||
See INSTALL file for build instructions.
|
||||
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
|
||||
|
||||
|
||||
********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
|
||||
|
||||
Release 3.10.2 of wolfSSL has bug fixes and new features including:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
```
|
||||
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
|
||||
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
|
||||
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
|
||||
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
|
||||
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
|
||||
key cipher suites with
|
||||
WOLFSSL_STATIC_DH
|
||||
@@ -13,12 +13,12 @@ key cipher suites with
|
||||
WOLFSSL_STATIC_PSK
|
||||
|
||||
though static key cipher suites are deprecated and will be removed from future
|
||||
versions of TLS. They also lower your security by removing PFS. Since current
|
||||
versions of TLS. They also lower your security by removing PFS. Since current
|
||||
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
|
||||
used in order to build with NTRU suites.
|
||||
|
||||
|
||||
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
|
||||
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
|
||||
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
|
||||
in the event that you desire that, i.e., you're not using TLS cipher suites.
|
||||
```
|
||||
@@ -38,6 +38,71 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
before calling wolfSSL_new(); Though it's not recommended.
|
||||
```
|
||||
|
||||
# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
|
||||
|
||||
## Release 3.11.0 of wolfSSL has bug fixes and new features including:
|
||||
|
||||
- Code updates for warnings reported by Coverity scans
|
||||
- Testing and warning fixes for FreeBSD on PowerPC
|
||||
- Updates and refactoring done to ASN1 parsing functions
|
||||
- Change max PSK identity buffer to account for an identity length of 128 characters
|
||||
- Update Arduino script to handle recent files and additions
|
||||
- Added support for PKCS#7 Signed Data with ECDSA
|
||||
- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
|
||||
- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug.
|
||||
- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
|
||||
- Added support for HAproxy load balancer
|
||||
- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
|
||||
- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
|
||||
- Fix to not send session ID on server side if session cache is off unless we're echoing
|
||||
session ID as part of session tickets
|
||||
- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
|
||||
- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
|
||||
- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
|
||||
- Fixes for TLS elliptic curve selection on private key import.
|
||||
- Fixes for RNG with Intel rdrand and rdseed speedups.
|
||||
- Improved performance with Intel rdrand to use full 64-bit output
|
||||
- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
|
||||
- Removed RNG ARC4 support
|
||||
- Added ECC helpers to get size and id from curve name.
|
||||
- Added ECC Cofactor DH (ECC-CDH) support
|
||||
- Added ECC private key only import / export functions.
|
||||
- Added PKCS8 create function
|
||||
- Improvements to TLS layer CTX handling for switching keys / certs.
|
||||
- Added check for duplicate certificate policy OID in certificates.
|
||||
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
|
||||
- Reduce heap usage with fast math when not using ALT_ECC_SIZE
|
||||
- Fixes for building CRL with Windows
|
||||
- Added support for inline CRL lookup when HAVE_CRL_IO is defined
|
||||
- Added port for tenAsys INtime RTOS
|
||||
- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
|
||||
- Updated WPA Supplicant support
|
||||
- Added support for Nginx
|
||||
- Update stunnel port for version 5.40
|
||||
- Fixes for STM32 hardware crypto acceleration
|
||||
- Extended test code coverage in bundled test.c
|
||||
- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
|
||||
- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
|
||||
|
||||
This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
|
||||
|
||||
3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
|
||||
- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
|
||||
- Fix for DH key accepted by wc_DhAgree when the key was malformed.
|
||||
- Fix for a double free case when adding CA cert into X509_store.
|
||||
|
||||
Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
|
||||
|
||||
|
||||
Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
|
||||
|
||||
Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
|
||||
|
||||
|
||||
See INSTALL file for build instructions.
|
||||
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
|
||||
|
||||
|
||||
# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
|
||||
|
||||
## Release 3.10.2 of wolfSSL has bug fixes and new features including:
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
# 1024/client-cert.pem
|
||||
# server-ecc-comp.pem
|
||||
# client-ca.pem
|
||||
# test/digsigku.pem
|
||||
# updates the following crls:
|
||||
# crl/cliCrl.pem
|
||||
# crl/crl.pem
|
||||
@@ -225,6 +226,22 @@ function run_renewcerts(){
|
||||
echo ""
|
||||
cat client-cert.pem client-ecc-cert.pem > client-ca.pem
|
||||
|
||||
############################################################
|
||||
###### update the self-signed test/digsigku.pem ##########
|
||||
############################################################
|
||||
echo "Updating test/digsigku.pem"
|
||||
echo ""
|
||||
#pipe the following arguments to openssl req...
|
||||
echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
|
||||
|
||||
|
||||
openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
|
||||
rm digsigku.csr
|
||||
|
||||
openssl x509 -in digsigku.pem -text > tmp.pem
|
||||
mv tmp.pem digsigku.pem
|
||||
mv digsigku.pem test/digsigku.pem
|
||||
|
||||
############################################################
|
||||
########## make .der files from .pem files #################
|
||||
############################################################
|
||||
|
||||
@@ -163,6 +163,13 @@ userNotice.1=@policy_usr
|
||||
[ policy_usr ]
|
||||
explicitText="Test of duplicate OIDs with different qualifiers"
|
||||
|
||||
# create certificate without the digitalSignature bit set and uses sha1 sig
|
||||
[ digsigku ]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints=critical, CA:TRUE
|
||||
keyUsage=critical, nonRepudiation, keyEncipherment
|
||||
|
||||
#tsa default
|
||||
[ tsa ]
|
||||
default_tsa = tsa_config1
|
||||
|
||||
+23
-18
@@ -1,17 +1,16 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
e3:81:4b:48:a5:70:61:70
|
||||
Signature Algorithm: ecdsa-with-SHA1
|
||||
Serial Number: 16393466893990650224 (0xe3814b48a5706170)
|
||||
Signature Algorithm: ecdsa-with-SHA1
|
||||
Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
|
||||
Validity
|
||||
Not Before: Sep 10 00:45:36 2014 GMT
|
||||
Not After : Jun 6 00:45:36 2017 GMT
|
||||
Not Before: May 3 00:07:20 2017 GMT
|
||||
Not After : Jan 28 00:07:20 2020 GMT
|
||||
Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: id-ecPublicKey
|
||||
EC Public Key:
|
||||
Public-Key: (256 bit)
|
||||
pub:
|
||||
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
|
||||
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
|
||||
@@ -19,34 +18,40 @@ Certificate:
|
||||
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
|
||||
0b:80:34:89:d8
|
||||
ASN1 OID: prime256v1
|
||||
NIST CURVE: P-256
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
|
||||
DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
|
||||
serial:E3:81:4B:48:A5:70:61:70
|
||||
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Non Repudiation, Key Encipherment
|
||||
Signature Algorithm: ecdsa-with-SHA1
|
||||
30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae:
|
||||
c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18:
|
||||
65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c:
|
||||
e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00
|
||||
30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e:
|
||||
b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24:
|
||||
2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb:
|
||||
89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
|
||||
MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
|
||||
AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
|
||||
VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
|
||||
b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx
|
||||
MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
|
||||
b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw
|
||||
MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
|
||||
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
|
||||
aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
|
||||
CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
|
||||
AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
|
||||
l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
|
||||
K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2
|
||||
7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi
|
||||
puPT5p95PCnYxn2I9GAMSAA=
|
||||
l5Ihf/DPGNqREQI0huggWDMLgDSJ2KOCAQ0wggEJMB0GA1UdDgQWBBRdXSbvrH42
|
||||
+Zt2FStKJQIj77KJMDCBxgYDVR0jBIG+MIG7gBRdXSbvrH42+Zt2FStKJQIj77KJ
|
||||
MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
|
||||
BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
|
||||
ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
|
||||
QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
|
||||
/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk
|
||||
Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
+89
-9
@@ -6,7 +6,7 @@
|
||||
#
|
||||
#
|
||||
|
||||
AC_INIT([wolfssl],[3.10.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
|
||||
AC_INIT([wolfssl],[3.11.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
|
||||
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
|
||||
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
|
||||
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
|
||||
|
||||
#shared library versioning
|
||||
WOLFSSL_LIBRARY_VERSION=11:0:0
|
||||
WOLFSSL_LIBRARY_VERSION=12:0:0
|
||||
# | | |
|
||||
# +------+ | +---+
|
||||
# | | |
|
||||
@@ -140,6 +140,7 @@ then
|
||||
enable_shared=yes
|
||||
enable_static=yes
|
||||
enable_dtls=yes
|
||||
enable_tls13=yes
|
||||
enable_openssh=yes
|
||||
enable_opensslextra=yes
|
||||
enable_savesession=yes
|
||||
@@ -148,6 +149,7 @@ then
|
||||
enable_pkcallbacks=yes
|
||||
enable_aesgcm=yes
|
||||
enable_aesccm=yes
|
||||
enable_aesctr=yes
|
||||
enable_camellia=yes
|
||||
enable_ripemd=yes
|
||||
enable_sha512=yes
|
||||
@@ -190,6 +192,7 @@ then
|
||||
enable_certservice=yes
|
||||
enable_jni=yes
|
||||
enable_lighty=yes
|
||||
enable_haproxy=yes
|
||||
enable_stunnel=yes
|
||||
enable_nginx=yes
|
||||
enable_pwdbased=yes
|
||||
@@ -231,6 +234,22 @@ then
|
||||
fi
|
||||
|
||||
|
||||
# TLS v1.3
|
||||
AC_ARG_ENABLE([tls13],
|
||||
[ --enable-tls13 Enable wolfSSL TLS v1.3 (default: disabled)],
|
||||
[ ENABLED_TLS13=$enableval ],
|
||||
[ ENABLED_TLS13=no ]
|
||||
)
|
||||
if test "$ENABLED_TLS13" = "yes"
|
||||
then
|
||||
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_FFDHE_2048 $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWC_RSA_PSS $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
# check if TLS v1.3 was enabled for conditionally running tls13.test script
|
||||
AM_CONDITIONAL([BUILD_TLS13], [test "x$ENABLED_TLS13" = "xyes"])
|
||||
|
||||
|
||||
AC_ARG_ENABLE([rng],
|
||||
[AS_HELP_STRING([--enable-rng Enable compiling and using RNG (default: enabled)])],
|
||||
[ ENABLED_RNG=$enableval ],
|
||||
@@ -280,6 +299,14 @@ AC_ARG_ENABLE([nginx],
|
||||
[ ENABLED_NGINX=no ]
|
||||
)
|
||||
|
||||
# haproxy compatibility build
|
||||
AC_ARG_ENABLE([haproxy],
|
||||
[ --enable-haproxy Enable haproxy (default: disabled)],
|
||||
[ ENABLED_HAPROXY=$enableval ],
|
||||
[ ENABLED_HAPROXY=no ]
|
||||
)
|
||||
|
||||
|
||||
# OPENSSL Extra Compatibility
|
||||
AC_ARG_ENABLE([opensslextra],
|
||||
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
|
||||
@@ -602,6 +629,23 @@ fi
|
||||
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
|
||||
|
||||
|
||||
# AES-CTR
|
||||
AC_ARG_ENABLE([aesctr],
|
||||
[ --enable-aesctr Enable wolfSSL AES-CTR support (default: disabled)],
|
||||
[ ENABLED_AESCTR=$enableval ],
|
||||
[ ENABLED_AESCTR=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_AESCTR" = "yes"
|
||||
then
|
||||
if test "x$ENABLED_FORTRESS" != "xyes"
|
||||
then
|
||||
# This is already implied by fortress build
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# AES-ARM
|
||||
AC_ARG_ENABLE([armasm],
|
||||
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
|
||||
@@ -818,6 +862,10 @@ if test "x$ENABLED_NGINX" = "xyes"
|
||||
then
|
||||
ENABLED_SESSIONCERTS=yes
|
||||
fi
|
||||
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
|
||||
then
|
||||
ENABLED_SESSIONCERTS=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SESSIONCERTS" = "yes"
|
||||
then
|
||||
@@ -903,6 +951,10 @@ AC_ARG_ENABLE([hkdf],
|
||||
[ ENABLED_HKDF=$enableval ],
|
||||
[ ENABLED_HKDF=no ]
|
||||
)
|
||||
if test "$ENABLED_TLS13" = "yes"
|
||||
then
|
||||
ENABLED_HKDF="yes"
|
||||
fi
|
||||
if test "$ENABLED_HKDF" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
|
||||
@@ -1369,6 +1421,10 @@ then
|
||||
then
|
||||
AC_MSG_ERROR([AESCCM requires AES.])
|
||||
fi
|
||||
if test "$ENABLED_AESCTR" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([AESCTR requires AES.])
|
||||
fi
|
||||
else
|
||||
# turn off AES if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
@@ -1806,9 +1862,10 @@ AC_ARG_ENABLE([ocspstapling],
|
||||
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
ENABLED_CERTIFICATE_STATUS_REQUEST=yes
|
||||
echo "ELLO"
|
||||
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
|
||||
fi
|
||||
|
||||
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
|
||||
@@ -1833,7 +1890,7 @@ AC_ARG_ENABLE([ocspstapling2],
|
||||
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
|
||||
fi
|
||||
@@ -1861,7 +1918,7 @@ AC_ARG_ENABLE([crl],
|
||||
)
|
||||
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes"
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
ENABLED_CRL=yes
|
||||
fi
|
||||
@@ -2138,7 +2195,7 @@ AC_ARG_ENABLE([session-ticket],
|
||||
[ ENABLED_SESSION_TICKET=no ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes"
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
ENABLED_SESSION_TICKET=yes
|
||||
fi
|
||||
@@ -2167,7 +2224,7 @@ AC_ARG_ENABLE([tlsx],
|
||||
[ ENABLED_TLSX=no ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes"
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
ENABLED_TLSX=yes
|
||||
fi
|
||||
@@ -2418,6 +2475,21 @@ fi
|
||||
if test "$ENABLED_NGINX" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_HAPROXY" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
|
||||
# Requires opensslextra make sure on
|
||||
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
||||
then
|
||||
ENABLED_OPENSSLEXTRA="yes"
|
||||
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
||||
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
|
||||
@@ -3023,7 +3095,12 @@ AC_ARG_ENABLE([mcapi],
|
||||
|
||||
if test "$ENABLED_MCAPI" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
|
||||
if test "x$ENABLED_AESCTR" != "xyes"
|
||||
then
|
||||
# These flags are already implied by --enable-aesctr
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
|
||||
@@ -3516,6 +3593,7 @@ echo " * AES: $ENABLED_AES"
|
||||
echo " * AES-NI: $ENABLED_AESNI"
|
||||
echo " * AES-GCM: $ENABLED_AESGCM"
|
||||
echo " * AES-CCM: $ENABLED_AESCCM"
|
||||
echo " * AES-CTR: $ENABLED_AESCTR"
|
||||
echo " * DES3: $ENABLED_DES3"
|
||||
echo " * IDEA: $ENABLED_IDEA"
|
||||
echo " * Camellia: $ENABLED_CAMELLIA"
|
||||
@@ -3559,6 +3637,7 @@ echo " * CODING: $ENABLED_CODING"
|
||||
echo " * MEMORY: $ENABLED_MEMORY"
|
||||
echo " * I/O POOL: $ENABLED_IOPOOL"
|
||||
echo " * LIGHTY: $ENABLED_LIGHTY"
|
||||
echo " * HAPROXY: $ENABLED_HAPROXY"
|
||||
echo " * STUNNEL: $ENABLED_STUNNEL"
|
||||
echo " * NGINX: $ENABLED_NGINX"
|
||||
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
|
||||
@@ -3566,6 +3645,7 @@ echo " * DTLS: $ENABLED_DTLS"
|
||||
echo " * SCTP: $ENABLED_SCTP"
|
||||
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
|
||||
echo " * SSL version 3.0: $ENABLED_SSLV3"
|
||||
echo " * TLS v1.3: $ENABLED_TLS13"
|
||||
echo " * OCSP: $ENABLED_OCSP"
|
||||
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
|
||||
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
|
||||
|
||||
+124
-87
@@ -165,6 +165,11 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
#ifndef NO_SESSION_CACHE
|
||||
WOLFSSL_SESSION* benchSession = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte* reply[80];
|
||||
char msg[] = "hello wolfssl!";
|
||||
#endif
|
||||
|
||||
(void)resumeSession;
|
||||
|
||||
while (loops--) {
|
||||
@@ -179,6 +184,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
if (ssl == NULL)
|
||||
err_sys("unable to get SSL object");
|
||||
|
||||
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
@@ -206,6 +212,16 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
err_sys("SSL_connect failed");
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (resumeSession) {
|
||||
if (wolfSSL_write(ssl, msg, sizeof(msg)-1) <= 0)
|
||||
err_sys("SSL_write failed");
|
||||
|
||||
if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0)
|
||||
err_sys("SSL_read failed");
|
||||
}
|
||||
#endif
|
||||
|
||||
wolfSSL_shutdown(ssl);
|
||||
#ifndef NO_SESSION_CACHE
|
||||
if (i == (times-1) && resumeSession) {
|
||||
@@ -242,6 +258,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("unable to get SSL object");
|
||||
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
|
||||
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
|
||||
err_sys("error in setting fd");
|
||||
@@ -408,15 +425,13 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
if (sockfd == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
|
||||
/* S: 220 <host> SMTP service ready */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received");
|
||||
}
|
||||
@@ -427,12 +442,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
err_sys("failed to send STARTTLS EHLO command\n");
|
||||
|
||||
/* S: 250 <host> offers a warm hug of welcome */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received");
|
||||
}
|
||||
@@ -444,12 +459,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
}
|
||||
|
||||
/* S: 220 Go ahead */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received, expected 220");
|
||||
}
|
||||
@@ -538,7 +553,6 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("-B <num> Benchmark throughput using <num> bytes and print stats\n");
|
||||
printf("-s Use pre Shared keys\n");
|
||||
printf("-t Track wolfSSL memory use\n");
|
||||
printf("-d Disable peer checks\n");
|
||||
printf("-D Override Date Errors example\n");
|
||||
printf("-e List Every cipher suite available, \n");
|
||||
@@ -601,6 +615,18 @@ static void Usage(void)
|
||||
#endif
|
||||
#ifdef HAVE_WNR
|
||||
printf("-q <file> Whitewood config file, default %s\n", wnrConfig);
|
||||
#endif
|
||||
printf("-H Force use of the default cipher suite list\n");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
printf("-J Use HelloRetryRequest to choose group for KE\n");
|
||||
printf("-K Key Exchange for PSK not using (EC)DHE\n");
|
||||
printf("-I Update keys and IVs before sending data\n");
|
||||
#ifndef NO_DH
|
||||
printf("-y Key Share with FFDHE named groups only\n");
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
printf("-Y Key Share with ECC named groups only\n");
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -693,6 +719,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
byte disableExtMasterSecret = 0;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int helloRetry = 0;
|
||||
int onlyKeyShare = 0;
|
||||
int noPskDheKe = 0;
|
||||
#endif
|
||||
int updateKeysIVs = 0;
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
int useOcsp = 0;
|
||||
@@ -730,14 +762,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
(void)minDhKeyBits;
|
||||
(void)alpnList;
|
||||
(void)alpn_opt;
|
||||
(void)updateKeysIVs;
|
||||
|
||||
StackTrap();
|
||||
|
||||
#ifndef WOLFSSL_VXWORKS
|
||||
/* Not used: j, t, y, I, J, K, Q, Y */
|
||||
/* Not used: j, t, Q */
|
||||
while ((ch = mygetopt(argc, argv, "?"
