Merge branch 'master' into cmake_HSC

This commit is contained in:
Anthony Hu
2026-02-06 13:11:55 -05:00
committed by GitHub
115 changed files with 22465 additions and 15861 deletions
+41
View File
@@ -0,0 +1,41 @@
name: WolfSSL CMake Autoconf Interworking Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
# pull wolfSSL
- uses: actions/checkout@v4
# install cmake and autotools
- name: Install cmake
run: |
sudo apt-get update
sudo apt-get install -y cmake autoconf automake libtool
# build and install wolfssl via autotools for CMake consumer test
- name: Build wolfssl with autotools
run: |
./autogen.sh
./configure --prefix="$GITHUB_WORKSPACE/install-autoconf" --enable-all
make -j $(nproc)
make install
# CMake consumer test using the autotools install
- name: CMake consumer test (autotools install)
run: |
mkdir -p cmake/consumer/build
cd cmake/consumer/build
cmake -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/install-autoconf" ..
cmake --build .
./wolfssl_consumer
cd ..
rm -rf build
+5 -15
View File
@@ -13,7 +13,7 @@ jobs:
steps:
# pull wolfSSL
- uses: actions/checkout@master
- uses: actions/checkout@v4
# install cmake
- name: Install cmake
@@ -21,24 +21,16 @@ jobs:
sudo apt-get update
sudo apt-get install -y cmake
# pull wolfssl
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
# build wolfssl
- name: Build wolfssl
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes -DWOLFSSL_AESECB:BOOL=yes \
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESCTS:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
@@ -51,7 +43,7 @@ jobs:
-DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
-DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
-DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_DTLS_CH_FRAG:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
-DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
-DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
-DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
@@ -80,7 +72,7 @@ jobs:
-DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \
-DWOLFSSL_X963KDF:BOOL=yes -DWOLFSSL_DILITHIUM:BOOL=yes -DWOLFSSL_PKCS11:BOOL=yes \
-DWOLFSSL_ECCSI:BOOL=yes -DWOLFSSL_SAKKE:BOOL=yes -DWOLFSSL_SIPHASH:BOOL=yes \
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
-DWOLFSSL_WC_RSA_DIRECT:BOOL=yes -DWOLFSSL_PUBLIC_MP:BOOL=yes \
..
cmake --build .
ctest -j $(nproc)
@@ -92,7 +84,6 @@ jobs:
# build "lean-tls" wolfssl
- name: Build wolfssl with lean-tls
working-directory: ./wolfssl
run: |
mkdir build
cd build
@@ -108,7 +99,6 @@ jobs:
# CMake build with user_settings.h
- name: Build wolfssl with user_settings.h
working-directory: ./wolfssl
run: |
mkdir build
cp examples/configs/user_settings_all.h ./build/user_settings.h
+3
View File
@@ -70,6 +70,9 @@ jobs:
'--enable-all --enable-certgencache',
'--enable-sessionexport --enable-dtls --enable-dtls13',
'--enable-sessionexport',
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
'--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
'--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC',
'CPPFLAGS=-DNO_WOLFSSL_CLIENT',
'CPPFLAGS=-DNO_WOLFSSL_SERVER',
+12
View File
@@ -41,6 +41,9 @@ tags
.tags*
cyassl-config
wolfssl-config
cmake/wolfssl-config.cmake
cmake/wolfssl-config-version.cmake
cmake/wolfssl-targets.cmake
cyassl.sublime*
fips.h
fips.c
@@ -239,12 +242,17 @@ linuxkm/linuxkm
linuxkm/src
linuxkm/patches/src
*.nds
# Generated during FreeBSD kernel module build.
bsdkm/export_syms
bsdkm/i386
bsdkm/libwolfssl.ko
bsdkm/machine
bsdkm/opt_global.h
bsdkm/x86
bsdkm/bus_if.h
bsdkm/cryptodev_if.h
bsdkm/device_if.h
# autotools generated
scripts/unit.test
@@ -386,6 +394,7 @@ IDE/**/DerivedData
CMakeFiles/
CMakeCache.txt
cmake_install.cmake
!cmake/Config.cmake.in
# GDB Settings
\.gdbinit
@@ -470,3 +479,6 @@ wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h
AGENTS.md
# Code navigation files
compile_commands.json
+4 -1
View File
@@ -36,6 +36,7 @@ BLAKE2B_SELFTEST
BLAKE2S_SELFTEST
BLOCKING
BSDKM_EXPORT_SYMS
ENABLED_BSDKM_REGISTER
BSP_DEFAULT_IO_CHANNEL_DEFINED
BSP_LED_0
BSP_LED_1
@@ -280,7 +281,10 @@ HAVE_INTEL_QAT_SYNC
HAVE_INTEL_SPEEDUP
HAVE_MDK_RTX
HAVE_NETX_BSD
HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_PKCS11_STATIC
HAVE_PKCS11_V3_STATIC
HAVE_POCO_LIB
HAVE_RTP_SYS
HAVE_SECURE_GETENV
@@ -637,7 +641,6 @@ WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
WC_RWLOCK_OPS_INLINE
WC_SHA3_HARDEN
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
+83 -15
View File
@@ -427,6 +427,18 @@ if(WOLFSSL_DTLS_CID)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
endif()
# DTLS 1.3 Fragment ClientHello
add_option("WOLFSSL_DTLS_CH_FRAG"
"Enable wolfSSL DTLS 1.3 Fragment ClientHello (default: disabled)"
"no" "yes;no")
if(WOLFSSL_DTLS_CH_FRAG)
if(NOT WOLFSSL_DTLS13)
message(FATAL_ERROR "DTLS 1.3 Fragment ClientHello is supported only for DTLSv1.3")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG")
endif()
# RNG
add_option("WOLFSSL_RNG"
"Enable compiling and using RNG (default: enabled)"
@@ -511,9 +523,6 @@ if(WOLFSSL_WOLFSSH)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WOLFSSH")
endif()
if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
endif()
# TODO: - DTLS-SCTP
# - DTLS multicast
@@ -881,6 +890,27 @@ add_option("WOLFSSL_AESOFB"
"Enable wolfSSL AES-OFB support (default: disabled)"
"no" "yes;no")
# AES-ECB
add_option("WOLFSSL_AESECB"
"Enable wolfSSL AES-ECB support (default: disabled)"
"no" "yes;no")
if(WOLFSSL_AESECB)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AES_ECB")
endif()
# AES-CTS
add_option("WOLFSSL_AESCTS"
"Enable wolfSSL AES-CTS support (default: disabled)"
"no" "yes;no")
if(WOLFSSL_AESCTS)
if(NOT WOLFSSL_AESCBC)
message(FATAL_ERROR "AES-CTS requires AES-CBC.")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CTS")
endif()
# TODO: - AES-GCM stream
# - AES-ARM
# - Xilinx hardened crypto
@@ -1080,7 +1110,7 @@ if(WOLFSSL_ECCSI)
message(FATAL_ERROR "cannot enable ECCSI without enabling ECC.")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI")
endif()
# SAKKE
@@ -1105,6 +1135,18 @@ if(WOLFSSL_SIPHASH)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SIPHASH")
endif()
add_option("WOLFSSL_PUBLIC_MP"
"Enable public MP API (default: disabled)"
"no" "yes;no")
if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS OR WOLFSSL_ECCSI)
override_cache(WOLFSSL_PUBLIC_MP "yes")
endif()
if(WOLFSSL_PUBLIC_MP)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
endif()
# TODO: - Compressed key
# - FP ECC, fixed point cache ECC
# - ECC encrypt
@@ -1310,6 +1352,15 @@ else()
endif()
endif()
# RSA Direct
add_option("WOLFSSL_WC_RSA_DIRECT"
"Enable RSA Direct (default: disabled)"
"no" "yes;no")
if(WOLFSSL_RSA AND WOLFSSL_WC_RSA_DIRECT)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_DIRECT")
endif()
# OAEP
add_option("WOLFSSL_OAEP"
"Enable RSA OAEP (default: enabled)"
@@ -1435,6 +1486,12 @@ if(NOT WOLFSSL_AES)
if(WOLFSSL_AESCTR)
message(FATAL_ERROR "AESCTR requires AES.")
endif()
if(WOLFSSL_AESECB)
message(FATAL_ERROR "AES-ECB requires AES.")
endif()
if(WOLFSSL_AESCTS)
message(FATAL_ERROR "AES-CTS requires AES.")
endif()
else()
if(WOLFSSL_LEAN_PSK)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
@@ -2196,13 +2253,14 @@ if(WOLFSSL_AESOFB)
endif()
if(WOLFSSL_TPM)
override_cache(WOLFSSL_KEYGEN "yes")