|
||||
"ab:c:defgh:ik:l:mnop:q:rsuv:wxz"
|
||||
"A:B:CDE:F:GHL:M:NO:PRS:TUVW:XZ:")) != -1) {
|
||||
"ab:c:defgh:ik:l:mnop:q:rsuv:wxyz"
|
||||
"A:B:CDE:F:GHIJKL:M:NO:PRS:TUVW:XYZ:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
@@ -830,7 +863,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
case 'v' :
|
||||
version = atoi(myoptarg);
|
||||
if (version < 0 || version > 3) {
|
||||
if (version < 0 || version > 4) {
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
}
|
||||
@@ -1007,6 +1040,35 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'J' :
|
||||
#ifdef WOLFSSL_TLS13
|
||||
helloRetry = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'K' :
|
||||
#ifdef WOLFSSL_TLS13
|
||||
noPskDheKe = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'I' :
|
||||
#ifdef WOLFSSL_TLS13
|
||||
updateKeysIVs = 1;
|
||||
#endif
|
||||
|
||||
case 'y' :
|
||||
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
|
||||
onlyKeyShare = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'Y' :
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
|
||||
onlyKeyShare = 2;
|
||||
#endif
|
||||
break;
|
||||
|
||||
default:
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
@@ -1130,6 +1192,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
case 3:
|
||||
method = wolfTLSv1_2_client_method();
|
||||
break;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case 4:
|
||||
method = wolfTLSv1_3_client_method();
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
@@ -1405,6 +1472,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (noPskDheKe)
|
||||
wolfSSL_CTX_no_dhe_psk(ctx);
|
||||
#endif
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
@@ -1415,45 +1487,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
wolfSSL_KeepArrays(ssl);
|
||||
#endif
|
||||
|
||||
#if 0 /* all enabled and supported ECC curves will be added automatically */
|
||||
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp256r1");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (!helloRetry) {
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
||||
err_sys("unable to use DH 2048-bit parameters");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP384R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp384r1");
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to use curve secp256r1");
|
||||
}
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to use curve secp384r1");
|
||||
}
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP521R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp521r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP224R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp224r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP192R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp192r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp160r1");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
wolfSSL_NoKeyShares(ssl);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
@@ -1718,6 +1774,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (updateKeysIVs)
|
||||
wolfSSL_update_keys(ssl);
|
||||
#endif
|
||||
|
||||
do {
|
||||
err = 0; /* reset error */
|
||||
ret = wolfSSL_write(ssl, msg, msgSz);
|
||||
@@ -1751,7 +1812,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
} while (err == WC_PENDING_E);
|
||||
} while (err == WC_PENDING_E || err == SSL_ERROR_WANT_READ);
|
||||
if (ret > 0) {
|
||||
reply[ret] = 0;
|
||||
printf("Server response: %s\n", reply);
|
||||
@@ -1852,45 +1913,21 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
|
||||
(void*)"resumed session");
|
||||
#endif
|
||||
#if 0 /* all enabled and supported ECC curves will be added automatically */
|
||||
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp256r1");
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
||||
err_sys("unable to use DH 2048-bit parameters");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp384r1");
|
||||
#endif
|
||||
if (wolfSSL_UseKeyShare(sslResume,
|
||||
WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) {
|
||||
err_sys("unable to use curve secp256r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp521r1");
|
||||
if (wolfSSL_UseKeyShare(sslResume,
|
||||
WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) {
|
||||
err_sys("unable to use curve secp384r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp224r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp192r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
|
||||
!= SSL_SUCCESS) {
|
||||
wolfSSL_free(sslResume);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("unable to set curve secp160r1");
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_CALLBACKS
|
||||
|
||||
@@ -304,7 +304,11 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("-g Return basic HTML web page\n");
|
||||
printf("-C <num> The number of connections to accept, default: 1\n");
|
||||
printf("-U Force use of the default cipher suite list\n");
|
||||
printf("-H Force use of the default cipher suite list\n");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
printf("-K Key Exchange for PSK not using (EC)DHE\n");
|
||||
printf("-U Update keys and IVs before sending\n");
|
||||
#endif
|
||||
}
|
||||
|
||||
THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
@@ -386,6 +390,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
const char* wnrConfigFile = wnrConfig;
|
||||
#endif
|
||||
char buffer[CYASSL_MAX_ERROR_SZ];
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int noPskDheKe = 0;
|
||||
#endif
|
||||
int updateKeysIVs = 0;
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|
||||
@@ -421,6 +429,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
(void)alpn_opt;
|
||||
(void)crlFlags;
|
||||
(void)readySignal;
|
||||
(void)updateKeysIVs;
|
||||
|
||||
#ifdef CYASSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -429,10 +438,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
#ifdef WOLFSSL_VXWORKS
|
||||
useAnyAddr = 1;
|
||||
#else
|
||||
/* Not Used: h, m, t, x, y, z, F, J, K, M, Q, T, U, V, W, X, Y */
|
||||
/* Not Used: h, m, t, x, y, z, F, J, M, Q, T, V, W, X, Y */
|
||||
while ((ch = mygetopt(argc, argv, "?"
|
||||
"abc:defgijk:l:nop:q:rsuv:w"
|
||||
"A:B:C:D:E:GHIL:NO:PR:S:YZ:")) != -1) {
|
||||
"A:B:C:D:E:GHIKL:NO:PR:S:UYZ:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
@@ -500,7 +509,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
|
||||
case 'v' :
|
||||
version = atoi(myoptarg);
|
||||
if (version < 0 || version > 3) {
|
||||
if (version < 0 || version > 4) {
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
}
|
||||
@@ -634,6 +643,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
useWebServerMsg = 1;
|
||||
break;
|
||||
|
||||
case 'K' :
|
||||
#ifdef WOLFSSL_TLS13
|
||||
noPskDheKe = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'U' :
|
||||
#ifdef WOLFSSL_TLS13
|
||||
updateKeysIVs = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
default:
|
||||
Usage();
|
||||
exit(MY_EX_USAGE);
|
||||
@@ -696,6 +717,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case 4:
|
||||
method = wolfTLSv1_3_server_method_ex;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
#ifndef NO_OLD_TLS
|
||||
case -1:
|
||||
@@ -914,6 +941,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
wolfSSL_CTX_UseAsync(ctx, devId);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (noPskDheKe)
|
||||
wolfSSL_CTX_no_dhe_psk(ctx);
|
||||
#endif
|
||||
|
||||
while (1) {
|
||||
/* allow resume option */
|
||||
if (resumeCount > 1) {
|
||||
@@ -1174,6 +1206,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
printf("Client message: %s\n", input);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (updateKeysIVs)
|
||||
wolfSSL_update_keys(ssl);
|
||||
#endif
|
||||
|
||||
/* Write data */
|
||||
if (!useWebServerMsg) {
|
||||
write_msg = msg;
|
||||
@@ -1196,7 +1233,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
} while (err == WC_PENDING_E);
|
||||
} while (err == WC_PENDING_E || err == SSL_ERROR_WANT_WRITE);
|
||||
if (ret != write_msg_sz) {
|
||||
printf("SSL_write msg error %d, %s\n", err,
|
||||
ERR_error_string(err, buffer));
|
||||
|
||||
+7
-2
@@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_docdir}/wolfssl/README.txt
|
||||
%{_libdir}/libwolfssl.la
|
||||
%{_libdir}/libwolfssl.so
|
||||
%{_libdir}/libwolfssl.so.11
|
||||
%{_libdir}/libwolfssl.so.11.0.0
|
||||
%{_libdir}/libwolfssl.so.12
|
||||
%{_libdir}/libwolfssl.so.12.0.0
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
@@ -159,6 +159,7 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_includedir}/cyassl/openssl/rsa.h
|
||||
%{_includedir}/cyassl/openssl/sha.h
|
||||
%{_includedir}/cyassl/openssl/ssl.h
|
||||
%{_includedir}/cyassl/openssl/ssl23.h
|
||||
%{_includedir}/cyassl/openssl/stack.h
|
||||
%{_includedir}/cyassl/openssl/ui.h
|
||||
%{_includedir}/cyassl/openssl/x509.h
|
||||
@@ -172,6 +173,7 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_includedir}/wolfssl/callbacks.h
|
||||
%{_includedir}/wolfssl/certs_test.h
|
||||
%{_includedir}/wolfssl/crl.h
|
||||
%{_includedir}/wolfssl/io.h
|
||||
%{_includedir}/wolfssl/wolfcrypt/aes.h
|
||||
%{_includedir}/wolfssl/wolfcrypt/cmac.h
|
||||
%{_includedir}/wolfssl/wolfcrypt/arc4.h
|
||||
@@ -264,6 +266,7 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_includedir}/wolfssl/openssl/rsa.h
|
||||
%{_includedir}/wolfssl/openssl/sha.h
|
||||
%{_includedir}/wolfssl/openssl/ssl.h
|
||||
%{_includedir}/wolfssl/openssl/ssl23.h
|
||||
%{_includedir}/wolfssl/openssl/stack.h
|
||||
%{_includedir}/wolfssl/openssl/ui.h
|
||||
%{_includedir}/wolfssl/openssl/x509.h
|
||||
@@ -277,6 +280,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_libdir}/pkgconfig/wolfssl.pc
|
||||
|
||||
%changelog
|
||||
* Thu May 04 2017 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
- Added header for wolfssl/io.h, wolfssl/openssl/ssl23.h, cyassl/openssl/ssl23.h
|
||||
* Thu Feb 09 2017 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
- Added header for wolfssl/wolfcrypt/wolfmath.h
|
||||
* Fri Nov 11 2016 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
|
||||
@@ -62,6 +62,10 @@ dist_noinst_SCRIPTS+= scripts/openssl.test
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_TLS13
|
||||
dist_noinst_SCRIPTS+= scripts/tls13.test
|
||||
endif
|
||||
|
||||
EXTRA_DIST += scripts/testsuite.pcap \
|
||||
scripts/ping.test
|
||||
|
||||
|
||||
Executable
+312
@@ -0,0 +1,312 @@
|
||||
#!/bin/sh
|
||||
|
||||
# tls13.test
|
||||
# copyright wolfSSL 2016
|
||||
|
||||
# getting unique port is modeled after resume.test script
|
||||
# need a unique port since may run the same time as testsuite
|
||||
# use server port zero hack to get one
|
||||
port=0
|
||||
no_pid=-1
|
||||
server_pid=$no_pid
|
||||
counter=0
|
||||
# let's use absolute path to a local dir (make distcheck may be in sub dir)
|
||||
# also let's add some randomness by adding pid in case multiple 'make check's
|
||||
# per source tree
|
||||
ready_file=`pwd`/wolfssl_psk_ready$$
|
||||
|
||||
echo "ready file $ready_file"
|
||||
|
||||
create_port() {
|
||||
while [ ! -s $ready_file -a "$counter" -lt 50 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
if test -e $ready_file; then
|
||||
echo -e "found ready file, starting client..."
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
port=`cat $ready_file`
|
||||
else
|
||||
echo -e "NO ready file ending test..."
|
||||
do_cleanup
|
||||
fi
|
||||
}
|
||||
|
||||
remove_ready_file() {
|
||||
if test -e $ready_file; then
|
||||
echo -e "removing existing ready file"
|
||||
rm $ready_file
|
||||
fi
|
||||
}
|
||||
|
||||
do_cleanup() {
|
||||
echo "in cleanup"
|
||||
|
||||
if [ $server_pid != $no_pid ]
|
||||
then
|
||||
echo "killing server"
|
||||
kill -9 $server_pid
|
||||
fi
|
||||
remove_ready_file
|
||||
}
|
||||
|
||||
do_trap() {
|
||||
echo "got trap"
|
||||
do_cleanup
|
||||
exit -1
|
||||
}
|
||||
|
||||
trap do_trap INT TERM
|
||||
|
||||
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
||||
|
||||
# Usual TLS v1.3 server / TLS v1.3 client.
|
||||
echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 not enabled"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client.
|
||||
echo -e "\n\nTLS v1.3 HelloRetryRequest"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -J -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 HelloRetryRequest not working"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Resumption TLS v1.3 server / TLS v1.3 client.
|
||||
echo -e "\n\nTLS v1.3 resumption"
|
||||
port=0
|
||||
./examples/server/server -v 4 -r -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -r -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 resumption not working"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Usual TLS v1.3 server / TLS v1.3 client and ECC certificates.
|
||||
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC certificates"
|
||||
port=0
|
||||
./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -A certs/server-ecc.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 ECC certificates not working"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Usual TLS v1.3 server / TLS v1.3 client and DH Key.
|
||||
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - DH Key Exchange"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -y -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 DH Key Exchange not working"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Usual TLS v1.3 server / TLS v1.3 client and ECC Key.
|
||||
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC Key Exchange"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -Y -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nTLS v1.3 ECDH Key Exchange not working"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suites"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - only TLS v1.3"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-GCM SHA-256"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-GCM SHA-256"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suite - AES256-GCM SHA-384"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES256-GCM-SHA384 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES256-GCM SHA-384"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - CHACHA20-POLY1305 SHA-256"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
./examples/client/client -v 4 -e 2>&1 | grep -- '-CCM'
|
||||
if [ $? -eq 0 ]; then
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM SHA-256"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-SHA256 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM SHA-256"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 cipher suites server / client.
|
||||
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM-8 SHA-256"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-8-SHA256 &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM-8 SHA-256"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# TLS 1.3 server / TLS 1.2 client.
|
||||
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
|
||||
port=0
|
||||
./examples/server/server -v 4 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 3 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.2 server / TLS 1.3 client.
|
||||
echo -e "\n\nTLS v1.3 client downgrading to TLS v1.2"
|
||||
port=0
|
||||
./examples/server/server -v 3 -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 client downgrading to TLS v1.2"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data.
|
||||
echo -e "\n\nTLS v1.3 KeyUpdate"
|
||||
port=0
|
||||
./examples/server/server -v 4 -U -R $ready_file -p $port &
|
||||
server_pid=$!
|
||||
create_port
|
||||
./examples/client/client -v 4 -I -p $port
|
||||
RESULT=$?
|
||||
remove_ready_file
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echo -e "\n\nIssue with TLS v1.3 KeyUpdate"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
echo -e "\nALL Tests Passed"
|
||||
|
||||
exit 0
|
||||
|
||||
+2
-1
@@ -262,7 +262,8 @@ src_libwolfssl_la_SOURCES += \
|
||||
src/io.c \
|
||||
src/keys.c \
|
||||
src/ssl.c \
|
||||
src/tls.c
|
||||
src/tls.c \
|
||||
src/tls13.c
|
||||
|
||||
if BUILD_OCSP
|
||||
src_libwolfssl_la_SOURCES += src/ocsp.c
|
||||
|
||||
+991
-416
File diff suppressed because it is too large
Load Diff
@@ -1024,45 +1024,72 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
||||
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
|
||||
char reqSzStr[6];
|
||||
char* req = (char*)buf;
|
||||
const char* blankStr = " ";
|
||||
const char* http11Str = " HTTP/1.1";
|
||||
const char* hostStr = "\r\nHost: ";
|
||||
const char* contentLenStr = "\r\nContent-Length: ";
|
||||
const char* contentTypeStr = "\r\nContent-Type: ";
|
||||
const char* doubleCrLfStr = "\r\n\r\n";
|
||||
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
|
||||
contentTypeStrLen, doubleCrLfStrLen;
|
||||
|
||||
reqTypeLen = (word32)XSTRLEN(reqType);
|
||||
domainNameLen = (word32)XSTRLEN(domainName);
|
||||
reqSzStrLen = wolfIO_Word16ToString(reqSzStr, (word16)reqSz);
|
||||
contentTypeLen = (word32)XSTRLEN(contentType);
|
||||
|
||||
/* determine max length */
|
||||
maxLen = reqTypeLen + domainNameLen + pathLen + reqSzStrLen + contentTypeLen + 56;
|
||||
blankStrLen = (word32)XSTRLEN(blankStr);
|
||||
http11StrLen = (word32)XSTRLEN(http11Str);
|
||||
hostStrLen = (word32)XSTRLEN(hostStr);
|
||||
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
|
||||
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
|
||||
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
|
||||
|
||||
/* determine max length and check it */
|
||||
maxLen =
|
||||
reqTypeLen +
|
||||
blankStrLen +
|
||||
pathLen +
|
||||
http11StrLen +
|
||||
hostStrLen +
|
||||
domainNameLen +
|
||||
contentLenStrLen +
|
||||
reqSzStrLen +
|
||||
contentTypeStrLen +
|
||||
contentTypeLen +
|
||||
doubleCrLfStrLen +
|
||||
1 /* null term */;
|
||||
if (maxLen > (word32)bufSize)
|
||||
return 0;
|
||||
|
||||
XSTRNCPY((char*)buf, reqType, reqTypeLen);
|
||||
buf += reqTypeLen;
|
||||
XSTRNCPY((char*)buf, " ", 1);
|
||||
buf += 1;
|
||||
XSTRNCPY((char*)buf, blankStr, blankStrLen+1);
|
||||
buf += blankStrLen;
|
||||
XSTRNCPY((char*)buf, path, pathLen);
|
||||
buf += pathLen;
|
||||
XSTRNCPY((char*)buf, " HTTP/1.1", 9);
|
||||
buf += 9;
|
||||
XSTRNCPY((char*)buf, http11Str, http11StrLen+1);
|
||||
buf += http11StrLen;
|
||||
if (domainNameLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nHost: ", 8);
|
||||
buf += 8;
|
||||
XSTRNCPY((char*)buf, hostStr, hostStrLen+1);
|
||||
buf += hostStrLen;
|
||||
XSTRNCPY((char*)buf, domainName, domainNameLen);
|
||||
buf += domainNameLen;
|
||||
}
|
||||
if (reqSz > 0 && reqSzStrLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
|
||||
buf += 18;
|
||||
XSTRNCPY((char*)buf, contentLenStr, contentLenStrLen+1);
|
||||
buf += contentLenStrLen;
|
||||
XSTRNCPY((char*)buf, reqSzStr, reqSzStrLen);
|
||||
buf += reqSzStrLen;
|
||||
}
|
||||
if (contentTypeLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nContent-Type: ", 16);
|
||||
buf += 16;
|
||||
XSTRNCPY((char*)buf, contentTypeStr, contentTypeStrLen+1);
|
||||
buf += contentTypeStrLen;
|
||||
XSTRNCPY((char*)buf, contentType, contentTypeLen);
|
||||
buf += contentTypeLen;
|
||||
}
|
||||
XSTRNCPY((char*)buf, "\r\n\r\n", 4);
|
||||
buf += 4;
|
||||
XSTRNCPY((char*)buf, doubleCrLfStr, doubleCrLfStrLen+1);
|
||||
buf += doubleCrLfStrLen;
|
||||
|
||||
#ifdef WOLFIO_DEBUG
|
||||
printf("HTTP %s: %s", reqType, req);
|
||||
@@ -1221,7 +1248,6 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz)
|
||||
domainName = (char*)XMALLOC(MAX_URL_ITEM_SIZE, crl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (domainName == NULL) {
|
||||
XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
+112
-8
@@ -1053,8 +1053,109 @@ int SetCipherSpecs(WOLFSSL* ssl)
|
||||
return UNSUPPORTED_SUITE;
|
||||
} /* switch */
|
||||
} /* if */
|
||||
if (ssl->options.cipherSuite0 != ECC_BYTE &&
|
||||
ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
|
||||
|
||||
/* TLSi v1.3 cipher suites, 0x13 */
|
||||
if (ssl->options.cipherSuite0 == TLS13_BYTE) {
|
||||
switch (ssl->options.cipherSuite) {
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#ifdef BUILD_TLS_AES_128_GCM_SHA256
|
||||
case TLS_AES_128_GCM_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = 0;
|
||||
ssl->specs.sig_algo = 0;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AESGCM_NONCE_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_AES_256_GCM_SHA384
|
||||
case TLS_AES_256_GCM_SHA384 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = 0;
|
||||
ssl->specs.sig_algo = 0;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AESGCM_NONCE_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
|
||||
case TLS_CHACHA20_POLY1305_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = 0;
|
||||
ssl->specs.sig_algo = 0;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
|
||||
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = CHACHA20_IV_SIZE;
|
||||
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
|
||||
ssl->options.oldPoly = 0; /* use recent padding RFC */
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_AES_128_CCM_SHA256
|
||||
case TLS_AES_128_CCM_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = 0;
|
||||
ssl->specs.sig_algo = 0;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AESGCM_NONCE_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_AES_128_CCM_8_SHA256
|
||||
case TLS_AES_128_CCM_8_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = 0;
|
||||
ssl->specs.sig_algo = 0;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AESGCM_NONCE_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
}
|
||||
}
|
||||
|
||||
if (ssl->options.cipherSuite0 != ECC_BYTE &&
|
||||
ssl->options.cipherSuite0 != CHACHA_BYTE &&
|
||||
ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
|
||||
switch (ssl->options.cipherSuite) {
|
||||
|
||||
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||
@@ -1993,8 +2094,11 @@ int SetCipherSpecs(WOLFSSL* ssl)
|
||||
#ifndef NO_TLS
|
||||
ssl->options.tls = 1;
|
||||
ssl->hmac = TLS_hmac;
|
||||
if (ssl->version.minor >= 2)
|
||||
if (ssl->version.minor >= 2) {
|
||||
ssl->options.tls1_1 = 1;
|
||||
if (ssl->version.minor >= 4)
|
||||
ssl->options.tls1_3 = 1;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -2278,7 +2382,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
|
||||
if (enc->des3 == NULL)
|
||||
return MEMORY_E;
|
||||
XMEMSET(enc->des3, 0, sizeof(Aes));
|
||||
XMEMSET(enc->des3, 0, sizeof(Des3));
|
||||
}
|
||||
if (dec) {
|
||||
if (dec->des3 == NULL)
|
||||
@@ -2452,14 +2556,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
specs->key_size);
|
||||
if (gcmRet != 0) return gcmRet;
|
||||
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
|
||||
AESGCM_IMP_IV_SZ);
|
||||
AEAD_MAX_IMP_SZ);
|
||||
}
|
||||
if (dec) {
|
||||
gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
|
||||
specs->key_size);
|
||||
if (gcmRet != 0) return gcmRet;
|
||||
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
|
||||
AESGCM_IMP_IV_SZ);
|
||||
AEAD_MAX_IMP_SZ);
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -2468,14 +2572,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
specs->key_size);
|
||||
if (gcmRet != 0) return gcmRet;
|
||||
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
|
||||
AESGCM_IMP_IV_SZ);
|
||||
AEAD_MAX_IMP_SZ);
|
||||
}
|
||||
if (dec) {
|
||||
gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
|
||||
specs->key_size);
|
||||
if (gcmRet != 0) return gcmRet;
|
||||
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
|
||||
AESGCM_IMP_IV_SZ);
|
||||
AEAD_MAX_IMP_SZ);
|
||||
}
|
||||
}
|
||||
if (enc)
|
||||
|
||||
+34
-15
@@ -110,9 +110,9 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
|
||||
}
|
||||
|
||||
|
||||
static int xstat2err(int stat)
|
||||
static int xstat2err(int st)
|
||||
{
|
||||
switch (stat) {
|
||||
switch (st) {
|
||||
case CERT_GOOD:
|
||||
return 0;
|
||||
case CERT_REVOKED:
|
||||
@@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
||||
if (ret != OCSP_INVALID_STATUS)
|
||||
return ret;
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
|
||||
ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
|
||||
if (ret == 0) {
|
||||
@@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
|
||||
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
|
||||
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
|
||||
@@ -537,7 +537,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
if (cm == NULL)
|
||||
return NULL;
|
||||
|
||||
|
||||
ret = AllocDer(&derCert, issuer->derCert->length,
|
||||
issuer->derCert->type, NULL);
|
||||
if (ret == 0) {
|
||||
@@ -556,8 +555,13 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
else
|
||||
InitOcspRequest(certId, &cert, 0, NULL);
|
||||
else {
|
||||
ret = InitOcspRequest(certId, &cert, 0, NULL);
|
||||
if (ret != 0) {
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
}
|
||||
FreeDecodedCert(&cert);
|
||||
}
|
||||
|
||||
@@ -608,7 +612,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
byte* p;
|
||||
int len;
|
||||
int dataAlloced = 0;
|
||||
OcspResponse* ret;
|
||||
OcspResponse* ret = NULL;
|
||||
|
||||
if (bio == NULL)
|
||||
return NULL;
|
||||
@@ -624,9 +628,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
long l;
|
||||
|
||||
i = XFTELL(bio->file);
|
||||
if (i < 0)
|
||||
return NULL;
|
||||
XFSEEK(bio->file, 0, SEEK_END);
|
||||
l = XFTELL(bio->file);
|
||||
if (l < 0)
|
||||
return NULL;
|
||||
XFSEEK(bio->file, i, SEEK_SET);
|
||||
|
||||
/* check calulated length */
|
||||
if (l - i <= 0)
|
||||
return NULL;
|
||||
|
||||
data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
@@ -637,8 +650,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
else
|
||||
return NULL;
|
||||
|
||||
p = data;
|
||||
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
|
||||
if (len > 0) {
|
||||
p = data;
|
||||
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
|
||||
}
|
||||
|
||||
if (dataAlloced)
|
||||
XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -687,8 +702,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
GetSequence(*data, &idx, &length, len);
|
||||
(*data) += idx + length;
|
||||
if (GetSequence(*data, &idx, &length, len) >= 0)
|
||||
(*data) += idx + length;
|
||||
|
||||
return resp;
|
||||
}
|
||||
@@ -742,11 +757,15 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (bs->status == NULL || bs->source == NULL) {
|
||||
if (bs->status) XFREE(bs->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wolfSSL_OCSP_RESPONSE_free(bs);
|
||||
bs = NULL;
|
||||
}
|
||||
XMEMCPY(bs->status, response->status, sizeof(CertStatus));
|
||||
XMEMCPY(bs->source, response->source, response->maxIdx);
|
||||
else {
|
||||
XMEMCPY(bs->status, response->status, sizeof(CertStatus));
|
||||
XMEMCPY(bs->source, response->source, response->maxIdx);
|
||||
}
|
||||
return bs;
|
||||
}
|
||||
|
||||
@@ -765,7 +784,7 @@ OcspRequest* wolfSSL_OCSP_REQUEST_new(void)
|
||||
void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
|
||||
{
|
||||
FreeOcspRequest(request);
|
||||
XFREE(request, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(request, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
|
||||
|
||||
+10
-2
@@ -1175,9 +1175,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = (int)XFREAD(loadBuf, fileSz, 1, file);
|
||||
ret = (int)XFREAD(loadBuf, 1, fileSz, file);
|
||||
XFCLOSE(file);
|
||||
|
||||
if (ret != fileSz) {
|
||||
free(loadBuf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (typeKey == SSL_FILETYPE_PEM) {
|
||||
byte* saveBuf = (byte*)malloc(fileSz);
|
||||
int saveBufSz = 0;
|
||||
@@ -2208,6 +2213,9 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
|
||||
case wolfssl_aes_gcm:
|
||||
if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
|
||||
{
|
||||
/* scratch buffer, sniffer ignores auth tag*/
|
||||
byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
|
||||
|
||||
byte nonce[AESGCM_NONCE_SZ];
|
||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
|
||||
XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
|
||||
@@ -2217,7 +2225,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
|
||||
input + AESGCM_EXP_IV_SZ,
|
||||
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
nonce, AESGCM_NONCE_SZ,
|
||||
NULL, 0,
|
||||
authTag, sizeof(authTag),
|
||||
NULL, 0) < 0) {
|
||||
Trace(BAD_DECRYPT);
|
||||
ret = -1;
|
||||
|
||||
+5425
File diff suppressed because it is too large
Load Diff
+1
-1
@@ -5,6 +5,6 @@ includedir=${prefix}/include
|
||||
|
||||
Name: wolfssl
|
||||
Description: wolfssl C library.