override_cache(WOLFSSL_CERTGEN "yes")
override_cache(WOLFSSL_CRYPTOCB "yes")
override_cache(WOLFSSL_CERTREQ "yes")
override_cache(WOLFSSL_CERTEXT "yes")
override_cache(WOLFSSL_PKCS7 "yes")
override_cache(WOLFSSL_AESCFB "yes")
override_cache(WOLFSSL_KEYGEN "yes")
override_cache(WOLFSSL_CERTGEN "yes")
override_cache(WOLFSSL_CRYPTOCB "yes")
override_cache(WOLFSSL_CERTREQ "yes")
override_cache(WOLFSSL_CERTEXT "yes")
override_cache(WOLFSSL_PKCS7 "yes")
override_cache(WOLFSSL_AESCFB "yes")
override_cache(WOLFSSL_PUBLIC_MP "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALLOW_ENCODING_CA_FALSE")
endif()
@@ -2600,7 +2658,7 @@ target_compile_definitions(wolfssl PRIVATE "BUILDING_WOLFSSL")
if(${BUILD_SHARED_LIBS})
target_compile_definitions(wolfssl PUBLIC "WOLFSSL_DLL")
endif()
target_compile_definitions(wolfssl PUBLIC ${WOLFSSL_DEFINITIONS})
target_compile_definitions(wolfssl PRIVATE ${WOLFSSL_DEFINITIONS})
####################################################
# Include Directories
@@ -2663,6 +2721,7 @@ if(WOLFSSL_EXAMPLES)
add_executable(client
${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
target_link_libraries(client wolfssl)
target_compile_definitions(client PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET client
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/client)
@@ -2671,6 +2730,7 @@ if(WOLFSSL_EXAMPLES)
add_executable(server
${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c)
target_link_libraries(server wolfssl)
target_compile_definitions(server PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET server
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/server)
@@ -2681,6 +2741,7 @@ if(WOLFSSL_EXAMPLES)
target_include_directories(echoclient PRIVATE
${CMAKE_CURRENT_BINARY_DIR})
target_link_libraries(echoclient wolfssl)
target_compile_definitions(echoclient PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET echoclient
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/echoclient)
@@ -2691,6 +2752,7 @@ if(WOLFSSL_EXAMPLES)
target_include_directories(echoserver PRIVATE
${CMAKE_CURRENT_BINARY_DIR})
target_link_libraries(echoserver wolfssl)
target_compile_definitions(echoserver PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET echoserver
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
@@ -2700,6 +2762,7 @@ if(WOLFSSL_EXAMPLES)
add_executable(tls_bench
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
target_link_libraries(tls_bench wolfssl)
target_compile_definitions(tls_bench PRIVATE ${WOLFSSL_DEFINITIONS})
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(tls_bench Threads::Threads)
endif()
@@ -2804,6 +2867,7 @@ if(WOLFSSL_EXAMPLES)
${CMAKE_CURRENT_BINARY_DIR})
target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
target_link_libraries(unit_test wolfssl)
target_compile_definitions(unit_test PRIVATE ${WOLFSSL_DEFINITIONS})
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(unit_test Threads::Threads)
endif()
@@ -2829,6 +2893,7 @@ if(WOLFSSL_CRYPT_TESTS)
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest")
target_link_libraries(wolfcrypttest_lib wolfssl)
target_compile_definitions(wolfcrypttest_lib PRIVATE ${WOLFSSL_DEFINITIONS})
target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER")
if(WOLFSSL_CRYPT_TESTS_HELP)
target_compile_options(wolfcrypttest_lib PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
@@ -2839,6 +2904,7 @@ if(WOLFSSL_CRYPT_TESTS)
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench")
target_link_libraries(wolfcryptbench_lib wolfssl)
target_compile_definitions(wolfcryptbench_lib PRIVATE ${WOLFSSL_DEFINITIONS})
target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER")
endif()
@@ -2846,6 +2912,7 @@ if(WOLFSSL_CRYPT_TESTS)
add_executable(wolfcrypttest
${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
target_link_libraries(wolfcrypttest wolfssl)
target_compile_definitions(wolfcrypttest PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET wolfcrypttest
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/wolfcrypt/test)
@@ -2865,6 +2932,7 @@ if(WOLFSSL_CRYPT_TESTS)
target_include_directories(wolfcryptbench PRIVATE
${CMAKE_CURRENT_BINARY_DIR})
target_link_libraries(wolfcryptbench wolfssl)
target_compile_definitions(wolfcryptbench PRIVATE ${WOLFSSL_DEFINITIONS})
set_property(TARGET wolfcryptbench
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/wolfcrypt/benchmark)
@@ -3019,9 +3087,9 @@ if(WOLFSSL_INSTALL)
# Install the library
install(TARGETS wolfssl
EXPORT wolfssl-targets
LIBRARY DESTINATION lib
ARCHIVE DESTINATION lib
RUNTIME DESTINATION bin
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
# Install the headers
install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
@@ -14,7 +14,7 @@
</storageModule>
<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
<option id="toolchain.id" value="Renesas_RXC"/>
<option id="toolchain.version" value="v3.03.00"/>
<option id="toolchain.version" value="v3.06.00"/>
<option id="toolchain.enable" value="true"/>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
@@ -24,13 +24,13 @@
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.808325012" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="Endian of output data value (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1826562770" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv3" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.2015650112" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.2015650112" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1065149525" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.1439501151" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.141103170" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="R5F565NEHxFP;R5F572NNHxFB" valueType="string"/>
@@ -39,12 +39,12 @@
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.198501700" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.898504242" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.2015079094" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1725961285" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="false" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1725961285" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU.1871678157" name="Has TFU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU" value="true" valueType="string"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.220371913" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1764475068" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.477145288" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1764475068" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.477145288" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../test/src&quot;"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
@@ -67,33 +67,33 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
<listOptionValue builtIn="false" value="RENESAS_T4_USE"/>