|
||||
Version: 3.10.4
|
||||
Version: 3.11.0
|
||||
Libs: -L${libdir} -lwolfssl
|
||||
Cflags: -I${includedir}
|
||||
|
||||
+37
-4
@@ -373,8 +373,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
|
||||
|
||||
/* invalid ca file */
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
|
||||
|
||||
|
||||
#ifndef WOLFSSL_TIRTOS
|
||||
/* invalid path */
|
||||
@@ -2031,7 +2032,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
|
||||
{
|
||||
#if !defined(NO_CERTS) && !defined(NO_RSA)
|
||||
#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \
|
||||
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE))
|
||||
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY)
|
||||
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
|
||||
|
||||
{
|
||||
@@ -4108,7 +4109,39 @@ static void test_wolfSSL_BIO(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_DES_ecb_encrypt(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
|
||||
WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
|
||||
WOLFSSL_DES_key_schedule key;
|
||||
|
||||
printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
|
||||
|
||||
XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
|
||||
XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
|
||||
XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
|
||||
XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
|
||||
XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
|
||||
XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
|
||||
XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
|
||||
|
||||
/* Encrypt messages */
|
||||
wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
|
||||
wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
|
||||
|
||||
/* Decrypt messages */
|
||||
int ret1 = 0;
|
||||
int ret2 = 0;
|
||||
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
|
||||
ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
|
||||
AssertIntEQ(ret1,0);
|
||||
wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
|
||||
ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
|
||||
AssertIntEQ(ret2,0);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
}
|
||||
/*----------------------------------------------------------------------------*
|
||||
| wolfCrypt ASN
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -4466,7 +4499,7 @@ void ApiTest(void)
|
||||
test_wolfSSL_set_options();
|
||||
test_wolfSSL_PEM_read_bio();
|
||||
test_wolfSSL_BIO();
|
||||
|
||||
test_wolfSSL_DES_ecb_encrypt();
|
||||
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
|
||||
|
||||
/* wolfCrypt ASN tests */
|
||||
|
||||
@@ -20,6 +20,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
|
||||
endif
|
||||
EXTRA_DIST += tests/unit.h
|
||||
EXTRA_DIST += tests/test.conf \
|
||||
tests/test-tls13.conf \
|
||||
tests/test-qsh.conf \
|
||||
tests/test-psk-no-id.conf \
|
||||
tests/test-dtls.conf \
|
||||
|
||||
@@ -564,6 +564,16 @@ int SuiteTest(void)
|
||||
/* any extra cases will need another argument */
|
||||
args.argc = 2;
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
/* add TLSv13 extra suites */
|
||||
strcpy(argv0[1], "tests/test-tls13.conf");
|
||||
printf("starting TLSv13 extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
/* add dtls extra suites */
|
||||
strcpy(argv0[1], "tests/test-dtls.conf");
|
||||
|
||||
@@ -0,0 +1,95 @@
|
||||
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
|
||||
-v 4
|
||||
-l TLS13-CHACH20-POLY1305-SHA256
|
||||
|
||||
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
|
||||
-v 4
|
||||
-l TLS13-CHACH20-POLY1305-SHA256
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-SHA256
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-SHA256
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-8-SHA256
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-8-SHA256
|
||||
|
||||
# server TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
|
||||
-v 4
|
||||
-l TLS13-CHACH20-POLY1305-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.3 TLS13-CHACH20-POLY1305-SHA256
|
||||
-v 4
|
||||
-l TLS13-CHACH20-POLY1305-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-GCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-GCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.3 TLS13-AES256-GCM-SHA384
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-CCM-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-8-SHA256
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.3 TLS13-AES128-CCM-8-SHA256
|
||||
-v 4
|
||||
-l TLS13-AES128-CCM-8-SHA256
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
@@ -52,6 +52,11 @@
|
||||
#else
|
||||
#include <nio.h>
|
||||
#endif
|
||||
#elif defined(FREESCALE_KSDK_BM)
|
||||
#include "fsl_debug_console.h"
|
||||
#include "fsl_os_abstraction.h"
|
||||
#undef printf
|
||||
#define printf PRINTF
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
@@ -592,12 +597,13 @@ static INLINE int bench_stats_sym_check(double start)
|
||||
|
||||
static void bench_stats_sym_finish(const char* desc, int doAsync, int count, double start)
|
||||
{
|
||||
double total, persec;
|
||||
double total, persec = 0;
|
||||
|
||||
END_INTEL_CYCLES
|
||||
total = current_time(0) - start;
|
||||
|
||||
persec = 1 / total * count;
|
||||
if (count > 0)
|
||||
persec = 1 / total * count;
|
||||
#ifdef BENCH_EMBEDDED
|
||||
/* since using kB, convert to MB/s */
|
||||
persec = persec / 1024;
|
||||
@@ -615,13 +621,19 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, dou
|
||||
#endif
|
||||
}
|
||||
|
||||
static void bench_stats_asym_finish(const char* algo, int strength,
|
||||
/* declare here rather than creating a static function to avoid warning of not
|
||||
* used in the case of something like a leanpsk only build */
|
||||
void bench_stats_asym_finish(const char* algo, int strength,
|
||||
const char* desc, int doAsync, int count, double start);
|
||||
|
||||
void bench_stats_asym_finish(const char* algo, int strength,
|
||||
const char* desc, int doAsync, int count, double start)
|
||||
{
|
||||
double total, each, opsSec, milliEach;
|
||||
double total, each = 0, opsSec, milliEach;
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / count; /* per second */
|
||||
if (count > 0)
|
||||
each = total / count; /* per second */
|
||||
opsSec = count / total; /* ops/per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
@@ -1315,7 +1327,11 @@ void bench_poly1305()
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
|
||||
ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
|
||||
if (ret != 0) {
|
||||
printf("Poly1305Update failed: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
wc_Poly1305Final(&enc, mac);
|
||||
count += i;
|
||||
@@ -1570,7 +1586,7 @@ void bench_chacha(void)
|
||||
void bench_chacha20_poly1305_aead(void)
|
||||
{
|
||||
double start;
|
||||
int i, count;
|
||||
int ret, i, count;
|
||||
|
||||
byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
|
||||
XMEMSET(authTag, 0, sizeof(authTag));
|
||||
@@ -1578,8 +1594,12 @@ void bench_chacha20_poly1305_aead(void)
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
|
||||
ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
|
||||
bench_plain, BENCH_SIZE, bench_cipher, authTag);
|
||||
if (ret < 0) {
|
||||
printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
@@ -2110,14 +2130,14 @@ void bench_cmac(void)
|
||||
double start;
|
||||
int ret, i, count;
|
||||
|
||||
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
|
||||
if (ret != 0) {
|
||||
printf("InitCmac failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
|
||||
if (ret != 0) {
|
||||
printf("InitCmac failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE);
|
||||
if (ret != 0) {
|
||||
@@ -2125,6 +2145,7 @@ void bench_cmac(void)
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* Note: final force zero's the Cmac struct */
|
||||
ret = wc_CmacFinal(&cmac, digest, &digestSz);
|
||||
if (ret != 0) {
|
||||
printf("CmacFinal failed, ret = %d\n", ret);
|
||||
@@ -2281,7 +2302,9 @@ void bench_rsa(int doAsync)
|
||||
}
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
wc_RsaSetRNG(&rsaKey[i], &rng);
|
||||
ret = wc_RsaSetRNG(&rsaKey[i], &rng);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
#endif
|
||||
|
||||
/* decode the private key */
|
||||
@@ -3014,11 +3037,24 @@ void bench_eccEncrypt(void)
|
||||
int ret, i, count;
|
||||
double start;
|
||||
|
||||
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
|
||||
ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
printf("wc_ecc_encrypt make key A failed: %d\n", ret);
|
||||
return;
|
||||
}
|
||||
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
printf("wc_ecc_encrypt make key B failed: %d\n", ret);
|
||||
wc_ecc_free(&userA);
|
||||
return;
|
||||
}
|
||||
|
||||
wc_ecc_make_key(&rng, keySize, &userA);
|
||||
wc_ecc_make_key(&rng, keySize, &userB);
|
||||
ret = wc_ecc_make_key(&rng, keySize, &userA);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
ret = wc_ecc_make_key(&rng, keySize, &userB);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
|
||||
for (i = 0; i < (int)sizeof(msg); i++)
|
||||
msg[i] = i;
|
||||
@@ -3053,6 +3089,12 @@ exit_enc:
|
||||
exit_dec:
|
||||
bench_stats_asym_finish("ECC", keySize * 8, "decrypt", 0, count, start);
|
||||
|
||||
exit:
|
||||
|
||||
if (ret != 0) {
|
||||
printf("bench_eccEncrypt failed! %d\n", ret);
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
wc_ecc_free(&userB);
|
||||
wc_ecc_free(&userA);
|
||||
@@ -3065,14 +3107,18 @@ void bench_curve25519KeyGen(void)
|
||||
{
|
||||
curve25519_key genKey;
|
||||
double start;
|
||||
int i, count;
|
||||
int ret, i, count;
|
||||
|
||||
/* Key Gen */
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < genTimes; i++) {
|
||||
wc_curve25519_make_key(&rng, 32, &genKey);
|
||||
ret = wc_curve25519_make_key(&rng, 32, &genKey);
|
||||
wc_curve25519_free(&genKey);
|
||||
if (ret != 0) {
|
||||
printf("wc_curve25519_make_key failed: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
@@ -3098,7 +3144,8 @@ void bench_curve25519KeyAgree(void)
|
||||
}
|
||||
ret = wc_curve25519_make_key(&rng, 32, &genKey2);
|
||||
if (ret != 0) {
|
||||
printf("curve25519_make_key failed\n");
|
||||
printf("curve25519_make_key failed: %d\n", ret);
|
||||
wc_curve25519_free(&genKey);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -3109,7 +3156,7 @@ void bench_curve25519KeyAgree(void)
|
||||
x = sizeof(shared);
|
||||
ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x);
|
||||
if (ret != 0) {
|
||||
printf("curve25519_shared_secret failed\n");
|
||||
printf("curve25519_shared_secret failed: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
@@ -3288,6 +3335,13 @@ exit_ed_verify:
|
||||
return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
|
||||
}
|
||||
|
||||
#elif defined(FREESCALE_KSDK_BM)
|
||||
|
||||
double current_time(int reset)
|
||||
{
|
||||
return (double)OSA_TimeGetMsec() / 1000;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_EMBOS)
|
||||
|
||||
#include "RTOS.h"
|
||||
|
||||
+2
-4
@@ -2133,7 +2133,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
||||
{
|
||||
int ret = 0;
|
||||
CRYP_HandleTypeDef hcryp;
|
||||
|
||||
XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef));
|
||||
/* load key into correct registers */
|
||||
switch(aes->rounds) {
|
||||
case 10: /* 128-bit key */
|
||||
@@ -2148,8 +2148,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef));
|
||||
hcryp.Instance = CRYP;
|
||||
hcryp.Init.DataType = CRYP_DATATYPE_8B;
|
||||
hcryp.Init.pKey = (uint8_t*)aes->key;
|
||||
@@ -4445,7 +4443,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
|
||||
/* argument checks */
|
||||
if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
|
||||
authTag == NULL || authIn == NULL || authTagSz > AES_BLOCK_SIZE) {
|
||||
authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
+106
-79
@@ -729,7 +729,8 @@ static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
|
||||
return ret;
|
||||
|
||||
if (*len > 0) {
|
||||
if (input[*inOutIdx] == 0x00) {
|
||||
/* remove leading zero, unless there is only one 0x00 byte */
|
||||
if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
|
||||
(*inOutIdx)++;
|
||||
(*len)--;
|
||||
|
||||
@@ -985,6 +986,17 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
|
||||
if (GetLength(input, &idx, &length, maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* extra sanity check that length is greater than 0 */
|
||||
if (length <= 0) {
|
||||
WOLFSSL_MSG("Error length was 0 in CheckBitString");
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
if (idx + 1 > maxIdx) {
|
||||
WOLFSSL_MSG("Attempted buffer read larger than input buffer");
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
b = input[idx];
|
||||
if (zeroBits && b != 0x00)
|
||||
return ASN_EXPECT_0_E;
|
||||
@@ -993,11 +1005,9 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
|
||||
if (b != 0) {
|
||||
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
|
||||
return ASN_PARSE_E;
|
||||
if (((input[idx + length - 1] >> b) & 0x01) != 0x01)
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
idx++;
|
||||
length--;
|
||||
length--; /* length has been checked for greater than 0 */
|
||||
|
||||
*inOutIdx = idx;
|
||||
if (len != NULL)
|
||||
@@ -1049,19 +1059,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
|
||||
if ((val >> 8) != 0) {
|
||||
len = 2;
|
||||
lastByte = val >> 8;
|
||||
lastByte = (byte)(val >> 8);
|
||||
}
|
||||
else {
|
||||
len = 1;
|
||||
lastByte = val;
|
||||
lastByte = (byte)val;
|
||||
}
|
||||
|
||||
while (((lastByte >> unusedBits) & 0x01) == 0x00)
|
||||
unusedBits++;
|
||||
|
||||
idx = SetBitString(len, unusedBits, output);
|
||||
output[idx++] = val;
|
||||
output[idx++] = val >> 8;
|
||||
output[idx++] = (byte)val;
|
||||
output[idx++] = (byte)(val >> 8);
|
||||
|
||||
return idx;
|
||||
}
|
||||
@@ -2144,11 +2154,11 @@ static int CheckAlgo(int first, int second, int* id, int* version)
|
||||
switch (second) {
|
||||
case 1:
|
||||
*id = PBE_SHA1_RC4_128;
|
||||
*version = PKCS12;
|
||||
*version = PKCS12v1;
|
||||
return 0;
|
||||
case 3:
|
||||
*id = PBE_SHA1_DES3;
|
||||
*version = PKCS12;
|
||||
*version = PKCS12v1;
|
||||
return 0;
|
||||
default:
|
||||
return ALGO_ID_E;
|
||||
@@ -2256,7 +2266,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
|
||||
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
|
||||
salt, saltSz, iterations, derivedLen, typeH);
|
||||
#endif
|
||||
else if (version == PKCS12) {
|
||||
else if (version == PKCS12v1) {
|
||||
int i, idx = 0;
|
||||
byte unicodePasswd[MAX_UNICODE_SZ];
|
||||
|
||||
@@ -2302,7 +2312,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
|
||||
Des dec;
|
||||
byte* desIv = key + 8;
|
||||
|
||||
if (version == PKCS5v2 || version == PKCS12)
|
||||
if (version == PKCS5v2 || version == PKCS12v1)
|
||||
desIv = cbcIv;
|
||||
|
||||
ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION);
|
||||
@@ -2322,7 +2332,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
|
||||
Des3 dec;
|
||||
byte* desIv = key + 24;
|
||||
|
||||
if (version == PKCS5v2 || version == PKCS12)
|
||||
if (version == PKCS5v2 || version == PKCS12v1)
|
||||
desIv = cbcIv;
|
||||
ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION);
|
||||
if (ret != 0) {
|
||||
@@ -2371,56 +2381,63 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
int* algoID, void* heap)
|
||||
{
|
||||
word32 tmpIdx = 0;
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifdef HAVE_ECC
|
||||
ecc_key ecc;
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
RsaKey rsa;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (algoID == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
*algoID = 0;
|
||||
|
||||
#ifndef NO_RSA
|
||||
wc_InitRsaKey(&rsa, heap);
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_FreeRsaKey(&rsa);
|
||||
#endif /* NO_RSA */
|
||||
#ifdef HAVE_ECC
|
||||
if (*algoID != RSAk) {
|
||||
tmpIdx = 0;
|
||||
wc_ecc_init_ex(&ecc, heap, INVALID_DEVID);
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
|
||||
/* sanity check on arguments */
|
||||
if (curveOID == NULL || oidSz == NULL) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#ifndef NO_RSA
|
||||
if (wc_InitRsaKey(&rsa, heap) == 0) {
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_ecc_free(&ecc);
|
||||
wc_FreeRsaKey(&rsa);
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID wc_InitRsaKey failed");
|
||||
}
|
||||
#endif /* NO_RSA */
|
||||
#ifdef HAVE_ECC
|
||||
if (*algoID != RSAk) {
|
||||
tmpIdx = 0;
|
||||
if (wc_ecc_init_ex(&ecc, heap, INVALID_DEVID) == 0) {
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
|
||||
/* sanity check on arguments */
|
||||
if (curveOID == NULL || oidSz == NULL) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
}
|
||||
wc_ecc_free(&ecc);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID wc_ecc_init_ex failed");
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
/* if flag is not set then is neither RSA or ECC key that could be
|
||||
* found */
|
||||
@@ -3869,7 +3886,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
|
||||
}
|
||||
|
||||
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
int GetTimeString(byte* date, int format, char* buf, int len)
|
||||
{
|
||||
struct tm t;
|
||||
@@ -4686,7 +4703,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encodedSig, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
@@ -6404,9 +6421,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
|
||||
|
||||
/* extra header information for encrypted key */
|
||||
if (cipher_info != NULL) {
|
||||
size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info);
|
||||
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+2))
|
||||
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+2);
|
||||
|
||||
XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
|
||||
XSTRNCAT(header, "DEK-Info: ", 10);
|
||||
XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
|
||||
XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen);
|
||||
XSTRNCAT(header, "\n\n", 2);
|
||||
}
|
||||
|
||||
@@ -7386,7 +7407,7 @@ static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
|
||||
|
||||
/* encode Subject Key Identifier, return total bytes written
|
||||
* RFC5280 : non-critical */
|
||||
static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
|
||||
static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
|
||||
{
|
||||
byte skid_len[1 + MAX_LENGTH_SZ];
|
||||
byte skid_enc_len[MAX_LENGTH_SZ];
|
||||
@@ -7437,27 +7458,26 @@ static int SetAKID(byte* output, word32 outSz,
|
||||
{
|
||||
byte *enc_val;
|
||||
int ret, enc_valSz;
|
||||
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04};
|
||||
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
|
||||
static const byte akid_cs[] = { 0x80 };
|
||||
|
||||
if (output == NULL || input == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
enc_valSz = length + 3 + sizeof(akid_cs);
|
||||
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (enc_val == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
/* sequence for ContentSpec & value */
|
||||
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
|
||||
akid_cs, sizeof(akid_cs), input, length);
|
||||
if (enc_valSz == 0) {
|
||||
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return 0;
|
||||
}
|
||||
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
|
||||
input, length);
|
||||
if (ret > 0) {
|
||||
enc_valSz = ret;
|
||||
|
||||
ret = SetOidValue(output, outSz, akid_oid,
|
||||
sizeof(akid_oid), enc_val, enc_valSz);
|
||||
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
|
||||
enc_val, enc_valSz);
|
||||
}
|
||||
|
||||
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
@@ -7700,7 +7720,6 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
||||
firstSz = SetObjectId(JOINT_LEN + 1, firstLen);
|
||||
}
|
||||
thisLen += firstSz;
|
||||
thisLen++; /* object id */
|
||||
|
||||
seqSz = SetSequence(thisLen, sequence);
|
||||
thisLen += seqSz;
|
||||
@@ -7924,6 +7943,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
if (cert->skidSz > (int)sizeof(der->skid))
|
||||
return SKID_E;
|
||||
|
||||
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and
|
||||
cert (CTC_MAX_SKID_SIZE). */
|
||||
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||
cert->skid, cert->skidSz);
|
||||
if (der->skidSz <= 0)
|
||||
@@ -8645,9 +8666,11 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
|
||||
heap = eccKey->heap;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (certSignCtx == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (certSignCtx->sig == NULL) {
|
||||
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
|
||||
@@ -8984,6 +9007,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
|
||||
/* Set KeyUsage from human readable string */
|
||||
int wc_SetKeyUsage(Cert *cert, const char *value)
|
||||
{
|
||||
int ret = 0;
|
||||
char *token, *str, *ptr;
|
||||
word32 len;
|
||||
|
||||
@@ -9025,14 +9049,16 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
|
||||
cert->keyUsage |= KEYUSE_ENCIPHER_ONLY;
|
||||
else if (!XSTRNCASECMP(token, "decipherOnly", len))
|
||||
cert->keyUsage |= KEYUSE_DECIPHER_ONLY;
|
||||
else
|
||||
return KEYUSAGE_E;
|
||||
else {
|
||||
ret = KEYUSAGE_E;
|
||||
break;
|
||||
}
|
||||
|
||||
token = XSTRTOK(NULL, ",", &ptr);
|
||||
}
|
||||
|
||||
XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
|
||||
@@ -9620,7 +9646,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
/* build DER formatted ECC key, include optional public key if requested,
|
||||
* return length on success, negative on error */
|
||||
static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
|
||||
int public)
|
||||
int pubIn)
|
||||
{
|
||||
byte curve[MAX_ALGO_SZ+2];
|
||||
byte ver[MAX_VERSION_SZ];
|
||||
@@ -9661,8 +9687,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
|
||||
}
|
||||
prvidx += privSz;
|
||||
|
||||
/* public */
|
||||
if (public) {
|
||||
/* pubIn */
|
||||
if (pubIn) {
|
||||
ret = wc_ecc_export_x963(key, NULL, &pubSz);
|
||||
if (ret != LENGTH_ONLY_E) {
|
||||
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -9681,8 +9707,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
|
||||
pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx);
|
||||
else /* leading zero */
|
||||
pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx);
|
||||
|
||||
/* SetBitString adds leading zero */
|
||||
pubidx += SetBitString(pubSz, 0, pub + pubidx);
|
||||
pub[pubidx++] = (byte)0; /* leading zero */
|
||||
ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
|
||||
if (ret != 0) {
|
||||
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -9699,7 +9726,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
|
||||
totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
|
||||
if (totalSz > (int)inLen) {
|
||||
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (public) {
|
||||
if (pubIn) {
|
||||
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -9723,8 +9750,8 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen,
|
||||
XMEMCPY(output + idx, curve, curveidx);
|
||||
idx += curveidx;
|
||||
|
||||
/* public */
|
||||
if (public) {
|
||||
/* pubIn */
|
||||
if (pubIn) {
|
||||
XMEMCPY(output + idx, pub, pubidx);
|
||||
/* idx += pubidx; not used after write, if more data remove comment */
|
||||
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -9879,7 +9906,7 @@ static int DecodeSingleResponse(byte* source,
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
cs->thisDateAsn = source + idx;
|
||||
#endif
|
||||
if (GetBasicDate(source, &idx, cs->thisDate,
|
||||
@@ -9900,7 +9927,7 @@ static int DecodeSingleResponse(byte* source,
|
||||
idx++;
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
cs->nextDateAsn = source + idx;
|
||||
#endif
|
||||
if (GetBasicDate(source, &idx, cs->nextDate,
|
||||
|
||||
@@ -48,6 +48,448 @@
|
||||
/* user's own math lib */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
static const byte dh_ffdhe2048_p[] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
|
||||
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
|
||||
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
|
||||
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
|
||||
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
|
||||
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
|
||||
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
|
||||
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
|
||||
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
|
||||
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
|
||||
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
|
||||
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
|
||||
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
|
||||
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
|
||||
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
|
||||
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
|
||||
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
|
||||
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
|
||||
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
|
||||
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
|
||||
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
|
||||
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
|
||||
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
|
||||
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
|
||||
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
|
||||
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
|
||||
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
|
||||
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
|
||||
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
|
||||
0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
static const byte dh_ffdhe2048_g[] = { 0x02 };
|
||||
|
||||
const DhParams* wc_Dh_ffdhe2048_Get(void)
|
||||
{
|
||||
static const DhParams ffdhe2048 = {
|
||||
dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
|
||||
dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
|
||||
};
|
||||
return &ffdhe2048;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
static const byte dh_ffdhe3072_p[] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
|
||||
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
|
||||
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
|
||||
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
|
||||
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
|
||||
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
|
||||
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
|
||||
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
|
||||
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
|
||||
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
|
||||
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
|
||||
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
|
||||
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
|
||||
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
|
||||
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
|
||||
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
|
||||
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
|
||||
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
|
||||
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
|
||||
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
|
||||
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
|
||||
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
|
||||
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
|
||||
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
|
||||
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
|
||||
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
|
||||
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
|
||||
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
|
||||
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
|
||||
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
|
||||
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
|
||||
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
|
||||
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
|
||||
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
|
||||
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
|
||||
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
|
||||
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
|
||||
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
|
||||
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
|
||||
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
|
||||
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
|
||||
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