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.165256012" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.165256012" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.850666858" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.850666858" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.897672730" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.862144636" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.48690443" name="出力する文字コード (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.1557621233" name="最適化レベル (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.897672730" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.862144636" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.48690443" name="Output character code (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.1557621233" name="Optimization level (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1722484558" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.709788007" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.1564576801" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.1555827005" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.1555827005" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="追加するオプション(すべての指定オプションの後ろに追加)&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -114,29 +114,28 @@
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1333901009" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.2020069967" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.2020069967" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="D=R"/>
<listOptionValue builtIn="false" value="D_1=R_1"/>
<listOptionValue builtIn="false" value="D_2=R_2"/>
<listOptionValue builtIn="false" value="D_8=R_8"/>
<listOptionValue builtIn="false" value="DEXRAM=REXRAM"/>
<listOptionValue builtIn="false" value="DEXRAM_1=REXRAM_1"/>
<listOptionValue builtIn="false" value="DEXRAM_2=REXRAM_2"/>
<listOptionValue builtIn="false" value="DEXRAM_8=REXRAM_8"/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/0100000,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.1724535779" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.1724535779" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;.\src\benchmark.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\key_data.obj&quot;"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="Address setting for unused vector area (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="Checks the section larger than the specified range of addresses (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="Memory address type assignment method (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;.\src/client\simple_tcp_client.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/client\simple_tls_tsip_client.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/key_data\key_data.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/server\simple_tcp_server.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/server\simple_tls_server.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/Config_TMR0\Config_TMR0.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/Config_TMR0\Config_TMR0_user.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_cg_hardware_setup.obj&quot;"/>
@@ -173,40 +172,298 @@
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_driver_rx/src\t4_driver.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_driver_rx/src\timer.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_rx/src\config_tcpudp.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\test.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function000.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function001.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function002.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function003.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function004.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function005.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function006.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function007.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function008.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function009.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function010.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function011.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function015.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function022.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function023.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function025.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function027.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function028.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function030.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function031.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function032.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function040.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function041.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function050.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function051.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function052.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function053.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function054.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function060.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function061.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function070.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function071.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function072.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function073.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function074.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function075.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function080.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function100.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function101.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function102.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function103.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function200.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function202.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function205.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function206.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function207.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function304.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function307.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function308.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function309.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function310.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function311.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function312.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function313.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function314.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function315.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function316.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function317.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function318.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function319.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function320.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function321.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function322.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function323.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function324.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function325.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function401.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_function402.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p00.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p01.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p02.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p03.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p04.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p05.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p06.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p07.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p08.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0c.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0d.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0e.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p0f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p10.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p14.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p18.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p19.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1d.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1e.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p1f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p20.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p21.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p22.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p23.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p26.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29t.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p29u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2c.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2d.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p2e.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32t.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p32u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34t.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p34u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36t.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p36u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p37.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p38.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p39.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3c.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3d.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3e.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p3f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p41u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p44u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p47u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p50u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p53.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p54.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p56.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p57.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p59.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5c.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p5d.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p60.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p62.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p63.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p6a.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p6b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p71.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p72.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p73u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p76u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p79.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p7b.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p80.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p93.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p94.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p95u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_p98u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa1u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pa4u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_paa.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pab.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pac.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pad.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pba.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbb.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbc.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbd.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbe.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pbf.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc0.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc1.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc3.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc4.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc6.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc7.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pc9.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pca.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcb.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcc.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcd.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pcf.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd0.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd2.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd3.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd5.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd6u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd7.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd8.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9f.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9i.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pd9u.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pdd.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pde.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pdf.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe0.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe1.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe2.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe3.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe4.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe5.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe6.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe7.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe8.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pe9.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pea.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_peb.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pec.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_ped.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pee.