|
||||
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
|
||||
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
|
||||
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
|
||||
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
static const byte dh_ffdhe3072_g[] = { 0x02 };
|
||||
|
||||
const DhParams* wc_Dh_ffdhe3072_Get(void)
|
||||
{
|
||||
static const DhParams ffdhe3072 = {
|
||||
dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
|
||||
dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
|
||||
};
|
||||
return &ffdhe3072;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
static const byte dh_ffdhe4096_p[] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
|
||||
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
|
||||
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
|
||||
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
|
||||
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
|
||||
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
|
||||
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
|
||||
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
|
||||
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
|
||||
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
|
||||
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
|
||||
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
|
||||
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
|
||||
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
|
||||
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
|
||||
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
|
||||
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
|
||||
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
|
||||
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
|
||||
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
|
||||
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
|
||||
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
|
||||
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
|
||||
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
|
||||
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
|
||||
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
|
||||
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
|
||||
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
|
||||
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
|
||||
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
|
||||
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
|
||||
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
|
||||
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
|
||||
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
|
||||
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
|
||||
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
|
||||
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
|
||||
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
|
||||
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
|
||||
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
|
||||
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
|
||||
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
|
||||
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
|
||||
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
|
||||
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
|
||||
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
|
||||
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
|
||||
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
|
||||
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
|
||||
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
|
||||
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
|
||||
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
|
||||
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
|
||||
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
|
||||
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
|
||||
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
|
||||
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
|
||||
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
|
||||
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
|
||||
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
|
||||
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
|
||||
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
static const byte dh_ffdhe4096_g[] = { 0x02 };
|
||||
|
||||
const DhParams* wc_Dh_ffdhe4096_Get(void)
|
||||
{
|
||||
static const DhParams ffdhe4096 = {
|
||||
dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
|
||||
dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
|
||||
};
|
||||
return &ffdhe4096;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FFDHE_6144
|
||||
static const byte dh_ffdhe6144_p[] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
|
||||
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
|
||||
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
|
||||
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
|
||||
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
|
||||
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
|
||||
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
|
||||
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
|
||||
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
|
||||
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
|
||||
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
|
||||
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
|
||||
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
|
||||
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
|
||||
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
|
||||
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
|
||||
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
|
||||
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
|
||||
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
|
||||
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
|
||||
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
|
||||
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
|
||||
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
|
||||
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
|
||||
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
|
||||
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
|
||||
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
|
||||
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
|
||||
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
|
||||
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
|
||||
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
|
||||
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
|
||||
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
|
||||
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
|
||||
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
|
||||
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
|
||||
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
|
||||
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
|
||||
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
|
||||
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
|
||||
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
|
||||
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
|
||||
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
|
||||
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
|
||||
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
|
||||
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
|
||||
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
|
||||
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
|
||||
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
|
||||
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
|
||||
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
|
||||
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
|
||||
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
|
||||
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
|
||||
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
|
||||
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
|
||||
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
|
||||
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
|
||||
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
|
||||
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
|
||||
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
|
||||
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
|
||||
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
|
||||
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
|
||||
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
|
||||
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
|
||||
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
|
||||
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
|
||||
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
|
||||
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
|
||||
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
|
||||
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
|
||||
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
|
||||
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
|
||||
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
|
||||
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
|
||||
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
|
||||
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
|
||||
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
|
||||
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
|
||||
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
|
||||
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
|
||||
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
|
||||
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
|
||||
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
|
||||
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
|
||||
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
|
||||
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
|
||||
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
|
||||
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
|
||||
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
|
||||
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
|
||||
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
|
||||
0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
static const byte dh_ffdhe6144_g[] = { 0x02 };
|
||||
|
||||
const DhParams* wc_Dh_ffdhe6144_Get(void)
|
||||
{
|
||||
static const DhParams ffdhe6144 = {
|
||||
dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
|
||||
dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
|
||||
};
|
||||
return &ffdhe6144;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
static const byte dh_ffdhe8192_p[] = {
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
|
||||
0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
|
||||
0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
|
||||
0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
|
||||
0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
|
||||
0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
|
||||
0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
|
||||
0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
|
||||
0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
|
||||
0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
|
||||
0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
|
||||
0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
|
||||
0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
|
||||
0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
|
||||
0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
|
||||
0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
|
||||
0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
|
||||
0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
|
||||
0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
|
||||
0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
|
||||
0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
|
||||
0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
|
||||
0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
|
||||
0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
|
||||
0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
|
||||
0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
|
||||
0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
|
||||
0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
|
||||
0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
|
||||
0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
|
||||
0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
|
||||
0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
|
||||
0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
|
||||
0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
|
||||
0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
|
||||
0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
|
||||
0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
|
||||
0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
|
||||
0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
|
||||
0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
|
||||
0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
|
||||
0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
|
||||
0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
|
||||
0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
|
||||
0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
|
||||
0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
|
||||
0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
|
||||
0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
|
||||
0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
|
||||
0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
|
||||
0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
|
||||
0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
|
||||
0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
|
||||
0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
|
||||
0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
|
||||
0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
|
||||
0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
|
||||
0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
|
||||
0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
|
||||
0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
|
||||
0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
|
||||
0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
|
||||
0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
|
||||
0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
|
||||
0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
|
||||
0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
|
||||
0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
|
||||
0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
|
||||
0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
|
||||
0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
|
||||
0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
|
||||
0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
|
||||
0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
|
||||
0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
|
||||
0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
|
||||
0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
|
||||
0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
|
||||
0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
|
||||
0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
|
||||
0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
|
||||
0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
|
||||
0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
|
||||
0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
|
||||
0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
|
||||
0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
|
||||
0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
|
||||
0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
|
||||
0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
|
||||
0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
|
||||
0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
|
||||
0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
|
||||
0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
|
||||
0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
|
||||
0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
|
||||
0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
|
||||
0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
|
||||
0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
|
||||
0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
|
||||
0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
|
||||
0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
|
||||
0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
|
||||
0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
|
||||
0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
|
||||
0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
|
||||
0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
|
||||
0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
|
||||
0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
|
||||
0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
|
||||
0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
|
||||
0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
|
||||
0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
|
||||
0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
|
||||
0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
|
||||
0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
|
||||
0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
|
||||
0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
|
||||
0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
|
||||
0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
|
||||
0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
|
||||
0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
|
||||
0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
|
||||
0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
|
||||
0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
|
||||
0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
|
||||
0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
|
||||
0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
static const byte dh_ffdhe8192_g[] = { 0x02 };
|
||||
|
||||
const DhParams* wc_Dh_ffdhe8192_Get(void)
|
||||
{
|
||||
static const DhParams ffdhe8192 = {
|
||||
dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
|
||||
dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
|
||||
};
|
||||
return &ffdhe8192;
|
||||
}
|
||||
#endif
|
||||
|
||||
int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
|
||||
{
|
||||
|
||||
+24
-21
@@ -1864,6 +1864,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
err = mp_copy(P->y, y);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(P->z, z);
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
#else
|
||||
/* Use destination directly */
|
||||
x = P->x;
|
||||
@@ -1871,10 +1875,6 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
z = P->z;
|
||||
#endif
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* first map z back to normal */
|
||||
err = mp_montgomery_reduce(z, modulus, mp);
|
||||
|
||||
@@ -1913,10 +1913,11 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
err = mp_copy(y, P->y);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(z, P->z);
|
||||
#endif
|
||||
|
||||
done:
|
||||
/* clean up */
|
||||
#endif
|
||||
|
||||
/* clean up */
|
||||
mp_clear(&t1);
|
||||
mp_clear(&t2);
|
||||
|
||||
@@ -3883,12 +3884,12 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
siglen The length of the signature (octets)
|
||||
hash The hash (message digest) that was signed
|
||||
hashlen The length of the hash (octets)
|
||||
stat Result of signature, 1==valid, 0==invalid
|
||||
res Result of signature, 1==valid, 0==invalid
|
||||
key The corresponding public ECC key
|
||||
return MP_OKAY if successful (even if the signature is not valid)
|
||||
*/
|
||||
int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
word32 hashlen, int* stat, ecc_key* key)
|
||||
word32 hashlen, int* res, ecc_key* key)
|
||||
{
|
||||
int err;
|
||||
mp_int *r = NULL, *s = NULL;
|
||||
@@ -3898,7 +3899,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
s = &s_lcl;
|
||||
#endif
|
||||
|
||||
if (sig == NULL || hash == NULL || stat == NULL || key == NULL) {
|
||||
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
@@ -3908,7 +3909,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
key->state = ECC_STATE_VERIFY_DECODE;
|
||||
|
||||
/* default to invalid signature */
|
||||
*stat = 0;
|
||||
*res = 0;
|
||||
|
||||
/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
|
||||
* If either of those don't allocate correctly, none of
|
||||
@@ -3928,7 +3929,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
case ECC_STATE_VERIFY_DO:
|
||||
key->state = ECC_STATE_VERIFY_DO;
|
||||
|
||||
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, stat, key);
|
||||
err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);
|
||||
if (err < 0) {
|
||||
break;
|
||||
}
|
||||
@@ -3974,12 +3975,12 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
s The signature S component to verify
|
||||
hash The hash (message digest) that was signed
|
||||
hashlen The length of the hash (octets)
|
||||
stat Result of signature, 1==valid, 0==invalid
|
||||
res Result of signature, 1==valid, 0==invalid
|
||||
key The corresponding public ECC key
|
||||
return MP_OKAY if successful (even if the signature is not valid)
|
||||
*/
|
||||
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
word32 hashlen, int* stat, ecc_key* key)
|
||||
word32 hashlen, int* res, ecc_key* key)
|
||||
{
|
||||
int err;
|
||||
#ifndef WOLFSSL_ATECC508A
|
||||
@@ -3995,11 +3996,11 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
byte sigRS[ATECC_KEY_SIZE*2];
|
||||
#endif
|
||||
|
||||
if (r == NULL || s == NULL || hash == NULL || stat == NULL || key == NULL)
|
||||
if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL)
|
||||
return ECC_BAD_ARG_E;
|
||||
|
||||
/* default to invalid signature */
|
||||
*stat = 0;
|
||||
*res = 0;
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (wc_ecc_is_valid_idx(key->idx) != 1) {
|
||||
@@ -4016,7 +4017,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
testDev->eccVerify.s = s;
|
||||
testDev->eccVerify.hash = hash;
|
||||
testDev->eccVerify.hashlen = hashlen;
|
||||
testDev->eccVerify.stat = stat;
|
||||
testDev->eccVerify.stat = res;
|
||||
testDev->eccVerify.key = key;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
@@ -4034,7 +4035,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
return err;
|
||||
}
|
||||
|
||||
err = atcatls_verify(hash, sigRS, key->pubkey, (bool*)stat);
|
||||
err = atcatls_verify(hash, sigRS, key->pubkey, (bool*)res);
|
||||
if (err != ATCA_SUCCESS) {
|
||||
return BAD_COND_E;
|
||||
}
|
||||
@@ -4087,7 +4088,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
err = IntelQaEcdsaVerify(&key->asyncDev, &e.raw, &key->pubkey.x->raw,
|
||||
&key->pubkey.y->raw, &r->raw, &s->raw, &curve->Af->raw,
|
||||
&curve->Bf->raw, &curve->prime->raw, &curve->order->raw,
|
||||
&curve->Gx->raw, &curve->Gy->raw, stat);
|
||||
&curve->Gx->raw, &curve->Gy->raw, res);
|
||||
|
||||
mp_clear(&e);
|
||||
|
||||
@@ -4187,7 +4188,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
/* does v == r */
|
||||
if (err == MP_OKAY) {
|
||||
if (mp_cmp(&v, r) == MP_EQ)
|
||||
*stat = 1;
|
||||
*res = 1;
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
@@ -6132,8 +6133,6 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
for (y = 0; y < (1UL<<FP_LUT); y++) {
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
if (lut_orders[y].ham != (int)x) continue;
|
||||
|
||||
/* perform the add */
|
||||
@@ -6562,9 +6561,13 @@ done:
|
||||
mp_clear(&tka);
|
||||
mp_clear(&order);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (kb[0])
|
||||
#endif
|
||||
ForceZero(kb[0], KB_SIZE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (kb[1])
|
||||
#endif
|
||||
ForceZero(kb[1], KB_SIZE);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
@@ -207,11 +207,11 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
|
||||
siglen is the length of sig byte array
|
||||
msg the array of bytes containing the message
|
||||
msglen length of msg array
|
||||
stat will be 1 on successful verify and 0 on unsuccessful
|
||||
return 0 and stat of 1 on success
|
||||
res will be 1 on successful verify and 0 on unsuccessful
|
||||
return 0 and res of 1 on success
|
||||
*/
|
||||
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
|
||||
word32 msglen, int* stat, ed25519_key* key)
|
||||
word32 msglen, int* res, ed25519_key* key)
|
||||
{
|
||||
byte rcheck[ED25519_KEY_SIZE];
|
||||
byte h[SHA512_DIGEST_SIZE];
|
||||
@@ -223,11 +223,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
|
||||
Sha512 sha;
|
||||
|
||||
/* sanity check on arguments */
|
||||
if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
|
||||
if (sig == NULL || msg == NULL || res == NULL || key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* set verification failed by default */
|
||||
*stat = 0;
|
||||
*res = 0;
|
||||
|
||||
/* check on basics needed to verify signature */
|
||||
if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
|
||||
@@ -279,7 +279,7 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
|
||||
return SIG_VERIFY_E;
|
||||
|
||||
/* set the verification status */
|
||||
*stat = 1;
|
||||
*res = 1;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
+26
-22
@@ -60,7 +60,7 @@ WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void)
|
||||
WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx,
|
||||
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (ctx){
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
|
||||
wolfSSL_EVP_CIPHER_CTX_init(ctx);
|
||||
}
|
||||
return ctx;
|
||||
@@ -172,15 +172,17 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
unsigned char *out,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
switch (ctx->cipherType) {
|
||||
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
|
||||
case AES_128_CBC_TYPE:
|
||||
case AES_192_CBC_TYPE:
|
||||
case AES_256_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
else
|
||||
wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
|
||||
@@ -198,43 +200,45 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
case AES_192_ECB_TYPE:
|
||||
case AES_256_ECB_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
else
|
||||
wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
case DES_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
else
|
||||
wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
|
||||
break;
|
||||
case DES_EDE3_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
else
|
||||
wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
break;
|
||||
#if defined(WOLFSSL_DES_ECB)
|
||||
case DES_ECB_TYPE:
|
||||
wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
break;
|
||||
case DES_EDE3_ECB_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
else
|
||||
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* WOLFSSL_DES_ECB */
|
||||
#endif /* !NO_DES3 */
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
(void)in;
|
||||
(void)inl;
|
||||
(void)out;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ret != 0)
|
||||
return 0; /* failure */
|
||||
|
||||
(void)in;
|
||||
(void)inl;
|
||||
(void)out;
|
||||
|
||||
return 1; /* success */
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
@@ -327,7 +331,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
unsigned char *out, int *outl)
|
||||
{
|
||||
int fl ;
|
||||
if (ctx == NULL) return BAD_FUNC_ARG;
|
||||
if (ctx == NULL || out == NULL) return BAD_FUNC_ARG;
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
|
||||
if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
|
||||
*outl = 0;
|
||||
|
||||
+99
-65
@@ -788,40 +788,25 @@ int wolfSSL_GetHmacMaxSize(void)
|
||||
}
|
||||
|
||||
#ifdef HAVE_HKDF
|
||||
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
|
||||
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* salt, word32 saltSz,
|
||||
const byte* info, word32 infoSz,
|
||||
byte* out, word32 outSz)
|
||||
/* HMAC-KDF-Extract.