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pef.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf0.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf1.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf3.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf4.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf5.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf6.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf8.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pf9.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfa.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfb.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_pfc.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc01.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc02.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc03.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\r_tsip_rx_subprc04.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n/ip\s_flash.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_aes_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_arc4_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_ecc_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_hash_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rsa_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_rx_private.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_tdes_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx72m_rx72n_rx66n\r_tsip_tls_rx.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/test\benchmark.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/test\test.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src/test\wolfssl_dummy.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\test_main.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\wolf_client.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\wolf_server.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\wolfssl_dummy.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\wolfssl_tsip_unit_test.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="Relocatable files, object files and library files (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
</option>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1397073307" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.1773409552" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1397073307" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.1773409552" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.946493093" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.946493093" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.338617005" name="C言語標準ライブラリ関数の構成 (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.1293885198" name="ctype.hC89/C99):文字操作用ライブラリ (-head=ctype)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.338617005" name="Library configuration (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.1293885198" name="ctype.h (C89/C99): Character classification routines (-head=ctype)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.1917108303" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.109845398" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.109845398" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.230415631" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.230415631" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.318974000" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
</toolChain>
@@ -246,13 +503,13 @@
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.617132481" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="Endian of output data value (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1771586719" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv3" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1045346284" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1045346284" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.229476184" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.748972653" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.780008434" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="R5F565NEHxFP;R5F572NNHxFB" valueType="string"/>
@@ -261,12 +518,12 @@
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.1001057208" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963664750" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.1280023203" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1551558655" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1551558655" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU.261169670" name="Has TFU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasTFU" value="true" valueType="string"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.278830907" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
@@ -285,30 +542,30 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.878126292" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.878126292" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.443993930" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.443993930" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.47850385" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.24533273" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.542364588" name="出力する文字コード (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.47850385" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.24533273" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.542364588" name="Output character code (-outcode)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1919404628" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.293530100" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.607581328" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.622904140" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.622904140" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="追加するオプション(すべての指定オプションの後ろに追加)&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="Character code of an input program (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -329,7 +586,7 @@
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1516159151" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1765662172" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1765662172" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="D=R"/>
<listOptionValue builtIn="false" value="D_1=R_1"/>
<listOptionValue builtIn="false" value="D_2=R_2"/>
@@ -339,41 +596,41 @@
<listOptionValue builtIn="false" value="DEXRAM_2=REXRAM_2"/>
<listOptionValue builtIn="false" value="DEXRAM_8=REXRAM_8"/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8/00800000" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000,BEXRAM_1,REXRAM_1,BEXRAM_2,REXRAM_2,BEXRAM,REXRAM,BEXRAM_8,REXRAM_8/00800000" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.40118921" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.40118921" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="Address setting for unused vector area (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="Checks the section larger than the specified range of addresses (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="Memory address type assignment method (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="Relocatable files, object files and library files (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