|
||||
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
||||
*
|
||||
* type The hash algorithm type.
|
||||
* salt The optional salt value.
|
||||
* saltSz The size of the salt.
|
||||
* inKey The input keying material.
|
||||
* inKeySz The size of the input keying material.
|
||||
* out The pseudorandom key with the length that of the hash.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
|
||||
const byte* inKey, word32 inKeySz, byte* out)
|
||||
{
|
||||
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper */
|
||||
Hmac myHmac;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte* tmp;
|
||||
byte* prk;
|
||||
#else
|
||||
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
|
||||
byte prk[MAX_DIGEST_SIZE];
|
||||
#endif
|
||||
int ret;
|
||||
const byte* localSalt; /* either points to user input or tmp */
|
||||
int hashSz = wc_HmacSizeByType(type);
|
||||
word32 outIdx = 0;
|
||||
byte n = 0x1;
|
||||
int ret;
|
||||
|
||||
if (hashSz < 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (prk == NULL) {
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
localSalt = salt;
|
||||
if (localSalt == NULL) {
|
||||
@@ -834,45 +819,94 @@ int wolfSSL_GetHmacMaxSize(void)
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&myHmac, prk);
|
||||
|
||||
if (ret == 0) {
|
||||
while (outIdx < outSz) {
|
||||
int tmpSz = (n == 1) ? 0 : hashSz;
|
||||
word32 left = outSz - outIdx;
|
||||
|
||||
ret = wc_HmacSetKey(&myHmac, type, prk, hashSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, info, infoSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, &n, 1);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(&myHmac, tmp);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
left = min(left, (word32)hashSz);
|
||||
XMEMCPY(out+outIdx, tmp, left);
|
||||
|
||||
outIdx += hashSz;
|
||||
n++;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
ret = wc_HmacFinal(&myHmac, out);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* HMAC-KDF-Expand.
|
||||
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
||||
*
|
||||
* type The hash algorithm type.
|
||||
* inKey The input key.
|
||||
* inKeySz The size of the input key.
|
||||
* info The application specific information.
|
||||
* infoSz The size of the application specific information.
|
||||
* out The output keying material.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* info, word32 infoSz, byte* out, word32 outSz)
|
||||
{
|
||||
byte tmp[MAX_DIGEST_SIZE];
|
||||
Hmac myHmac;
|
||||
int ret = 0;
|
||||
word32 outIdx = 0;
|
||||
word32 hashSz = wc_HmacSizeByType(type);
|
||||
byte n = 0x1;
|
||||
|
||||
while (outIdx < outSz) {
|
||||
int tmpSz = (n == 1) ? 0 : hashSz;
|
||||
word32 left = outSz - outIdx;
|
||||
|
||||
ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, info, infoSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&myHmac, &n, 1);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(&myHmac, tmp);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
left = min(left, hashSz);
|
||||
XMEMCPY(out+outIdx, tmp, left);
|
||||
|
||||
outIdx += hashSz;
|
||||
n++;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* HMAC-KDF.
|
||||
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
|
||||
*
|
||||
* type The hash algorithm type.
|
||||
* inKey The input keying material.
|
||||
* inKeySz The size of the input keying material.
|
||||
* salt The optional salt value.
|
||||
* saltSz The size of the salt.
|
||||
* info The application specific information.
|
||||
* infoSz The size of the application specific information.
|
||||
* out The output keying material.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* salt, word32 saltSz,
|
||||
const byte* info, word32 infoSz,
|
||||
byte* out, word32 outSz)
|
||||
{
|
||||
byte prk[MAX_DIGEST_SIZE];
|
||||
int hashSz = wc_HmacSizeByType(type);
|
||||
int ret;
|
||||
|
||||
if (hashSz < 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz);
|
||||
}
|
||||
|
||||
#endif /* HAVE_HKDF */
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
+17
-32
@@ -161,7 +161,7 @@ void WOLFSSL_MSG(const char* msg)
|
||||
}
|
||||
|
||||
|
||||
void WOLFSSL_BUFFER(byte* buffer, word32 length)
|
||||
void WOLFSSL_BUFFER(const byte* buffer, word32 length)
|
||||
{
|
||||
#define LINE_LEN 16
|
||||
|
||||
@@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
|
||||
* mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function
|
||||
* name where WOLFSSL_ERROR is called at.
|
||||
*/
|
||||
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
|
||||
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
|
||||
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
|
||||
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
|
||||
const char* file, void* usrCtx)
|
||||
@@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error)
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
/* Internal function that is called by wolfCrypt_Init() */
|
||||
@@ -286,25 +286,10 @@ int wc_LoggingInit(void)
|
||||
/* internal function that is called by wolfCrypt_Cleanup */
|
||||
int wc_LoggingCleanup(void)
|
||||
{
|
||||
if (wc_LockMutex(&debug_mutex) != 0) {
|
||||
WOLFSSL_MSG("Lock debug mutex failed");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
/* clear logging entries */
|
||||
wc_ClearErrorNodes();
|
||||
|
||||
/* free all nodes from error queue */
|
||||
{
|
||||
struct wc_error_queue* current;
|
||||
struct wc_error_queue* next;
|
||||
|
||||
current = (struct wc_error_queue*)wc_errors;
|
||||
while (current != NULL) {
|
||||
next = current->next;
|
||||
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
|
||||
current = next;
|
||||
}
|
||||
}
|
||||
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
/* free mutex */
|
||||
if (wc_FreeMutex(&debug_mutex) != 0) {
|
||||
WOLFSSL_MSG("Bad Mutex free");
|
||||
return BAD_MUTEX_E;
|
||||
@@ -313,10 +298,10 @@ int wc_LoggingCleanup(void)
|
||||
}
|
||||
|
||||
|
||||
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
|
||||
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
/* peek at an error node
|
||||
*
|
||||
* index : if -1 then the most recent node is looked at, otherwise search
|
||||
* idx : if -1 then the most recent node is looked at, otherwise search
|
||||
* through queue for node at the given index
|
||||
* file : pointer to internal file string
|
||||
* reason : pointer to internal error reason
|
||||
@@ -325,7 +310,7 @@ int wc_LoggingCleanup(void)
|
||||
* Returns a negative value in error case, on success returns the nodes error
|
||||
* value which is positve (absolute value)
|
||||
*/
|
||||
int wc_PeekErrorNode(int index, const char **file, const char **reason,
|
||||
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
|
||||
int *line)
|
||||
{
|
||||
struct wc_error_queue* err;
|
||||
@@ -335,7 +320,7 @@ int wc_PeekErrorNode(int index, const char **file, const char **reason,
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
|
||||
if (index < 0) {
|
||||
if (idx < 0) {
|
||||
err = wc_last_node;
|
||||
if (err == NULL) {
|
||||
WOLFSSL_MSG("No Errors in queue");
|
||||
@@ -347,7 +332,7 @@ int wc_PeekErrorNode(int index, const char **file, const char **reason,
|
||||
int i;
|
||||
|
||||
err = (struct wc_error_queue*)wc_errors;
|
||||
for (i = 0; i < index; i++) {
|
||||
for (i = 0; i < idx; i++) {
|
||||
if (err == NULL) {
|
||||
WOLFSSL_MSG("Error node not found. Bad index?");
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
@@ -441,10 +426,10 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
|
||||
}
|
||||
|
||||
/* Removes the error node at the specified index.
|
||||
* index : if -1 then the most recent node is looked at, otherwise search
|
||||
* idx : if -1 then the most recent node is looked at, otherwise search
|
||||
* through queue for node at the given index
|
||||
*/
|
||||
void wc_RemoveErrorNode(int index)
|
||||
void wc_RemoveErrorNode(int idx)
|
||||
{
|
||||
struct wc_error_queue* current;
|
||||
|
||||
@@ -453,11 +438,11 @@ void wc_RemoveErrorNode(int index)
|
||||
return;
|
||||
}
|
||||
|
||||
if (index == -1)
|
||||
if (idx == -1)
|
||||
current = wc_last_node;
|
||||
else {
|
||||
current = (struct wc_error_queue*)wc_errors;
|
||||
for (; current != NULL && index > 0; index--)
|
||||
for (; current != NULL && idx > 0; idx--)
|
||||
current = current->next;
|
||||
}
|
||||
if (current != NULL) {
|
||||
@@ -473,6 +458,8 @@ void wc_RemoveErrorNode(int index)
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
}
|
||||
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
|
||||
|
||||
/* Clears out the list of error nodes.
|
||||
*/
|
||||
void wc_ClearErrorNodes(void)
|
||||
@@ -499,8 +486,6 @@ void wc_ClearErrorNodes(void)
|
||||
wc_last_node = NULL;
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
}
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
|
||||
|
||||
|
||||
int wc_SetLoggingHeap(void* h)
|
||||
{
|
||||
|
||||
+1
-1
@@ -360,7 +360,7 @@ int wc_Md5Update(Md5* md5, const byte* data, word32 len)
|
||||
local = (byte*)md5->buffer;
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (md5->buffLen > MD5_BLOCK_SIZE)
|
||||
if (md5->buffLen >= MD5_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
while (len) {
|
||||
|
||||
+941
-230
File diff suppressed because it is too large
Load Diff
+12
-10
@@ -592,19 +592,21 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (additional == NULL && addSz > 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
/* additional allowed to be 0 */
|
||||
if (addSz > 0) {
|
||||
if (additional == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* additional data plus padding */
|
||||
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
|
||||
if (paddingLen) {
|
||||
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
|
||||
/* additional data plus padding */
|
||||
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
|
||||
if (paddingLen) {
|
||||
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* input plus padding */
|
||||
|
||||
@@ -656,7 +656,7 @@ static void scryptSalsa(word32* out, word32* in)
|
||||
out[i] = in[i] + x[i];
|
||||
#else
|
||||
for (i = 0; i < 16; i++)
|
||||
out[i] = ByteReverseWord32(in[i] + x[i]);
|
||||
out[i] = ByteReverseWord32(ByteReverseWord32(in[i]) + x[i]);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -806,15 +806,15 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
|
||||
|
||||
bSz = 128 * blockSize;
|
||||
blocksSz = bSz * parallel;
|
||||
blocks = XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
blocks = (byte*)XMALLOC(blocksSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (blocks == NULL)
|
||||
goto end;
|
||||
/* Temporary for scryptROMix. */
|
||||
v = XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
v = (byte*)XMALLOC((1 << cost) * bSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (v == NULL)
|
||||
goto end;
|
||||
/* Temporary for scryptBlockMix. */
|
||||
y = XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
y = (byte*)XMALLOC(blockSize * 128, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (y == NULL)
|
||||
goto end;
|
||||
|
||||
|
||||
+11
-12
@@ -209,7 +209,7 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
|
||||
const byte* inA, word32 inASz,
|
||||
const byte* inB, word32 inBSz)
|
||||
{
|
||||
int ret;
|
||||
int ret = DRBG_FAILURE;
|
||||
byte ctr;
|
||||
int i;
|
||||
int len;
|
||||
@@ -257,9 +257,8 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
|
||||
wc_Sha256Free(&sha);
|
||||
if (ret == 0) {
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (outSz > OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
@@ -342,8 +341,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
ret = wc_Sha256Update(&sha, data, sizeof(data));
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
if (ret == 0)
|
||||
wc_Sha256Free(&sha);
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMCPY(&checkBlock, digest, sizeof(word32));
|
||||
@@ -363,14 +361,14 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
drbg->lastBlock = checkBlock;
|
||||
}
|
||||
|
||||
if (out != NULL) {
|
||||
if (out != NULL && outSz != 0) {
|
||||
if (outSz >= OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
out += OUTPUT_BLOCK_LEN;
|
||||
array_add_one(data, DRBG_SEED_LEN);
|
||||
}
|
||||
else if (out != NULL && outSz != 0) {
|
||||
else {
|
||||
XMEMCPY(out, digest, outSz);
|
||||
outSz = 0;
|
||||
}
|
||||
@@ -430,8 +428,8 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
|
||||
ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V));
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
if (ret == 0)
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (ret == 0) {
|
||||
array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE);
|
||||
@@ -533,7 +531,8 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
|
||||
|
||||
/* configure async RNG source if available */
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, devId);
|
||||
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
|
||||
rng->heap, rng->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif
|
||||
@@ -612,7 +611,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
|
||||
if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
|
||||
return NitroxRngGenerateBlock(rng, output, sz);
|
||||
}
|
||||
#endif
|
||||
@@ -687,7 +686,7 @@ int wc_FreeRng(WC_RNG* rng)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
wolfAsync_DevCtxFree(&rng->asyncDev);
|
||||
wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_HASHDRBG
|
||||
|
||||
+144
-23
@@ -261,7 +261,7 @@ int wc_FreeRsaKey(RsaKey* key)
|
||||
}
|
||||
|
||||
|
||||
#ifndef WC_NO_RSA_OAEP
|
||||
#if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_PSS)
|
||||
/* Uses MGF1 standard as a mask generation function
|
||||
hType: hash type used
|
||||
seed: seed to use for generating mask
|
||||
@@ -572,6 +572,50 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
}
|
||||
#endif /* !WC_NO_RSA_OAEP */
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
word32 pkcsBlockLen, WC_RNG* rng, enum wc_HashType hType, int mgf,
|
||||
void* heap)
|
||||
{
|
||||
int ret;
|
||||
int hLen, i;
|
||||
byte* s;
|
||||
byte* m;
|
||||
byte* h;
|
||||
byte salt[WC_MAX_DIGEST_SIZE];
|
||||
|
||||
hLen = wc_HashGetDigestSize(hType);
|
||||
if (hLen < 0)
|
||||
return hLen;
|
||||
|
||||
s = m = pkcsBlock;
|
||||
XMEMSET(m, 0, 8);
|
||||
m += 8;
|
||||
XMEMCPY(m, input, inputLen);
|
||||
m += inputLen;
|
||||
if ((ret = wc_RNG_GenerateBlock(rng, salt, hLen)) != 0)
|
||||
return ret;
|
||||
XMEMCPY(m, salt, hLen);
|
||||
m += hLen;
|
||||
|
||||
h = pkcsBlock + pkcsBlockLen - 1 - hLen;
|
||||
if ((ret = wc_Hash(hType, s, (word32)(m - s), h, hLen)) != 0)
|
||||
return ret;
|
||||
pkcsBlock[pkcsBlockLen - 1] = 0xbc;
|
||||
|
||||
ret = RsaMGF(mgf, h, hLen, pkcsBlock, pkcsBlockLen - hLen - 1, heap);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
pkcsBlock[0] &= 0x7f;
|
||||
|
||||
m = pkcsBlock + pkcsBlockLen - 1 - hLen - hLen - 1;
|
||||
*(m++) ^= 0x01;
|
||||
for (i = 0; i < hLen; i++)
|
||||
m[i] ^= salt[i];
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
|
||||
@@ -635,16 +679,25 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
case WC_RSA_PKCSV15_PAD:
|
||||
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
|
||||
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
|
||||
padValue, rng);
|
||||
padValue, rng);
|
||||
break;
|
||||
|
||||
#ifndef WC_NO_RSA_OAEP
|
||||
case WC_RSA_OAEP_PAD:
|
||||
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
|
||||
ret = RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen,
|
||||
padValue, rng, hType, mgf, optLabel, labelLen, heap);
|
||||
padValue, rng, hType, mgf, optLabel, labelLen, heap);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
case WC_RSA_PSS_PAD:
|
||||
WOLFSSL_MSG("wolfSSL Using RSA PSS padding");
|
||||
ret = RsaPad_PSS(input, inputLen, pkcsBlock, pkcsBlockLen,
|
||||
rng, hType, mgf, heap);
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown RSA Pad Type");
|
||||
ret = RSA_PAD_E;
|
||||
@@ -748,6 +801,53 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
}
|
||||
#endif /* WC_NO_RSA_OAEP */
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
byte **output, enum wc_HashType hType, int mgf,
|
||||
void* heap)
|
||||
{
|
||||
int ret;
|
||||
byte* tmp;
|
||||
int hLen, i;
|
||||
|
||||
hLen = wc_HashGetDigestSize(hType);
|
||||
if (hLen < 0)
|
||||
return hLen;
|
||||
|
||||
if (pkcsBlock[pkcsBlockLen - 1] != 0xbc)
|
||||
return BAD_PADDING_E;
|
||||
|
||||
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen,
|
||||
tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
tmp[0] &= 0x7f;
|
||||
for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) {
|
||||
if (tmp[i] != pkcsBlock[i]) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BAD_PADDING_E;
|
||||
}
|
||||
}
|
||||
if (tmp[i] != (pkcsBlock[i] ^ 0x01)) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BAD_PADDING_E;
|
||||
}
|
||||
for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++)
|
||||
pkcsBlock[i] ^= tmp[i];
|
||||
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
*output = pkcsBlock + i;
|
||||
return hLen;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* UnPad plaintext, set start to *output, return length of plaintext,
|
||||
* < 0 on error */
|
||||
@@ -817,6 +917,14 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
case WC_RSA_PSS_PAD:
|
||||
WOLFSSL_MSG("wolfSSL Using RSA PSS un-padding");
|
||||
ret = RsaUnPad_PSS((byte*)pkcsBlock, pkcsBlockLen, out, hType, mgf,
|
||||
heap);
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown RSA UnPad Type");
|
||||
ret = RSA_PAD_E;
|
||||
@@ -1105,7 +1213,8 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
|
||||
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
|
||||
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
|
||||
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
|
||||
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD or
|
||||
WC_RSA_PSS_PAD
|
||||
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
|
||||
mgf : type of mask generation function to use
|
||||
label : optional label
|
||||
@@ -1146,17 +1255,15 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
|
||||
/* Async operations that include padding */
|
||||
if (rsa_type == RSA_PUBLIC_ENCRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_2) {
|
||||
key->state = RSA_STATE_ENCRYPT_EXPTMOD;
|
||||
key->state = RSA_STATE_ENCRYPT_RES;
|
||||
key->dataLen = key->n.raw.len;
|
||||
ret = NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
|
||||
break;
|
||||
return NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
|
||||
}
|
||||
else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_1) {
|
||||
key->state = RSA_STATE_ENCRYPT_EXPTMOD;
|
||||
key->state = RSA_STATE_ENCRYPT_RES;
|
||||
key->dataLen = key->n.raw.len;
|
||||
ret = NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
|
||||
break;
|
||||
return NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -1214,7 +1321,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
|
||||
rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
|
||||
RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
|
||||
pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
|
||||
pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
|
||||
pad_type : type of padding: WC_RSA_PKCSV15_PAD, WC_RSA_OAEP_PAD
|
||||
WC_RSA_PSS_PAD
|
||||
hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
|
||||
mgf : type of mask generation function to use
|
||||
label : optional label
|
||||
@@ -1235,29 +1343,25 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
case RSA_STATE_NONE:
|
||||
case RSA_STATE_DECRYPT_EXPTMOD:
|
||||
key->state = RSA_STATE_DECRYPT_EXPTMOD;
|
||||
key->dataLen = inLen;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
|
||||
defined(HAVE_CAVIUM)
|
||||
/* Async operations that include padding */
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
|
||||
key->dataLen = 0;
|
||||
if (rsa_type == RSA_PRIVATE_DECRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_2) {
|
||||
key->state = RSA_STATE_DECRYPT_UNPAD;
|
||||
key->state = RSA_STATE_DECRYPT_RES;
|
||||
key->data = NULL;
|
||||
ret = NitroxRsaPrivateDecrypt(in, inLen, out, outLen, key);
|
||||
if (ret > 0) {
|
||||
if (outPtr)
|
||||
*outPtr = in;
|
||||
}
|
||||
break;
|
||||
if (outPtr)
|
||||
*outPtr = in;
|
||||
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen, key);
|
||||
}
|
||||
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
|
||||
pad_value == RSA_BLOCK_TYPE_1) {
|
||||
key->state = RSA_STATE_DECRYPT_UNPAD;
|
||||
key->state = RSA_STATE_DECRYPT_RES;
|
||||
key->data = NULL;
|
||||
ret = NitroxRsaSSL_Verify(in, inLen, out, outLen, key);
|
||||
break;
|
||||
return NitroxRsaSSL_Verify(in, inLen, out, &key->dataLen, key);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -1269,7 +1373,6 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
|
||||
/* if not doing this inline then allocate a buffer for it */
|
||||
key->dataLen = inLen;
|
||||
if (outPtr == NULL) {
|
||||
key->data = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_WOLF_BIGINT);
|
||||
key->dataIsAlloc = 1;
|
||||
@@ -1324,6 +1427,11 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
|
||||
/* return event ret */
|
||||
ret = key->asyncDev.event.ret;
|
||||
if (ret == 0) {
|
||||
/* convert result */
|
||||
byte* dataLen = (byte*)&key->dataLen;
|
||||
ret = (dataLen[0] << 8) | (dataLen[1]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
@@ -1448,6 +1556,19 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
|
||||
}
|
||||
|
||||
#ifdef WC_RSA_PSS
|
||||
int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
|
||||
enum wc_HashType hash, int mgf, RsaKey* key)
|
||||
{
|
||||
WC_RNG* rng = NULL;
|
||||
#ifdef WC_RSA_BLINDING
|
||||
rng = key->rng;
|
||||
#endif
|
||||
return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
|
||||
RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD,
|
||||
hash, mgf, NULL, 0, rng);
|
||||
}
|
||||
#endif
|
||||
|
||||
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key, WC_RNG* rng)
|
||||
|
||||
+1
-1
@@ -450,7 +450,7 @@ int wc_ShaUpdate (Sha* sha, const byte* data, word32 len)
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha->buffLen > SHA_BLOCK_SIZE)
|
||||
if (sha->buffLen >= SHA_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
while (len) {
|
||||
|
||||
@@ -522,7 +522,7 @@ static int InitSha256(Sha256* sha256)
|
||||
local = (byte*)sha256->buffer;
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha256->buffLen > SHA256_BLOCK_SIZE)
|
||||
if (sha256->buffLen >= SHA256_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
SAVE_XMM_YMM; /* for Intel AVX */
|
||||
|
||||
@@ -560,7 +560,7 @@ static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
|
||||
}
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha512->buffLen > SHA512_BLOCK_SIZE)
|
||||
if (sha512->buffLen >= SHA512_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
SAVE_XMM_YMM; /* for Intel AVX */
|
||||
|
||||
+6
-3
@@ -349,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
|
||||
/* Set k = H(N, g) */
|
||||
r = SrpHashInit(&hash, srp->type);
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
|
||||
for (i = 0; (word32)i < nSz - gSz; i++)
|
||||
SrpHashUpdate(&hash, &pad, 1);
|
||||
for (i = 0; (word32)i < nSz - gSz; i++) {
|
||||
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
|
||||
}
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
|
||||
if (!r) r = SrpHashFinal(&hash, srp->k);
|
||||
|
||||
@@ -552,6 +553,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
|
||||
byte counter[4];
|
||||
int r = BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
|
||||
|
||||
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
|
||||
if (srp->key == NULL)
|
||||
return MEMORY_E;
|
||||
@@ -568,7 +571,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
|
||||
if (!r) r = SrpHashUpdate(&hash, secret, size);
|
||||
if (!r) r = SrpHashUpdate(&hash, counter, 4);
|
||||
|
||||
if(j + digestSz > srp->keySz) {
|
||||
if (j + digestSz > srp->keySz) {
|
||||
if (!r) r = SrpHashFinal(&hash, digest);
|
||||
XMEMCPY(srp->key + j, digest, srp->keySz - j);
|
||||
j = srp->keySz;
|
||||
|
||||
@@ -2283,6 +2283,8 @@ void fp_free(fp_int* a)
|
||||
/* clear one (frees) */
|
||||
void mp_clear (mp_int * a)
|
||||
{
|
||||
if (a == NULL)
|
||||
return;
|
||||
fp_clear(a);
|
||||
}
|
||||
|
||||
|
||||
+54
-31
@@ -74,17 +74,31 @@ int wolfCrypt_Init(void)
|
||||
int ret = 0;
|
||||
|
||||
if (initRefCount == 0) {
|
||||
WOLFSSL_ENTER("wolfCrypt_Init");
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_HardwareStart();
|
||||
ret = wolfAsync_HardwareStart();
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Async hardware start failed");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
InitMemoryTracker();
|
||||
ret = InitMemoryTracker();
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("InitMemoryTracker failed");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if WOLFSSL_CRYPT_HW_MUTEX
|
||||
/* If crypto hardware mutex protection is enabled, then initialize it */
|
||||
wolfSSL_CryptHwMutexInit();
|
||||
ret = wolfSSL_CryptHwMutexInit();
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Hw crypt mutex init failed");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* if defined have fast RSA then initialize Intel IPP */
|
||||
@@ -102,7 +116,11 @@ int wolfCrypt_Init(void)
|
||||
#endif
|
||||
|
||||
#if defined(FREESCALE_LTC_TFM) || defined(FREESCALE_LTC_ECC)
|
||||
ksdk_port_init();
|
||||
ret = ksdk_port_init();
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("KSDK port init failed");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ATMEL
|
||||
@@ -124,14 +142,14 @@ int wolfCrypt_Init(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifdef ECC_CACHE_CURVE
|
||||
if ((ret = wc_ecc_curve_cache_init()) != 0) {
|
||||
WOLFSSL_MSG("Error creating curve cache");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
#ifdef ECC_CACHE_CURVE
|
||||
if ((ret = wc_ecc_curve_cache_init()) != 0) {
|
||||
WOLFSSL_MSG("Error creating curve cache");
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
initRefCount = 1;
|
||||
}
|
||||
@@ -145,7 +163,8 @@ int wolfCrypt_Cleanup(void)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfCrypt_Cleanup");
|
||||
if (initRefCount == 1) {
|
||||
WOLFSSL_ENTER("wolfCrypt_Cleanup");
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifdef FP_ECC
|
||||
@@ -154,21 +173,22 @@ int wolfCrypt_Cleanup(void)
|
||||
#ifdef ECC_CACHE_CURVE
|
||||
wc_ecc_curve_cache_free();
|
||||
#endif
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
ret = wc_LoggingCleanup();
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
ret = wc_LoggingCleanup();
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
ShowMemoryTracker();
|
||||
#endif
|
||||
#if defined(WOLFSSL_TRACK_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
ShowMemoryTracker();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_HardwareStop();
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_HardwareStop();
|
||||
#endif
|
||||
|
||||
initRefCount = 0; /* allow re-init */
|
||||
initRefCount = 0; /* allow re-init */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -310,11 +330,17 @@ wolfSSL_Mutex* wc_InitAndAllocMutex()
|
||||
{
|
||||
wolfSSL_Mutex* m = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), NULL,
|
||||
DYNAMIC_TYPE_MUTEX);
|
||||
if (m && wc_InitMutex(m) == 0)
|
||||
return m;
|
||||
if (m != NULL) {
|
||||
if (wc_InitMutex(m) != 0) {
|
||||
WOLFSSL_MSG("Init Mutex failed");
|
||||
XFREE(m, NULL, DYNAMIC_TYPE_MUTEX);
|
||||
m = NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Memory error with Mutex allocation");
|
||||
}
|
||||
|
||||
XFREE(m, NULL, DYNAMIC_TYPE_MUTEX);
|
||||
m = NULL;
|
||||
return m;
|
||||
}
|
||||
|
||||
@@ -1006,9 +1032,6 @@ int wolfSSL_CryptHwMutexUnLock(void) {
|
||||
}
|
||||
|
||||
#elif defined(INTIME_RTOS)
|
||||
#ifndef INTIME_RTOS_MUTEX_MAX
|
||||
#define INTIME_RTOS_MUTEX_MAX 10
|
||||
#endif
|
||||
|
||||
int wc_InitMutex(wolfSSL_Mutex* m)
|
||||
{
|
||||
@@ -1019,7 +1042,7 @@ int wolfSSL_CryptHwMutexUnLock(void) {
|
||||
|
||||
*m = CreateRtSemaphore(
|
||||
1, /* initial unit count */
|
||||
INTIME_RTOS_MUTEX_MAX, /* maximum unit count */
|
||||
1, /* maximum unit count */
|
||||
PRIORITY_QUEUING /* creation flags: FIFO_QUEUING or PRIORITY_QUEUING */
|
||||
);
|
||||
if (*m == BAD_RTHANDLE) {
|
||||
|
||||
+635
-274
File diff suppressed because it is too large
Load Diff
+8
-1
@@ -155,12 +155,19 @@ enum wolfSSL_ErrorCodes {
|
||||
HTTP_TIMEOUT = -417, /* HTTP timeout for OCSP or CRL req */
|
||||
WRITE_DUP_READ_E = -418, /* Write dup write side can't read */
|
||||
WRITE_DUP_WRITE_E = -419, /* Write dup read side can't write */
|
||||
INVALID_CERT_CTX_E = -420, /* TLS cert ctx not matching */
|
||||
BAD_KEY_SHARE_DATA = -421, /* Key Share data invalid */
|
||||
MISSING_HANDSHAKE_DATA = -422, /* Handshake message missing data */
|
||||
BAD_BINDER = -423, /* Binder does not match */
|
||||
EXT_NOT_ALLOWED = -424, /* Extension not allowed in msg */
|
||||
INVALID_PARAMETER = -425, /* Security parameter invalid */
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
|
||||
COMPRESSION_ERROR = -502 /* compression mismatch */
|
||||
COMPRESSION_ERROR = -502, /* compression mismatch */
|
||||
KEY_SHARE_ERROR = -503 /* key share mismatch */
|
||||
/* end negotiation parameter errors only 10 for now */
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
|
||||
+306
-34
@@ -627,6 +627,29 @@ typedef byte word24[3];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
#ifdef HAVE_AESGCM
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_AES_128_GCM_SHA256
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
#define BUILD_TLS_AES_256_GCM_SHA384
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CHACHA
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_CHACHA20_POLY1305_SHA256
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_AESCCM
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_AES_128_CCM_SHA256
|
||||
#define BUILD_TLS_AES_128_CCM_8_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
|
||||
defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
|
||||
@@ -853,6 +876,13 @@ enum {
|
||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
|
||||
TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
|
||||
|
||||
/* TLS v1.3 cipher suites */
|
||||
TLS_AES_128_GCM_SHA256 = 0x01,
|
||||
TLS_AES_256_GCM_SHA384 = 0x02,
|
||||
TLS_CHACHA20_POLY1305_SHA256 = 0x03,
|
||||
TLS_AES_128_CCM_SHA256 = 0x04,
|
||||
TLS_AES_128_CCM_8_SHA256 = 0x05,
|
||||
|
||||
/* Renegotiation Indication Extension Special Suite */
|
||||
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
|
||||
};
|
||||
@@ -876,6 +906,7 @@ enum Misc {
|
||||
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
|
||||
QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
|
||||
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
|
||||
TLS13_BYTE = 0x13, /* TLS v.13 first byte of cipher suite */
|
||||
|
||||
SEND_CERT = 1,
|
||||
SEND_BLANK_CERT = 2,
|
||||
@@ -888,6 +919,9 @@ enum Misc {
|
||||
TLSv1_MINOR = 1, /* TLSv1 minor version number */
|
||||
TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
|
||||
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
|
||||
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
|
||||
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
|
||||
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
|
||||
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
|
||||
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
|
||||
NO_COMPRESSION = 0,
|
||||
@@ -927,9 +961,13 @@ enum Misc {
|
||||
SEQ_SZ = 8, /* 64 bit sequence number */
|
||||
ALERT_SIZE = 2, /* level + description */
|
||||
VERIFY_HEADER = 2, /* always use 2 bytes */
|
||||
EXTS_SZ = 2, /* always use 2 bytes */
|
||||
EXT_ID_SZ = 2, /* always use 2 bytes */
|
||||
MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
|
||||
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
|
||||
SESSION_HINT_SZ = 4, /* session timeout hint */
|
||||
SESSION_ADD_SZ = 4, /* session age add */
|
||||
MAX_LIFETIME = 604800, /* maximum ticket lifetime */
|
||||
|
||||
RAN_LEN = 32, /* random length */
|
||||
SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
|
||||
@@ -946,6 +984,7 @@ enum Misc {
|
||||
OPAQUE64_LEN = 8, /* 8 bytes */
|
||||
COMP_LEN = 1, /* compression length */
|
||||
CURVE_LEN = 2, /* ecc named curve length */
|
||||
KE_GROUP_LEN = 2, /* key exchange group length */
|
||||
SERVER_ID_LEN = 20, /* server session id length */
|
||||
|
||||
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
|
||||
@@ -986,6 +1025,11 @@ enum Misc {
|
||||
MAX_PRF_HALF = 256, /* Maximum half secret len */
|
||||
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
|
||||
MAX_PRF_DIG = 224, /* Maximum digest len */
|
||||
PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
|
||||
MAX_LABEL_SZ = 34, /* Maximum length of a label */
|
||||
MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
|
||||
OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
|
||||
OPAQUE8_LEN + MAX_DIGEST_SIZE,
|
||||
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
|
||||
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
|
||||
|
||||
@@ -1004,6 +1048,7 @@ enum Misc {
|
||||
AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
|
||||
AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
|
||||
AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
|
||||
AEAD_NONCE_SZ = 12,
|
||||
AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
|
||||
AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
|
||||
AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
|
||||
@@ -1017,6 +1062,7 @@ enum Misc {
|
||||
AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
|
||||
AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
|
||||
AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
|
||||
AESCCM_NONCE_SZ = 12,
|
||||
|
||||
CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
|
||||
CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
|
||||
@@ -1055,7 +1101,10 @@ enum Misc {
|
||||
DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
|
||||
|
||||
MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
|
||||
NULL_TERM_LEN = 1, /* length of null '\0' termination character */
|
||||
MAX_PSK_KEY_LEN = 64, /* max psk key supported */
|
||||
MIN_PSK_ID_LEN = 6, /* min length of identities */
|
||||
MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
|
||||
|
||||
MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
|
||||
|
||||
@@ -1086,11 +1135,7 @@ enum Misc {
|
||||
|
||||
|
||||
/* Set max implicit IV size for AEAD cipher suites */
|
||||
#ifdef HAVE_CHACHA
|
||||
#define AEAD_MAX_IMP_SZ 12
|
||||
#else
|
||||
#define AEAD_MAX_IMP_SZ 4
|
||||
#endif
|
||||
#define AEAD_MAX_IMP_SZ 12
|
||||
|
||||
/* Set max explicit IV size for AEAD cipher suites */
|
||||
#define AEAD_MAX_EXP_SZ 8
|
||||
@@ -1199,10 +1244,12 @@ enum states {
|
||||
|
||||
SERVER_HELLOVERIFYREQUEST_COMPLETE,
|
||||
SERVER_HELLO_COMPLETE,
|
||||
SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
|
||||
SERVER_CERT_COMPLETE,
|
||||
SERVER_KEYEXCHANGE_COMPLETE,
|
||||
SERVER_HELLODONE_COMPLETE,
|
||||
SERVER_FINISHED_COMPLETE,
|
||||
SERVER_HELLO_RETRY_REQUEST,
|
||||
|
||||
CLIENT_HELLO_COMPLETE,
|
||||
CLIENT_KEYEXCHANGE_COMPLETE,
|
||||
@@ -1229,6 +1276,7 @@ WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
|
||||
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
|
||||
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
|
||||
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
|
||||
WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
|
||||
@@ -1290,6 +1338,9 @@ struct WOLFSSL_METHOD {
|
||||
byte downgrade; /* whether to downgrade version, default no */
|
||||
};
|
||||
|
||||
/* wolfSSL buffer type - internal uses "buffer" type */
|
||||
typedef WOLFSSL_BUFFER_INFO buffer;
|
||||
|
||||
|
||||
/* defaults to client */
|
||||
WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
|
||||
@@ -1298,10 +1349,40 @@ WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
|
||||
WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 size, word32 totalSz, int sniff);
|
||||
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
|
||||
|
||||
|
||||
/* wolfSSL buffer type - internal uses "buffer" type */
|
||||
typedef WOLFSSL_BUFFER_INFO buffer;
|
||||
/* TLS v1.3 needs these */
|
||||
WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
|
||||
word32);
|
||||
WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
|
||||
word32);
|
||||
WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
|
||||
WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
word32 hashSigAlgoSz);
|
||||
WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
|
||||
WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
|
||||
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
|
||||
WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
|
||||
int ivSz);
|
||||
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
|
||||
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
||||
word16 sz);
|
||||
WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
|
||||
word32* inOutIdx, byte type,
|
||||
word32 size, word32 totalSz);
|
||||
WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
|
||||
word32* inOutIdx, word32 totalSz);
|
||||
WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
|
||||
word32* inOutIdx, word32 helloSz);
|
||||
#endif
|
||||
|
||||
#ifndef NO_CERTS
|
||||
/* wolfSSL DER buffer */
|
||||
@@ -1403,11 +1484,10 @@ typedef struct Suites {
|
||||
} Suites;
|
||||
|
||||
|
||||
WOLFSSL_LOCAL
|
||||
void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
|
||||
word16, word16, word16, int);
|
||||
WOLFSSL_LOCAL
|
||||
int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
|
||||
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16,
|
||||
word16, word16, word16, int);
|
||||
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
|
||||
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
|
||||
|
||||
#ifndef PSK_TYPES_DEFINED
|
||||
typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
|
||||
@@ -1458,7 +1538,7 @@ struct WOLFSSL_OCSP {
|
||||
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
|
||||
OcspEntry* ocspList; /* OCSP response list */
|
||||
wolfSSL_Mutex ocspLock; /* OCSP list lock */
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
|
||||
int(*statusCb)(WOLFSSL*, void*);
|
||||
#endif
|
||||
};
|
||||
@@ -1650,6 +1730,10 @@ typedef struct Keys {
|
||||
word32 padSz; /* how much to advance after decrypt part */
|
||||
byte encryptionOn; /* true after change cipher spec */
|
||||
byte decryptedCur; /* only decrypt current record once */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte updateResponseReq:1; /* KeyUpdate response from peer required. */
|
||||
byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
|
||||
#endif
|
||||
} Keys;
|
||||
|
||||
|
||||
@@ -1663,16 +1747,28 @@ typedef enum {
|
||||
TLSX_TRUNCATED_HMAC = 0x0004,
|
||||
TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
|
||||
TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
|
||||
TLSX_SIGNATURE_ALGORITHMS = 0x000d,
|
||||
TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
|
||||
TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
|
||||
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
|
||||
TLSX_SESSION_TICKET = 0x0023,
|
||||
#ifdef WOLFSSL_TLS13
|
||||
TLSX_KEY_SHARE = 0x0028,
|
||||
#ifndef NO_PSK
|
||||
TLSX_PRE_SHARED_KEY = 0x0029,
|
||||
#endif
|
||||
TLSX_SUPPORTED_VERSIONS = 0x002b,
|
||||
#ifndef NO_PSK
|
||||
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
|
||||
#endif
|
||||
#endif
|
||||
TLSX_RENEGOTIATION_INFO = 0xff01
|
||||
} TLSX_Type;
|
||||
|
||||
typedef struct TLSX {
|
||||
TLSX_Type type; /* Extension Type */
|
||||
void* data; /* Extension Data */
|
||||
word32 val; /* Extension Value */
|
||||
byte resp; /* IsResponse Flag */
|
||||
struct TLSX* next; /* List Behavior */
|
||||
} TLSX;
|
||||
@@ -1688,12 +1784,13 @@ WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output);
|
||||
#endif
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
|
||||
WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType);
|
||||
WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output,
|
||||
byte msgType);
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte isRequest, Suites *suites);
|
||||
WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte msgType, Suites *suites);
|
||||
|
||||
#elif defined(HAVE_SNI) \
|
||||
|| defined(HAVE_MAX_FRAGMENT) \
|
||||
@@ -1785,8 +1882,10 @@ typedef struct {
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
|
||||
byte status_type, byte options, void* heap, int devId);
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
|
||||
void* heap);
|
||||
#endif
|
||||
WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
|
||||
WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
|
||||
|
||||
@@ -1807,8 +1906,10 @@ typedef struct CSRIv2 {
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
|
||||
byte status_type, byte options, void* heap, int devId);
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
|
||||
byte isPeer, void* heap);
|
||||
#endif
|
||||
WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
|
||||
byte index);
|
||||
WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
|
||||
@@ -1869,6 +1970,10 @@ WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
|
||||
|
||||
typedef struct SessionTicket {
|
||||
word32 lifetime;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word64 seen;
|
||||
word32 ageAdd;
|
||||
#endif
|
||||
byte* data;
|
||||
word16 size;
|
||||
} SessionTicket;
|
||||
@@ -1923,6 +2028,69 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
|
||||
|
||||
#endif /* HAVE_QSH */
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
/* Key Share - TLS v1.3 Specification */
|
||||
|
||||
/* The KeyShare extension information - entry in a linked list. */
|
||||
typedef struct KeyShareEntry {
|
||||
word16 group; /* NamedGroup */
|
||||
byte* ke; /* Key exchange data */
|
||||
word32 keLen; /* Key exchange data length */
|
||||
void* key; /* Private key */
|
||||
word32 keyLen; /* Private key length */
|
||||
struct KeyShareEntry* next; /* List pointer */
|
||||
} KeyShareEntry;
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
|
||||
byte* data, KeyShareEntry **kse);
|
||||
WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
|
||||
|
||||
#ifndef NO_PSK
|
||||
/* The PreSharedKey extension information - entry in a linked list. */
|
||||
typedef struct PreSharedKey {
|
||||
word16 identityLen; /* Length of identity */
|
||||
byte* identity; /* PSK identity */
|
||||
word32 ticketAge; /* Age of the ticket */
|
||||
byte binderLen; /* Length of HMAC */
|
||||
byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */
|
||||
byte hmac; /* HMAC algorithm */
|
||||
byte resumption:1; /* Resumption PSK */
|
||||
byte chosen:1; /* Server's choice */
|
||||
struct PreSharedKey* next; /* List pointer */
|
||||
} PreSharedKey;
|
||||
|
||||
WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
|
||||
byte* output, byte msgType);
|
||||
WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
|
||||
byte msgType);
|
||||
WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
|
||||
word16 len, word32 age, byte hmac,
|
||||
byte resumption,
|
||||
PreSharedKey **preSharedKey);
|
||||
|
||||
enum PskKeyExchangeMode {
|
||||
PSK_KE,
|
||||
PSK_DHE_KE
|
||||
};
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
|
||||
#endif /* NO_PSK */
|
||||
|
||||
/* The types of keys to derive for. */
|
||||
enum DeriveKeyType {
|
||||
handshake_key,
|
||||
traffic_key,
|
||||
update_traffic_key
|
||||
};
|
||||
|
||||
/* The key update request values for KeyUpdate message. */
|
||||
enum KeyUpdateRequest {
|
||||
update_not_requested,
|
||||
update_requested
|
||||
};
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
|
||||
|
||||
/* wolfSSL context type */
|
||||
struct WOLFSSL_CTX {
|
||||
@@ -1944,9 +2112,12 @@ struct WOLFSSL_CTX {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
STACK_OF(WOLFSSL_X509_NAME)* ca_names;
|
||||
#endif
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
|
||||
STACK_OF(WOLFSSL_X509)* x509Chain;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int certChainCnt;
|
||||
#endif
|
||||
DerBuffer* privateKey;
|
||||