</option>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.665362864" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.413642487" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.665362864" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.413642487" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.322853429" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.322853429" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1591825359" name="C言語標準ライブラリ関数の構成 (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1591825359" name="Library configuration (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.175269062" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.1586351233" name="追加するオプション(すべての指定オプションの前に追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.1586351233" name="User-defined options (added before all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="追加するオプション(すべての指定オプションの後ろに追加)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="User-defined options (added after all specified options)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value=""/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.2141918916" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.2141918916" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1118615463" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
</toolChain>
@@ -24,10 +24,10 @@
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.174341512" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
<builder buildPath="${workspace_loc:/wolfssl}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.1547537924" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1555184586" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.317830941" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.317830941" name="Output debug information (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.566285610" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.789156168" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.789156168" name="Instruction set architecture (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1416683217" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.738625467" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F572NNHxFB" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand.806008705" name="Device Command" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand" useByScannerDiscovery="false" value="R5F572NN" valueType="string"/>
@@ -35,12 +35,13 @@
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963524125" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.664031971" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX72N" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.1128940076" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="non_init;R5F572NNHxFB" valueType="string"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1794174354" name="倍精度浮動小数点処理命令を使用する (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1365779106" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU.1794174354" name="Use double-precision floating-point operation instructions (-dpfpu/-nodpfpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doublePrecisionFPU" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1365779106" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doubleSize.1678372326" name="Suppress to change double type and long double type as float type (-dbl_size)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.doubleSize" value="false" valueType="boolean"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.958103973" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1276851320" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.1381248206" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1276851320" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.1381248206" name="Include file directories (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
<listOptionValue builtIn="false" value="${ProjDirPath}/../../../../../../../"/>
<listOptionValue builtIn="false" value="${ProjDirPath}/../../wolfssl_demo"/>
@@ -50,12 +51,12 @@
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../test/src/smc_gen/r_config&quot;"/>
<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../test/src/smc_gen/r_tsip_rx&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.687020263" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.687020263" name="Macro definition (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
<listOptionValue builtIn="false" value="RENESAS_T4_USE"/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.1494793389" name="Cソース (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.573554071" name="最適化レベル (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.1494793389" name="C source file (-lang)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.573554071" name="Optimization level (-optimize)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.971510512" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.948214383" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
</tool>
@@ -63,14 +64,14 @@
<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.328050806" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.945835579" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.139100472" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.userLibrary" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.177476365" name="ROMからRAMへマップするセクション (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.139100472" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.typeOfOutputFileOption.userLibrary" valueType="enumerated"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.177476365" name="ROM to RAM mapped section (-rom)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="D=R"/>
<listOptionValue builtIn="false" value="D_1=R_1"/>
<listOptionValue builtIn="false" value="D_2=R_2"/>
</option>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1739258398" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1739258398" name="Sections (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(Linkage order list) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
<listOptionValue builtIn="false" value="&quot;.\src\crl.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\internal.obj&quot;"/>
<listOptionValue builtIn="false" value="&quot;.\src\keys.obj&quot;"/>
@@ -146,11 +147,11 @@
</option>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1901868731" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1987941672" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.820377223" name="標準ライブラリを生成する条件" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.donotAddLibrary" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1987941672" name="Use floating point arithmetic instructions (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.820377223" name="Generation mode of the standard library" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.donotAddLibrary" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.620355579" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1605130132" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1605130132" name="Output file type (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
</tool>
<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1798199560" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
</toolChain>
@@ -162,6 +163,7 @@
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
<storageModule moduleId="com.renesas.cdt.managedbuild.core.boardInfo"/>
<storageModule moduleId="com.renesas.cdt.managedbuild.core.deviceConfiguration"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
@@ -186,64 +186,64 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0x58, 0x3F, 0x3C, 0x27, 0x4A, 0xC0, 0xA8, 0x35, 0x31, 0xAA,
0xB6, 0x49, 0x4C, 0x69, 0x48, 0xF6, 0x63, 0xA5, 0x2E, 0x8C,
0xA4, 0x1E, 0xAF, 0x18, 0x14, 0x11, 0x6A, 0xF7, 0x25, 0xF2,
0xE1, 0x82, 0x6E, 0xAA, 0x3C, 0xE2, 0x75, 0x6E, 0x81, 0x59,
0x2E, 0xF1, 0xED, 0xDD, 0xD1, 0x1C, 0xA3, 0xE7, 0xEC, 0x89,
0xD3, 0x19, 0x1A, 0x59, 0xEB, 0xBA, 0x1D, 0x65, 0xFD, 0x53,
0x4A, 0x90, 0x6F, 0xA1, 0x06, 0xB3, 0x08, 0xE4, 0x00, 0xF4,
0x91, 0x45, 0xD8, 0xC9, 0xD8, 0x30, 0x8A, 0x94, 0x9B, 0x48,
0x60, 0x68, 0xD1, 0x09, 0x84, 0xAE, 0x51, 0xD8, 0xD8, 0x67,
0x58, 0x58, 0x9B, 0x57, 0x9E, 0x09, 0x9D, 0x1B, 0x3B, 0x22,
0x67, 0x6A, 0x50, 0x91, 0xF2, 0x60, 0x5E, 0x78, 0x86, 0xF9,
0x2F, 0xF4, 0xB4, 0xAE, 0x6A, 0xF6, 0x0D, 0xAB, 0x8B, 0xF6,
0x60, 0x47, 0x8D, 0xD4, 0xEC, 0xE6, 0x9E, 0x57, 0x6C, 0xCC,
0x4F, 0xF5, 0xCD, 0x20, 0xD7, 0x15, 0x70, 0x50, 0x53, 0x96,
0x84, 0x6B, 0x9A, 0x07, 0x90, 0x41, 0x14, 0x08, 0x62, 0x87,
0xF5, 0x20, 0x0E, 0x82, 0xE2, 0x12, 0x5C, 0x1E, 0x72, 0x73,
0xB8, 0x18, 0x90, 0xCF, 0x98, 0x14, 0xC3, 0xE6, 0xED, 0x89,
0xA3, 0x7C, 0x67, 0x50, 0x01, 0xCC, 0x48, 0xD2, 0x6A, 0x9C,
0x9E, 0x4D, 0x44, 0x49, 0x82, 0x5F, 0xC1, 0x2E, 0x18, 0xBE,
0x23, 0x53, 0xCD, 0x09, 0x85, 0x16, 0x9D, 0x5F, 0x99, 0x78,
0xA1, 0x78, 0x51, 0xC9, 0x5A, 0x3E, 0x04, 0xBE, 0xE2, 0xF5,
0x74, 0x7E, 0x6F, 0x89, 0xD9, 0x05, 0x29, 0xC1, 0x5B, 0x57,
0x3D, 0xE3, 0x5E, 0xB8, 0x4B, 0x93, 0x7D, 0x68, 0x78, 0xF9,
0x88, 0x1B, 0x8E, 0x78, 0x04, 0x00, 0x54, 0x20, 0x3F, 0x0C,
0x99, 0x11, 0x1D, 0x90, 0x2C, 0x10, 0x4C, 0xCE, 0xA3, 0x17,
0xA7, 0xF8, 0xB4, 0xC6, 0xF8, 0x12
0x0B, 0x1D, 0x49, 0x40, 0xE8, 0xDA, 0x46, 0xAE, 0x1C, 0x50,
0xC8, 0x76, 0xF3, 0x57, 0x05, 0x95, 0x89, 0xE1, 0x8B, 0x13,
0x6B, 0x0F, 0xEB, 0x47, 0x0E, 0x1E, 0x9C, 0x87, 0xBB, 0x07,
0x6E, 0xE4, 0x6B, 0xDF, 0x5B, 0xEF, 0xA3, 0x2C, 0xD8, 0x07,
0x91, 0x5B, 0x4E, 0x5B, 0xA1, 0xD0, 0x3E, 0x07, 0x22, 0xAF,
0x12, 0xF3, 0x0F, 0x62, 0x35, 0x45, 0x82, 0xFC, 0x26, 0x2B,
0xD1, 0x03, 0x51, 0xAB, 0x35, 0xFE, 0x48, 0x80, 0xC9, 0x68,
0xA0, 0xE0, 0x54, 0x4A, 0x8F, 0xA7, 0x59, 0xA1, 0xED, 0x57,
0x3D, 0x9D, 0xC0, 0x6B, 0x22, 0x20, 0xDA, 0x1A, 0xFF, 0xDB,
0x01, 0x60, 0x59, 0x21, 0x88, 0xD5, 0x5A, 0x40, 0x25, 0x82,
0xB0, 0x27, 0x54, 0xDC, 0x37, 0x79, 0x70, 0xD1, 0x6C, 0x63,
0x63, 0xC6, 0x98, 0x63, 0xA9, 0xE6, 0xB7, 0x6C, 0x50, 0xC1,
0x40, 0xCF, 0xE9, 0x84, 0xC7, 0xB9, 0x8F, 0x7C, 0xC3, 0xE1,
0xE2, 0x96, 0x67, 0xC6, 0x48, 0x25, 0xD8, 0xB3, 0x40, 0x94,
0x13, 0xF3, 0x55, 0xF8, 0xC3, 0xEA, 0x39, 0xE1, 0xE9, 0x36,
0xD1, 0xBE, 0xB2, 0x9C, 0x86, 0xD1, 0x78, 0xE1, 0xC7, 0x67,
0x3B, 0xD0, 0x10, 0x57, 0x7B, 0x09, 0x33, 0x03, 0x01, 0x8A,
0xDA, 0x30, 0x1F, 0x74, 0xED, 0x99, 0x8F, 0x93, 0xA2, 0x73,
0x7B, 0xA6, 0x3A, 0x44, 0x74, 0x9C, 0x5E, 0x19, 0x1B, 0x0B,
0x63, 0x3A, 0xAF, 0x5C, 0xD5, 0xB4, 0x1C, 0xF0, 0x0B, 0x3F,
0x15, 0xB3, 0x6B, 0x10, 0x88, 0x93, 0x6C, 0xAB, 0xB4, 0x65,
0x35, 0xCC, 0x91, 0x9A, 0x19, 0x5D, 0xDF, 0xE0, 0xAC, 0x75,
0xC3, 0x14, 0x46, 0x2E, 0x7B, 0xF8, 0x73, 0xEB, 0x75, 0xD8,
0x47, 0xAF, 0x1E, 0x7B, 0x5B, 0xE5, 0x09, 0x01, 0x42, 0x5C,
0xB3, 0xC6, 0xEB, 0x92, 0xC5, 0x85, 0x6B, 0xD4, 0x22, 0x39,
0x77, 0x92, 0x13, 0x8A, 0x42, 0x2C
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x55, 0x93, 0xCF, 0x28, 0xF7, 0x38, 0x1E, 0xF1, 0x29, 0x5A,
0xDE, 0x41, 0xCD, 0x83, 0x00, 0x06, 0x79, 0xB3, 0x12, 0x56,
0xBD, 0x04, 0xCB, 0x97, 0xCC, 0xD2, 0x39, 0x3C, 0x36, 0x94,
0x8D, 0x66, 0xB0, 0x41, 0xF4, 0xBD, 0x82, 0x8F, 0x03, 0x24,
0x25, 0x65, 0xA1, 0x85, 0x87, 0xCE, 0x58, 0x0A, 0x45, 0xC6,
0xB6, 0x38, 0x27, 0x44, 0x2A, 0x7A, 0x9B, 0xA2, 0x71, 0x67,
0x92, 0xDA, 0xFD, 0x71, 0x88, 0x52, 0xF2, 0xFE, 0x61, 0x33,
0xCB, 0x7F, 0xB4, 0x47, 0x3D, 0x60, 0xC6, 0x3A, 0x48, 0x44,
0x6F, 0xA2, 0x16, 0x07, 0xA2, 0x94, 0x50, 0x99, 0x09, 0x7B,
0x43, 0x04, 0xAD, 0xCA, 0x9C, 0x34, 0xD4, 0x72, 0x4B, 0x79,
0x31, 0xE1, 0xC5, 0x6C, 0xA7, 0xB4, 0xD8, 0xED, 0x80, 0x79,
0xBB, 0x69, 0xA0, 0xA6, 0x7A, 0x63, 0x99, 0x02, 0xF7, 0x64,
0xF0, 0x6D, 0xBB, 0xC5, 0xDA, 0x55, 0x0D, 0x43, 0x7C, 0x30,
0x74, 0x21, 0x05, 0x35, 0x63, 0xAD, 0x32, 0x76, 0x11, 0xA5,
0x75, 0xF3, 0x83, 0xEE, 0x05, 0xFB, 0x91, 0x18, 0x5E, 0xCC,
0x71, 0x49, 0x26, 0x0D, 0xE2, 0xE3, 0xB3, 0xAD, 0xFF, 0x65,
0xA9, 0x9B, 0xF0, 0x81, 0xE1, 0x5D, 0xC3, 0x4C, 0x82, 0x83,
0x33, 0xDA, 0xF6, 0x29, 0xC7, 0xC2, 0xA0, 0x23, 0x5D, 0xB1,
0xCE, 0x82, 0x94, 0x49, 0xC5, 0xC0, 0xE5, 0xED, 0x3B, 0xF6,
0x79, 0x21, 0x3B, 0xFC, 0x6D, 0xB5, 0x2A, 0xF6, 0x6D, 0xD9,
0x4C, 0x3E, 0xBF, 0x2E, 0x13, 0xA2, 0x75, 0x93, 0x5A, 0xB4,
0x2B, 0xF5, 0x74, 0xEF, 0xAE, 0x48, 0xFE, 0x06, 0x2D, 0x3F,
0xA3, 0xFE, 0x1A, 0xC9, 0x45, 0x1D, 0x15, 0xC8, 0xEF, 0x95,
0xE2, 0x6F, 0x7D, 0x1E, 0x96, 0xCD, 0x4D, 0xC5, 0x5F, 0xEB,
0x57, 0x85, 0x54, 0xE4, 0x7F, 0xE0, 0x0F, 0xAD, 0xC3, 0xEE,
0xBF, 0xFB, 0x43, 0xA6, 0xAB, 0x92
0x67, 0xBD, 0x28, 0x1E, 0x1A, 0x17, 0xFD, 0x88, 0x03, 0x8B,
0xA2, 0x5A, 0x65, 0xB3, 0xF2, 0x17, 0x61, 0xE1, 0x7F, 0x9B,
0xC3, 0x50, 0xEC, 0x55, 0x61, 0x46, 0x0C, 0xC1, 0x2B, 0x9D,
0x02, 0xDB, 0x0A, 0x36, 0xA1, 0x49, 0x95, 0x42, 0xD1, 0x1A,
0x75, 0xEC, 0x39, 0xC2, 0x10, 0xC5, 0x9F, 0xDC, 0x8C, 0xBC,
0x4E, 0x04, 0xC9, 0x5E, 0x52, 0x6B, 0x42, 0xF0, 0x4E, 0x8D,
0x0D, 0xDD, 0x01, 0x05, 0x14, 0x77, 0x28, 0x75, 0xB6, 0x36,
0xA8, 0xD1, 0xA9, 0xB4, 0x46, 0xB5, 0xED, 0xD9, 0x10, 0x62,
0xEC, 0x3B, 0xA5, 0x5B, 0x10, 0xB7, 0xE2, 0xC7, 0x67, 0x4F,
0x1A, 0x48, 0x9B, 0xAF, 0x31, 0x9D, 0x21, 0xDC, 0x3B, 0x06,
0xAC, 0x95, 0x78, 0xE6, 0x2D, 0x5F, 0xA8, 0xAD, 0xCC, 0xD2,
0x4E, 0xF3, 0x4A, 0xC9, 0x7E, 0x4A, 0x28, 0x51, 0x6D, 0xBC,
0x8D, 0xA5, 0x57, 0x49, 0x32, 0xC0, 0xE2, 0x48, 0x57, 0x8B,
0x7D, 0x4D, 0x9B, 0x43, 0x99, 0xF0, 0xC0, 0x21, 0xD0, 0xAF,
0x3D, 0x5B, 0xE0, 0x4F, 0xC2, 0x7C, 0xCF, 0xCC, 0xDB, 0x9A,
0x79, 0xB6, 0x7E, 0xA0, 0x53, 0xAA, 0x4D, 0x5B, 0xD0, 0x3A,
0xBA, 0x7F, 0xCC, 0x99, 0xD6, 0x68, 0xD7, 0x14, 0x85, 0xD7,
0x8E, 0xE0, 0x1A, 0x6E, 0xE7, 0xC1, 0xD5, 0x2B, 0x35, 0x94,
0x8E, 0xC1, 0x59, 0xC5, 0xAE, 0x48, 0x22, 0x87, 0x36, 0xC1,
0xA4, 0xD9, 0x58, 0xC1, 0x2A, 0xD6, 0xFE, 0x45, 0x63, 0xCA,
0x8F, 0x93, 0x86, 0xEC, 0x8D, 0xC2, 0xFD, 0xE3, 0x62, 0xD6,
0x4C, 0x43, 0xFE, 0x82, 0x4F, 0xC9, 0x9D, 0xA9, 0xD8, 0xE4,
0x5C, 0x15, 0x6D, 0xDE, 0xF9, 0x3D, 0x76, 0xB7, 0xBA, 0xF7,
0x1C, 0xFB, 0x90, 0x74, 0xBB, 0x60, 0x93, 0xA4, 0x0C, 0xA4,
0xFF, 0x41, 0x1C, 0x18, 0x7E, 0xE8, 0xE3, 0x78, 0xF5, 0x52,
0x98, 0x50, 0xFD, 0xA8, 0x07, 0xAD
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */
@@ -294,5 +294,3 @@
/*-- strcasecmp */
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
/* use original ASN parsing */
#define WOLFSSL_ASN_ORIGINAL
+3
View File
@@ -16,6 +16,9 @@
all the generated build options. This file needs to be included in your application
before any other wolfSSL headers. Optionally your application can define
WOLFSSL_USE_OPTIONS_H to do this automatically.