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
||||
#endif
|
||||
@@ -1978,6 +2149,10 @@ struct WOLFSSL_CTX {
|
||||
byte minDowngrade; /* minimum downgrade version */
|
||||
byte haveEMS; /* have extended master secret extension */
|
||||
byte useClientOrder; /* Use client's cipher preference order */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte noTicketTls13; /* Server won't create new Ticket */
|
||||
byte noPskDheKe; /* Don't use (EC)DHE with PSK */
|
||||
#endif
|
||||
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
|
||||
byte dtlsSctp; /* DTLS-over-SCTP mode */
|
||||
word16 dtlsMtuSz; /* DTLS MTU size */
|
||||
@@ -2015,7 +2190,7 @@ struct WOLFSSL_CTX {
|
||||
byte havePSK; /* psk key set by user */
|
||||
wc_psk_client_callback client_psk_cb; /* client callback */
|
||||
wc_psk_server_callback server_psk_cb; /* server callback */
|
||||
char server_hint[MAX_PSK_ID_LEN];
|
||||
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||
#endif /* NO_PSK */
|
||||
#ifdef HAVE_ANON
|
||||
byte haveAnon; /* User wants to allow Anon suites */
|
||||
@@ -2030,11 +2205,11 @@ struct WOLFSSL_CTX {
|
||||
#ifdef HAVE_EX_DATA
|
||||
void* ex_data[MAX_EX_DATA];
|
||||
#endif
|
||||
#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX)
|
||||
#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
|
||||
CallbackALPNSelect alpnSelect;
|
||||
void* alpnSelectArg;
|
||||
#endif
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
CallbackSniRecv sniRecvCb;
|
||||
void* sniRecvCbArg;
|
||||
#endif
|
||||
@@ -2104,6 +2279,7 @@ int DeriveTlsKeys(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL
|
||||
int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 inSz, word16 sz);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL
|
||||
int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
|
||||
@@ -2169,10 +2345,11 @@ enum KeyExchangeAlgorithm {
|
||||
|
||||
/* Supported Authentication Schemes */
|
||||
enum SignatureAlgorithm {
|
||||
anonymous_sa_algo,
|
||||
rsa_sa_algo,
|
||||
dsa_sa_algo,
|
||||
ecc_dsa_sa_algo
|
||||
anonymous_sa_algo = 0,
|
||||
rsa_sa_algo = 1,
|
||||
dsa_sa_algo = 2,
|
||||
ecc_dsa_sa_algo = 3,
|
||||
rsa_pss_sa_algo = 8
|
||||
};
|
||||
|
||||
|
||||
@@ -2274,6 +2451,21 @@ typedef struct Hashes {
|
||||
#endif
|
||||
} Hashes;
|
||||
|
||||
WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
typedef union Digest {
|
||||
#ifndef NO_WOLFSSL_SHA256
|
||||
Sha256 sha256;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
Sha384 sha384;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA512
|
||||
Sha512 sha512;
|
||||
#endif
|
||||
} Digest;
|
||||
#endif
|
||||
|
||||
/* Static x509 buffer */
|
||||
typedef struct x509_buffer {
|
||||
@@ -2299,6 +2491,9 @@ struct WOLFSSL_SESSION {
|
||||
word16 haveEMS; /* ext master secret flag */
|
||||
#ifdef SESSION_CERTS
|
||||
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
|
||||
#endif
|
||||
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
|
||||
defined(HAVE_SESSION_TICKET))
|
||||
ProtocolVersion version; /* which version was used */
|
||||
byte cipherSuite0; /* first byte, normally 0 */
|
||||
byte cipherSuite; /* 2nd byte, actual suite */
|
||||
@@ -2308,6 +2503,11 @@ struct WOLFSSL_SESSION {
|
||||
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
|
||||
#endif
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte namedGroup;
|
||||
word32 ticketSeen; /* Time ticket seen (ms) */
|
||||
word32 ticketAdd; /* Added by client */
|
||||
#endif
|
||||
byte* ticket;
|
||||
word16 ticketLen;
|
||||
byte staticTicket[SESSION_TICKET_LEN];
|
||||
@@ -2353,9 +2553,12 @@ enum ConnectState {
|
||||
enum AcceptState {
|
||||
ACCEPT_BEGIN = 0,
|
||||
ACCEPT_CLIENT_HELLO_DONE,
|
||||
ACCEPT_HELLO_RETRY_REQUEST_DONE,
|
||||
ACCEPT_FIRST_REPLY_DONE,
|
||||
SERVER_HELLO_SENT,
|
||||
SERVER_EXTENSIONS_SENT,
|
||||
CERT_SENT,
|
||||
CERT_VERIFY_SENT,
|
||||
CERT_STATUS_SENT,
|
||||
KEY_EXCHANGE_SENT,
|
||||
CERT_REQ_SENT,
|
||||
@@ -2395,6 +2598,9 @@ typedef struct Buffers {
|
||||
DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
|
||||
DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
|
||||
/* chain after self, in DER, with leading size for each cert */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int certChainCnt;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
|
||||
@@ -2412,6 +2618,16 @@ typedef struct Buffers {
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
} Buffers;
|
||||
|
||||
/* sub-states for send/do key share (key exchange) */
|
||||
enum asyncState {
|
||||
TLS_ASYNC_BEGIN = 0,
|
||||
TLS_ASYNC_BUILD,
|
||||
TLS_ASYNC_DO,
|
||||
TLS_ASYNC_VERIFY,
|
||||
TLS_ASYNC_FINALIZE,
|
||||
TLS_ASYNC_END
|
||||
};
|
||||
|
||||
typedef struct Options {
|
||||
#ifndef NO_PSK
|
||||
wc_psk_client_callback client_psk_cb;
|
||||
@@ -2439,6 +2655,7 @@ typedef struct Options {
|
||||
word16 haveSessionId:1; /* server may not send */
|
||||
word16 tls:1; /* using TLS ? */
|
||||
word16 tls1_1:1; /* using TLSv1.1+ ? */
|
||||
word16 tls1_3:1; /* using TLSv1.3+ ? */
|
||||
word16 dtls:1; /* using datagrams ? */
|
||||
word16 connReset:1; /* has the peer reset */
|
||||
word16 isClosed:1; /* if we consider conn closed */
|
||||
@@ -2456,6 +2673,7 @@ typedef struct Options {
|
||||
word16 havePeerVerify:1; /* and peer's cert verify */
|
||||
word16 usingPSK_cipher:1; /* are using psk as cipher */
|
||||
word16 usingAnon_cipher:1; /* are we using an anon cipher */
|
||||
word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
|
||||
word16 sendAlertState:1; /* nonblocking resume */
|
||||
word16 partialWrite:1; /* only one msg per write call */
|
||||
word16 quietShutdown:1; /* don't send close notify */
|
||||
@@ -2475,6 +2693,9 @@ typedef struct Options {
|
||||
word16 createTicket:1; /* Server to create new Ticket */
|
||||
word16 useTicket:1; /* Use Ticket not session cache */
|
||||
word16 rejectTicket:1; /* Callback rejected ticket */
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word16 noTicketTls13:1; /* Server won't create new Ticket */
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
word16 dtlsHsRetain:1; /* DTLS retaining HS data */
|
||||
@@ -2523,14 +2744,19 @@ typedef struct Arrays {
|
||||
word32 pendingMsgOffset; /* current offset into defrag buffer */
|
||||
#ifndef NO_PSK
|
||||
word32 psk_keySz; /* actual size */
|
||||
char client_identity[MAX_PSK_ID_LEN];
|
||||
char server_hint[MAX_PSK_ID_LEN];
|
||||
char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||
byte psk_key[MAX_PSK_KEY_LEN];
|
||||
#endif
|
||||
byte clientRandom[RAN_LEN];
|
||||
byte serverRandom[RAN_LEN];
|
||||
byte sessionID[ID_LEN];
|
||||
byte sessionIDSz;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte clientSecret[SECRET_LEN];
|
||||
byte serverSecret[SECRET_LEN];
|
||||
byte secret[SECRET_LEN];
|
||||
#endif
|
||||
byte masterSecret[SECRET_LEN];
|
||||
#ifdef WOLFSSL_DTLS
|
||||
byte cookie[MAX_COOKIE_LEN];
|
||||
@@ -2714,10 +2940,12 @@ typedef struct DtlsMsg {
|
||||
/* Handshake messages received from peer (plus change cipher */
|
||||
typedef struct MsgsReceived {
|
||||
word16 got_hello_request:1;
|
||||
word16 got_client_hello:1;
|
||||
word16 got_client_hello:2;
|
||||
word16 got_server_hello:1;
|
||||
word16 got_hello_verify_request:1;
|
||||
word16 got_session_ticket:1;
|
||||
word16 got_hello_retry_request:1;
|
||||
word16 got_encrypted_extensions:1;
|
||||
word16 got_certificate:1;
|
||||
word16 got_certificate_status:1;
|
||||
word16 got_server_key_exchange:1;
|
||||
@@ -2726,6 +2954,7 @@ typedef struct MsgsReceived {
|
||||
word16 got_certificate_verify:1;
|
||||
word16 got_client_key_exchange:1;
|
||||
word16 got_finished:1;
|
||||
word16 got_key_update:1;
|
||||
word16 got_change_cipher:1;
|
||||
} MsgsReceived;
|
||||
|
||||
@@ -2858,6 +3087,9 @@ struct WOLFSSL {
|
||||
byte maxRequest;
|
||||
byte user_set_QSHSchemes;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word16 namedGroup;
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
word16 peerNtruKeyLen;
|
||||
byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
|
||||
@@ -2905,6 +3137,9 @@ struct WOLFSSL {
|
||||
CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
|
||||
void* fuzzerCtx; /* user defined pointer */
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
buffer clientCertCtx; /* Certificate context in request */
|
||||
#endif
|
||||
#ifdef KEEP_PEER_CERT
|
||||
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
||||
#endif
|
||||
@@ -2941,7 +3176,7 @@ struct WOLFSSL {
|
||||
#endif /* user turned on */
|
||||
#ifdef HAVE_ALPN
|
||||
char* alpn_client_list; /* keep the client's list */
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
CallbackALPNSelect alpnSelect;
|
||||
void* alpnSelectArg;
|
||||
#endif
|
||||
@@ -2955,7 +3190,7 @@ struct WOLFSSL {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
byte* ocspResp;
|
||||
int ocspRespSz;
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
char* url;
|
||||
#endif
|
||||
#endif
|
||||
@@ -3094,6 +3329,8 @@ enum HandShakeType {
|
||||
server_hello = 2,
|
||||
hello_verify_request = 3, /* DTLS addition */
|
||||
session_ticket = 4,
|
||||
hello_retry_request = 6,
|
||||
encrypted_extensions = 8,
|
||||
certificate = 11,
|
||||
server_key_exchange = 12,
|
||||
certificate_request = 13,
|
||||
@@ -3102,6 +3339,7 @@ enum HandShakeType {
|
||||
client_key_exchange = 16,
|
||||
finished = 20,
|
||||
certificate_status = 22,
|
||||
key_update = 24,
|
||||
change_cipher_hs = 55, /* simulate unique handshake type for sanity
|
||||
checks. record layer change_cipher
|
||||
conflicts with handshake finished */
|
||||
@@ -3121,13 +3359,27 @@ WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
|
||||
WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendTls13EncryptedExtensions(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13Certificate(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13CertificateRequest(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
|
||||
WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13Finished(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendTls13NewSessionTicket(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
|
||||
WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
|
||||
|
||||
@@ -3140,6 +3392,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData);
|
||||
|
||||
WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
|
||||
|
||||
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
|
||||
@@ -3155,7 +3408,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
|
||||
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
|
||||
byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
|
||||
const byte* keyBuf, word32 keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
|
||||
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
|
||||
@@ -3207,12 +3461,20 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
|
||||
WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
|
||||
WOLFSSL_LOCAL int SendTls13CertificateVerify(WOLFSSL*);
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
|
||||
#endif /* NO_WOLFSSL_SERVER */
|
||||
|
||||
@@ -3239,7 +3501,9 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
||||
|
||||
#endif /* NO_TLS */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
|
||||
#endif
|
||||
WOLFSSL_LOCAL word32 LowResTimer(void);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
@@ -3283,10 +3547,18 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
|
||||
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
|
||||
|
||||
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
|
||||
const byte* input, int inSz, int type, int hashOutput,
|
||||
int sizeOnly, int asyncOkay);
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
int inSz, int type, int hashOutput, int sizeOnly);
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
|
||||
WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
|
||||
|
||||
|
||||
@@ -90,6 +90,9 @@
|
||||
#include <netdb.h>
|
||||
#include <netinet/in.h>
|
||||
#include <io.h>
|
||||
/* <sys/socket.h> defines these, to avoid conflict, do undef */
|
||||
#undef SOCKADDR
|
||||
#undef SOCKADDR_IN
|
||||
#elif defined(WOLFSSL_PRCONNECT_PRO)
|
||||
#include <prconnect_pro/prconnect_pro.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
+2
-2
@@ -37,7 +37,7 @@
|
||||
|
||||
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
|
||||
|
||||
typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
|
||||
@@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
|
||||
OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
|
||||
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
|
||||
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
|
||||
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
|
||||
|
||||
@@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
|
||||
#define SSLEAY_VERSION 0x0090600fL
|
||||
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
|
||||
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
|
||||
#define FIPS_mode wolfSSL_FIPS_mode
|
||||
#define FIPS_mode_set wolfSSL_FIPS_mode_set
|
||||
@@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
|
||||
|
||||
#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL)
|
||||
|
||||
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
|
||||
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#endif /* header */
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
|
||||
/* api version compatibility */
|
||||
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX)
|
||||
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
/* version number can be increased for Lighty after compatibility for ECDH
|
||||
is added */
|
||||
#define OPENSSL_VERSION_NUMBER 0x10001000L
|
||||
|
||||
@@ -99,12 +99,23 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EVP_PKEY_type(int type);
|
||||
|
||||
WOLFSSL_API
|
||||
int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
||||
|
||||
#if !defined(NO_FILESYSTEM)
|
||||
WOLFSSL_API
|
||||
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
|
||||
pem_password_cb *cb, void *u);
|
||||
WOLFSSL_API
|
||||
WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x,
|
||||
pem_password_cb *cb, void *u);
|
||||
WOLFSSL_API
|
||||
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x,
|
||||
pem_password_cb *cb, void *u);
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
#define PEM_read_X509 wolfSSL_PEM_read_X509
|
||||
#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey
|
||||
#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey
|
||||
/* RSA */
|
||||
#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
|
||||
|
||||
+25
-4
@@ -118,6 +118,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
|
||||
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
|
||||
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
|
||||
#define SSL_get_privatekey wolfSSL_get_privatekey
|
||||
|
||||
#define SSLv23_method wolfSSLv23_method
|
||||
#define SSLv3_server_method wolfSSLv3_server_method
|
||||
@@ -322,6 +323,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
|
||||
#define EVP_PKEY_new wolfSSL_PKEY_new
|
||||
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
|
||||
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
|
||||
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
|
||||
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
|
||||
#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
|
||||
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
|
||||
@@ -338,6 +341,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
|
||||
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
|
||||
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
|
||||
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
|
||||
|
||||
#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
|
||||
|
||||
@@ -473,7 +477,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
|
||||
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
|
||||
defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(HAVE_POCO_LIB)
|
||||
defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY)
|
||||
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
||||
|
||||
#define X509_NAME_free wolfSSL_X509_NAME_free
|
||||
@@ -508,7 +512,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
||||
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
|
||||
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
|
||||
|
||||
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB */
|
||||
|
||||
#ifdef WOLFSSL_HAPROXY
|
||||
#define SSL_get_rbio wolfSSL_SSL_get_rbio
|
||||
#define SSL_get_wbio wolfSSL_SSL_get_wbio
|
||||
#define SSL_do_handshake wolfSSL_SSL_do_handshake
|
||||
#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x)
|
||||
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
|
||||
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
|
||||
#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
|
||||
#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num
|
||||
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
|
||||
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
|
||||
#endif /* WOLFSSL_HAPROXY */
|
||||
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
|
||||
|
||||
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
|
||||
|
||||
@@ -703,7 +720,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
||||
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
||||
#define NID_tlsfeature 92 /* id-pe 24 */
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
|
||||
#include <wolfssl/error-ssl.h>
|
||||
|
||||
#define OPENSSL_STRING WOLFSSL_STRING
|
||||
@@ -714,7 +733,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
||||
#define OPENSSL_NPN_NEGOTIATED 1
|
||||
#define OPENSSL_NPN_NO_OVERLAP 2
|
||||
|
||||
|
||||
/* Nginx checks these to see if the error was a handshake error. */
|
||||
#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR
|
||||
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E
|
||||
@@ -775,6 +793,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
||||
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
|
||||
#define SSL_select_next_proto wolfSSL_select_next_proto
|
||||
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
|
||||
#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb
|
||||
#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
|
||||
#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
+108
-21
@@ -68,10 +68,16 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
|
||||
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
|
||||
typedef struct WOLFSSL WOLFSSL;
|
||||
#endif
|
||||
typedef struct WOLFSSL_SESSION WOLFSSL_SESSION;
|
||||
typedef struct WOLFSSL_METHOD WOLFSSL_METHOD;
|
||||
#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
|
||||
#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
|
||||
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
|
||||
#endif
|
||||
|
||||
typedef struct WOLFSSL_STACK WOLFSSL_STACK;
|
||||
typedef struct WOLFSSL_X509 WOLFSSL_X509;
|
||||
@@ -270,6 +276,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
|
||||
#endif
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
|
||||
|
||||
@@ -288,6 +298,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
|
||||
@@ -382,12 +396,23 @@ WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
|
||||
WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int);
|
||||
WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_connect(WOLFSSL*); /* please see note at top of README
|
||||
if you get an error from connect */
|
||||
/* please see note at top of README if you get an error from connect */
|
||||
WOLFSSL_API int wolfSSL_connect(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int);
|
||||
WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int);
|
||||
WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int);
|
||||
WOLFSSL_API int wolfSSL_accept(WOLFSSL*);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
|
||||
WOLFSSL_API int wolfSSL_no_dhe_psk(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_update_keys(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
|
||||
#endif
|
||||
WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
|
||||
WOLFSSL_API void wolfSSL_free(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
|
||||
@@ -490,6 +515,7 @@ WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
|
||||
STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
|
||||
WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
|
||||
WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
|
||||
|
||||
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
|
||||
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
|
||||
@@ -1688,7 +1714,7 @@ enum {
|
||||
WOLFSSL_MAX_ALPN_NUMBER = 257
|
||||
};
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
|
||||
unsigned char* outLen, const unsigned char* in, unsigned int inLen,
|
||||
void *arg);
|
||||
@@ -1783,7 +1809,7 @@ WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Elliptic Curves */
|
||||
/* Named Groups */
|
||||
enum {
|
||||
#if 0 /* Not Supported */
|
||||
WOLFSSL_ECC_SECT163K1 = 1,
|
||||
@@ -1815,6 +1841,19 @@ enum {
|
||||
WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
|
||||
WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
|
||||
WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
|
||||
#ifdef WOLFSSL_TLS13
|
||||
/* Not implemented. */
|
||||
WOLFSSL_ECC_X25519 = 29,
|
||||
/* Not implemented. */
|
||||
WOLFSSL_ECC_X448 = 30,
|
||||
|
||||
/* Not implemented. */
|
||||
WOLFSSL_FFDHE_2048 = 256,
|
||||
WOLFSSL_FFDHE_3072 = 257,
|
||||
WOLFSSL_FFDHE_4096 = 258,
|
||||
WOLFSSL_FFDHE_6144 = 259,
|
||||
WOLFSSL_FFDHE_8192 = 260,
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifdef HAVE_SUPPORTED_CURVES
|
||||
@@ -1827,6 +1866,11 @@ WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, unsigned short group);
|
||||
WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
|
||||
#endif
|
||||
|
||||
|
||||
/* Secure Renegotiation */
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
@@ -1964,7 +2008,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
|
||||
WOLFSSL_API void wolfSSL_cert_service(void);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
|
||||
char* buf, int len);
|
||||
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
|
||||
@@ -1992,6 +2036,7 @@ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
|
||||
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
|
||||
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
|
||||
unsigned char* der, long derSz);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
|
||||
long derSz);
|
||||
@@ -2035,6 +2080,7 @@ struct WOLFSSL_X509_NAME_ENTRY {
|
||||
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|
||||
|| defined(HAVE_STUNNEL) \
|
||||
|| defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
|
||||
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
|
||||
@@ -2046,7 +2092,7 @@ WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
|
||||
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
|
||||
WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
|
||||
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
|
||||
WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
|
||||
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
|
||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
|
||||
WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
|
||||
@@ -2060,6 +2106,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
|
||||
|
||||
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|
||||
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|
||||
|| defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA)
|
||||
|
||||
WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
|
||||
@@ -2078,7 +2125,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
|
||||
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
|
||||
|
||||
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
|
||||
#include <wolfssl/openssl/crypto.h>
|
||||
|
||||
@@ -2174,10 +2221,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
|
||||
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
|
||||
|
||||
WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
|
||||
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
|
||||
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|
||||
|| defined(WOLFSSL_NGINX)
|
||||
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
|
||||
|
||||
@@ -2210,7 +2257,7 @@ WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
|
||||
int *line, const char **data, int *flags);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY
|
||||
/* Not an OpenSSL API. */
|
||||
WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
|
||||
/* Not an OpenSSL API. */
|
||||
@@ -2218,6 +2265,7 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
|
||||
/* Not an OpenSSL API. */
|
||||
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
|
||||
|
||||
WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
|
||||
WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
|
||||
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
|
||||
void *b, void *c);
|
||||
@@ -2277,19 +2325,58 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
|
||||
#endif /* WOLFSSL_NGINX */
|
||||
|
||||
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
|
||||
const unsigned char **data, unsigned int *len);
|
||||
const unsigned char **data, unsigned int *len);
|
||||
WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in, unsigned int inlen,
|
||||
const unsigned char *client,
|
||||
unsigned int client_len);
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in, unsigned int inlen,
|
||||
const unsigned char *client,
|
||||
unsigned int client_len);
|
||||
WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
|
||||
int (*cb) (WOLFSSL *ssl,
|
||||
const unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg), void *arg);
|
||||
int (*cb) (WOLFSSL *ssl,
|
||||
const unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg), void *arg);
|
||||
WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
|
||||
int (*cb) (WOLFSSL *ssl,
|
||||
const unsigned char **out,
|
||||
unsigned int *outlen,
|
||||
void *arg), void *arg);
|
||||
WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
|
||||
int (*cb) (WOLFSSL *ssl,
|
||||
unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg), void *arg);
|
||||
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
|
||||
unsigned *len);
|
||||
|
||||
|
||||
#ifdef WOLFSSL_HAPROXY
|
||||
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
|
||||
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
|
||||
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
|
||||
WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
|
||||
WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor);
|
||||
WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
|
||||
WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
|
||||
WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey);
|
||||
WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out);
|
||||
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
|
||||
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
|
||||
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
|
||||
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
|
||||
WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
||||
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
|
||||
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
|
||||
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
|
||||
WOLFSSL_API void ERR_load_SSL_strings(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
||||
+66
-56
@@ -302,8 +302,8 @@ static INLINE void InitTcpReady(tcp_ready* ready)
|
||||
ready->srfName = NULL;
|
||||
#ifdef SINGLE_THREADED
|
||||
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||
pthread_mutex_init(&ready->mutex, 0);
|
||||
pthread_cond_init(&ready->cond, 0);
|
||||
pthread_mutex_init(&ready->mutex, 0);
|
||||
pthread_cond_init(&ready->cond, 0);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -1008,6 +1008,9 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
|
||||
|
||||
#ifndef NO_PSK
|
||||
|
||||
/* identity is OpenSSL testing default for openssl s_client, keep same */
|
||||
static const char* kIdentityStr = "Client_identity";
|
||||
|
||||
static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
|
||||
char* identity, unsigned int id_max_len, unsigned char* key,
|
||||
unsigned int key_max_len)
|
||||
@@ -1016,9 +1019,8 @@ static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
|
||||
(void)hint;
|
||||
(void)key_max_len;
|
||||
|
||||
/* identity is OpenSSL testing default for openssl s_client, keep same */
|
||||
strncpy(identity, "Client_identity", id_max_len);
|
||||
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
strncpy(identity, kIdentityStr, id_max_len);
|
||||
|
||||
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
|
||||
unsigned binary */
|
||||
@@ -1037,8 +1039,8 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
(void)ssl;
|
||||
(void)key_max_len;
|
||||
|
||||
/* identity is OpenSSL testing default for openssl s_client, keep same */
|
||||
if (strncmp(identity, "Client_identity", 15) != 0)
|
||||
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
|
||||
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
|
||||
return 0;
|
||||
|
||||
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
|
||||
@@ -1109,6 +1111,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
|
||||
{
|
||||
int ret;
|
||||
long int fileSz;
|
||||
FILE* file;
|
||||
|
||||
if (fname == NULL || buf == NULL || bufLen == NULL)
|
||||
@@ -1126,9 +1129,10 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
}
|
||||
|
||||
fseek(file, 0, SEEK_END);
|
||||
*bufLen = ftell(file);
|
||||
fileSz = (int)ftell(file);
|
||||
rewind(file);
|
||||
if (*bufLen > 0) {
|
||||
if (fileSz > 0) {
|
||||
*bufLen = (size_t)fileSz;
|
||||
*buf = (byte*)malloc(*bufLen);
|
||||
if (*buf == NULL) {
|
||||
ret = MEMORY_E;
|
||||
@@ -1736,12 +1740,13 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_ecc_init(&myKey);
|
||||
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
ret = wc_ecc_init(&myKey);
|
||||
if (ret == 0) {
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
}
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@@ -1758,12 +1763,13 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_ecc_init(&myKey);
|
||||
|
||||
ret = wc_ecc_import_x963(key, keySz, &myKey);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
ret = wc_ecc_init(&myKey);
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_import_x963(key, keySz, &myKey);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -1843,16 +1849,17 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) { /* save and convert to 0 success */
|
||||
*outSz = ret;
|
||||
ret = 0;
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) { /* save and convert to 0 success */
|
||||
*outSz = ret;
|
||||
ret = 0;
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@@ -1871,12 +1878,13 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
|
||||
wc_FreeRsaKey(&myKey);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -1898,17 +1906,18 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) {
|
||||
*outSz = ret;
|
||||
ret = 0; /* reset to success */
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) {
|
||||
*outSz = ret;
|
||||
ret = 0; /* reset to success */
|
||||
}
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@@ -1925,20 +1934,21 @@ static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
#ifdef WC_RSA_BLINDING
|
||||
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
|
||||
if (ret != 0) {
|
||||
wc_FreeRsaKey(&myKey);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0) {
|
||||
#ifdef WC_RSA_BLINDING
|
||||
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
|
||||
if (ret != 0) {
|
||||
wc_FreeRsaKey(&myKey);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
+2
-2
@@ -28,8 +28,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define LIBWOLFSSL_VERSION_STRING "3.10.4"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x03010004
|
||||
#define LIBWOLFSSL_VERSION_STRING "3.11.0"
|
||||
#define LIBWOLFSSL_VERSION_HEX 0x03011000
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@@ -130,7 +130,7 @@ enum Misc_ASN {
|
||||
PKCS5 = 5, /* PKCS oid tag */
|
||||
PKCS5v2 = 6, /* PKCS #5 v2.0 */
|
||||
PKCS8v0 = 0, /* default PKCS#8 version */
|
||||
PKCS12 = 12, /* PKCS #12 */
|
||||
PKCS12v1 = 12, /* PKCS #12 */
|
||||
MAX_UNICODE_SZ = 256,
|
||||
ASN_BOOL_SIZE = 2, /* including type */
|
||||
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
|
||||
@@ -193,7 +193,7 @@ enum Misc_ASN {
|
||||
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
|
||||
TRAILING_ZERO = 1, /* Used for size of zero pad */
|
||||
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */
|
||||
#endif
|
||||
};
|
||||
@@ -743,7 +743,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
|
||||
word32* oidSz, int* algoID, void* heap);
|
||||
|
||||
typedef struct tm wolfssl_tm;
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
|
||||
@@ -873,7 +873,7 @@ struct CertStatus {
|
||||
byte nextDate[MAX_DATE_SIZE];
|
||||
byte thisDateFormat;
|
||||
byte nextDateFormat;
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
byte* thisDateAsn;
|
||||
byte* nextDateAsn;
|
||||
#endif
|
||||
@@ -924,7 +924,7 @@ struct OcspRequest {
|
||||
int nonceSz;
|
||||
void* heap;
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
void* ssl;
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -30,10 +30,19 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Opaque keys. Only key pointers are used for arguments */
|
||||
typedef struct ecc_key ecc_key;
|
||||
typedef struct RsaKey RsaKey;
|
||||
typedef struct WC_RNG WC_RNG;
|
||||
/* guard on redeclaration */
|
||||
#ifndef WC_ECCKEY_TYPE_DEFINED
|
||||
typedef struct ecc_key ecc_key;
|
||||
#define WC_ECCKEY_TYPE_DEFINED
|
||||
#endif
|
||||
#ifndef WC_RSAKEY_TYPE_DEFINED
|
||||
typedef struct RsaKey RsaKey;
|
||||
#define WC_RSAKEY_TYPE_DEFINED
|
||||
#endif
|
||||
#ifndef WC_RNG_TYPE_DEFINED
|
||||
typedef struct WC_RNG WC_RNG;
|
||||
#define WC_RNG_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
/* Certificate file Type */
|
||||
enum CertType {
|
||||
|
||||
@@ -37,6 +37,12 @@
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
typedef struct DhParams {
|
||||
const byte* p;
|
||||
word32 p_len;
|
||||
const byte* g;
|
||||
word32 g_len;
|
||||
} DhParams;
|
||||
|
||||
/* Diffie-Hellman Key */
|
||||
typedef struct DhKey {
|
||||
@@ -48,6 +54,22 @@ typedef struct DhKey {
|
||||
} DhKey;
|
||||
|
||||
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);
|
||||
#endif
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
WOLFSSL_API const DhParams* wc_Dh_ffdhe3072_Get(void);
|
||||
#endif
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
WOLFSSL_API const DhParams* wc_Dh_ffdhe4096_Get(void);
|
||||
#endif
|
||||
#ifdef HAVE_FFDHE_6144
|
||||
WOLFSSL_API const DhParams* wc_Dh_ffdhe6144_Get(void);
|
||||
#endif
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void);
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_InitDhKey(DhKey* key);
|
||||
WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
|
||||
WOLFSSL_API void wc_FreeDhKey(DhKey* key);
|
||||
|
||||
+15
-2
@@ -150,6 +150,14 @@ typedef enum ecc_curve_id {
|
||||
ECC_BRAINPOOLP320R1,
|
||||
ECC_BRAINPOOLP384R1,
|
||||
ECC_BRAINPOOLP512R1,
|
||||
|
||||
/* Twisted Edwards Curves */
|
||||
#ifdef HAVE_CURVE25519
|
||||
ECC_X25519,
|
||||
#endif
|
||||
#ifdef HAVE_X448
|
||||
ECC_X448,
|
||||
#endif
|
||||
} ecc_curve_id;
|
||||
|
||||
#ifdef HAVE_OID_ENCODING
|
||||
@@ -262,7 +270,7 @@ enum {
|
||||
};
|
||||
|
||||
/* An ECC Key */
|
||||
typedef struct ecc_key {
|
||||
struct ecc_key {
|
||||
int type; /* Public or Private */
|
||||
int idx; /* Index into the ecc_sets[] for the parameters of
|
||||
this curve if -1, this key is using user supplied
|
||||
@@ -287,7 +295,12 @@ typedef struct ecc_key {
|
||||
CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
|
||||
#endif
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
} ecc_key;
|
||||
};
|
||||
|
||||
#ifndef WC_ECCKEY_TYPE_DEFINED
|
||||
typedef struct ecc_key ecc_key;
|
||||
#define WC_ECCKEY_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
|
||||
/* ECC predefined curve sets */
|
||||
|
||||
@@ -180,10 +180,18 @@ WOLFSSL_API void wc_HmacFree(Hmac*);
|
||||
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
|
||||
|
||||
#ifdef HAVE_HKDF
|
||||
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* salt, word32 saltSz,
|
||||
const byte* info, word32 infoSz,
|
||||
byte* out, word32 outSz);
|
||||
|
||||
WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
|
||||
const byte* inKey, word32 inKeySz, byte* out);
|
||||
WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* info, word32 infoSz,
|
||||
byte* out, word32 outSz);
|
||||
|
||||
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* salt, word32 saltSz,
|
||||
const byte* info, word32 infoSz,
|
||||
byte* out, word32 outSz);
|
||||
|
||||
#endif /* HAVE_HKDF */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -79,7 +79,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
|
||||
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
|
||||
|
||||
void WOLFSSL_MSG(const char* msg);
|
||||
void WOLFSSL_BUFFER(byte* buffer, word32 length);
|
||||
void WOLFSSL_BUFFER(const byte* buffer, word32 length);
|
||||
|
||||
#else /* DEBUG_WOLFSSL */
|
||||
|
||||
@@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
|
||||
|
||||
#endif /* DEBUG_WOLFSSL */
|
||||
|
||||
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
|
||||
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
|
||||
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
|
||||
void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
|
||||
const char* file, void* ctx);
|
||||
|
||||
+12
-2
@@ -81,7 +81,7 @@ enum {
|
||||
|
||||
|
||||
/* RSA */
|
||||
typedef struct RsaKey {
|
||||
struct RsaKey {
|
||||
mp_int n, e, d, p, q, dP, dQ, u;
|
||||
void* heap; /* for user memory overrides */
|
||||
byte* data; /* temp buffer for async RSA */
|
||||
@@ -98,7 +98,13 @@ typedef struct RsaKey {
|
||||
#endif
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
byte dataIsAlloc;
|
||||
} RsaKey;
|
||||
};
|
||||
|
||||
#ifndef WC_RSAKEY_TYPE_DEFINED
|
||||
typedef struct RsaKey RsaKey;
|
||||
#define WC_RSAKEY_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
#endif /*HAVE_FIPS */
|
||||
|
||||
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
|
||||
@@ -120,6 +126,9 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
|
||||
RsaKey* key);
|
||||
WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key);
|
||||
WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
|
||||
enum wc_HashType hash, int mgf,
|
||||
RsaKey* key);
|
||||
WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
|
||||
|
||||
#ifndef HAVE_FIPS /* to avoid asn duplicate symbols @wc_fips */
|
||||
@@ -150,6 +159,7 @@ WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
|
||||
/* Padding types */
|
||||
#define WC_RSA_PKCSV15_PAD 0
|
||||
#define WC_RSA_OAEP_PAD 1
|
||||
#define WC_RSA_PSS_PAD 2
|
||||
|
||||
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key, WC_RNG* rng, int type,
|
||||
|
||||
@@ -367,7 +367,7 @@
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
|
||||
/* uTasker port uses RAW sockets, use I/O callbacks
|
||||
* See wolfSSL uTasker example for sample callbacks */
|
||||
* See wolfSSL uTasker example for sample callbacks */
|
||||
#define WOLFSSL_USER_IO
|
||||
|
||||
/* uTasker filesystem not ported */
|
||||
@@ -421,26 +421,26 @@
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_NRF5x
|
||||
#define SIZEOF_LONG 4
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#define NO_ASN_TIME
|
||||
#define NO_DEV_RANDOM
|
||||
#define NO_FILESYSTEM
|
||||
#define NO_MAIN_DRIVER
|
||||
#define NO_WRITEV
|
||||
#define SINGLE_THREADED
|
||||
#define USE_FAST_MATH
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#define USE_WOLFSSL_MEMORY
|
||||
#define WOLFSSL_NRF51
|
||||
#define WOLFSSL_USER_IO
|
||||
#define NO_SESSION_CACHE
|
||||
#define SIZEOF_LONG 4
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#define NO_ASN_TIME
|
||||
#define NO_DEV_RANDOM
|
||||
#define NO_FILESYSTEM
|
||||
#define NO_MAIN_DRIVER
|
||||
#define NO_WRITEV
|
||||
#define SINGLE_THREADED
|
||||
#define USE_FAST_MATH
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#define USE_WOLFSSL_MEMORY
|
||||
#define WOLFSSL_NRF51
|
||||
#define WOLFSSL_USER_IO
|
||||
#define NO_SESSION_CACHE
|
||||
#endif
|
||||
|
||||
/* Micrium will use Visual Studio for compilation but not the Win32 API */
|
||||
#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
|
||||
!defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
|
||||
!defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
|
||||
!defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
|
||||
!defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
|
||||
#define USE_WINDOWS_API
|
||||
#endif
|
||||
|
||||
@@ -759,7 +759,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#define WOLFSSL_USER_IO
|
||||
#define SINGLE_THREADED
|
||||
#define NO_FILESYSTEM
|
||||
#define USER_TICKS
|
||||
#ifndef TIME_OVERRIDES
|
||||
#define USER_TICKS
|
||||
#endif
|
||||
#endif /* FREESCALE_KSDK_BM */
|
||||
|
||||
#ifdef FREESCALE_COMMON
|
||||
@@ -800,14 +802,24 @@ extern void uITRON4_free(void *p) ;
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#endif
|
||||
|
||||
#include "fsl_common.h"
|
||||
#ifdef FREESCALE_KSDK_1_3
|
||||
#include "fsl_device_registers.h"
|
||||
#else
|
||||
#include "fsl_common.h"
|
||||
#endif
|
||||
|
||||
/* random seed */
|
||||
#define NO_OLD_RNGNAME
|
||||
#if defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
|
||||
#define FREESCALE_KSDK_2_0_TRNG
|
||||
#elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
|
||||
#define FREESCALE_KSDK_2_0_RNGA
|
||||
#ifdef FREESCALE_KSDK_1_3
|
||||
#include "fsl_rnga_driver.h"
|
||||
#define FREESCALE_RNGA
|
||||
#define RNGA_INSTANCE (0)
|
||||
#else
|
||||
#define FREESCALE_KSDK_2_0_RNGA
|
||||
#endif
|
||||
#elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS)
|
||||
#define FREESCALE_RNGA
|
||||
#define RNGA_INSTANCE (0)
|
||||
@@ -948,9 +960,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#define NO_OLD_RNGNAME
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
#include "stm32f2xx_hal.h"
|
||||
#ifndef STM32_HAL_TIMEOUT
|
||||
#define STM32_HAL_TIMEOUT 0xFF
|
||||
#endif
|
||||
#ifndef STM32_HAL_TIMEOUT
|
||||
#define STM32_HAL_TIMEOUT 0xFF
|
||||
#endif
|
||||
#else
|
||||
#include "stm32f2xx.h"
|
||||
#include "stm32f2xx_cryp.h"
|
||||
@@ -974,9 +986,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
#include "stm32f4xx_hal.h"
|
||||
#ifndef STM32_HAL_TIMEOUT
|
||||
#define STM32_HAL_TIMEOUT 0xFF
|
||||
#endif
|
||||
#ifndef STM32_HAL_TIMEOUT
|
||||
#define STM32_HAL_TIMEOUT 0xFF
|
||||
#endif
|
||||
#else
|
||||
#include "stm32f4xx.h"
|
||||
#include "stm32f4xx_cryp.h"
|
||||
@@ -1528,7 +1540,7 @@ extern void uITRON4_free(void *p) ;
|
||||
#undef HAVE_GMTIME_R /* don't trust macro with windows */
|
||||
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
|
||||
|
||||
#ifdef WOLFSSL_NGINX
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
|
||||
#define OPENSSL_NO_ENGINE
|
||||
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
|
||||
@@ -1547,6 +1559,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#ifndef HAVE_SNI
|
||||
#define HAVE_SNI
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_NGINX)
|
||||
#define SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#endif
|
||||
|
||||
|
||||
@@ -293,7 +293,7 @@
|
||||
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#ifndef USE_WINDOWS_API
|
||||
#define XSNPRINTF snprintf
|
||||
#else
|
||||
|
||||
@@ -33,9 +33,15 @@
|
||||
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
|
||||
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
|
||||
typedef struct WOLFSSL WOLFSSL;
|
||||
#endif
|
||||
typedef struct WOLF_EVENT WOLF_EVENT;
|
||||
#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
|
||||
#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
|
||||
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
|
||||
#endif
|
||||
|
||||
typedef unsigned short WOLF_EVENT_FLAG;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user