Note: Building with configure also installs CMake package files under
$(libdir)/cmake/wolfssl to support find_package(wolfssl). You can disable this
with ./configure --disable-cmake-install.
2. Building on iOS
+6 -2
View File
@@ -78,6 +78,9 @@ CLEANFILES+= ecc-key.der \
pkcs7encryptedDataDES3.der \
pkcs7encryptedDataDES.der \
pkcs7envelopedDataAES256CBC_ECDH.der \
cmake/wolfssl-config.cmake \
cmake/wolfssl-config-version.cmake \
cmake/wolfssl-targets.cmake \
pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der \
pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der \
pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der \
@@ -247,8 +250,9 @@ if BUILD_BSDKM
EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
AM_CCASFLAGS CCASFLAGS \
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_BSDKM_REGISTER \
ENABLED_ASM ENABLED_INTELASM ENABLED_AESNI ENABLED_AESNI_WITH_AVX \
ENABLED_KERNEL_BENCHMARKS
endif
+23
View File
@@ -57,6 +57,29 @@ suites are available. You can remove this error by defining
`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're
not using TLS cipher suites.
### AES CryptoCB Key Import Support
wolfSSL supports hardware-accelerated AES operations via CryptoCB.
When `WOLF_CRYPTO_CB_AES_SETKEY` is defined, wolfSSL invokes a CryptoCB
callback during AES key setup. The callback behavior determines the mode:
**If callback returns 0 (success):**
- Key is imported to Secure Element/HSM
- Key is NOT copied to wolfSSL RAM (true key isolation)
- GCM tables are NOT generated (full hardware offload)
- All subsequent AES operations route through CryptoCB
**If callback returns CRYPTOCB_UNAVAILABLE:**
- SE doesn't support key import
- Normal software AES path is used
- Key is copied to devKey for CryptoCB encrypt/decrypt acceleration
This feature enables TLS 1.3 traffic key protection on embedded platforms
where symmetric keys must never exist in main RAM.
Enable with: `CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"`
### Note 2
wolfSSL takes a different approach to certificate verification than OpenSSL
does. The default policy for the client is to verify the server, this means
+72 -17
View File
@@ -1,19 +1,27 @@
# wolfssl kernel module name and source, and root dir.
KMOD=libwolfssl
SRCS=wolfkmod.c
WOLFSSL_DIR=../
# wolfssl kernel module name and main source, and wolfssl root dir.
KMOD = libwolfssl
SRCS = wolfkmod.c
WOLFSSL_DIR = ../
CFLAGS+=-I${WOLFSSL_DIR}
CFLAGS+=-DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER
CFLAGS += -I${WOLFSSL_DIR}
CFLAGS += -DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER
#
# debug options
# verbose printing:
# CFLAGS+=-DWOLFSSL_BSDKM_VERBOSE_DEBUG
# CFLAGS += -DWOLFSSL_BSDKM_VERBOSE_DEBUG
#
# print memory mallocs / frees:
# CFLAGS+=-DWOLFSSL_BSDKM_MEMORY_DEBUG
# CFLAGS += -DWOLFSSL_BSDKM_MEMORY_DEBUG
#
CFLAGS+=$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS)
# print fpu_kern_enter / leave:
# CFLAGS += WOLFSSL_BSDKM_FPU_DEBUG
#
CFLAGS += $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS)
.if defined(ENABLED_BSDKM_REGISTER)
# These device header files are generated during build.
SRCS += bus_if.h cryptodev_if.h device_if.h
.endif
# FreeBSD make does not support GNU make's patsubst and related. Filter
# through sed instead.
@@ -21,19 +29,26 @@ WOLFSSL_OBJS != echo ${src_libwolfssl_la_OBJECTS} | \
sed 's|src_libwolfssl_la-||g' | sed 's|\.lo|.o|g' | \
sed 's|wolfcrypt/src/|${WOLFSSL_DIR}/wolfcrypt/src/|g'
# wolfcrypt test
.if ${ENABLED_CRYPT_TESTS} == "yes"
WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/test/test.o
.else
CFLAGS+=-DNO_CRYPT_TEST
CFLAGS += -DNO_CRYPT_TEST
.endif
# wolfcrypt benchmark
.if ${ENABLED_KERNEL_BENCHMARKS} == "yes"
WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/benchmark/benchmark.o
CFLAGS += -DWOLFSSL_NO_FLOAT_FMT
.endif
OBJS += ${WOLFSSL_OBJS}
# Export no public symbols by default.
.if !defined(BSDKM_EXPORT_SYMS)
EXPORT_SYMS=NO
EXPORT_SYMS = NO
.else
EXPORT_SYMS=${BSDKM_EXPORT_SYMS}
EXPORT_SYMS = ${BSDKM_EXPORT_SYMS}
.endif
# Default to live kernel src tree makefile at
@@ -45,12 +60,52 @@ OBJS += ${WOLFSSL_OBJS}
.endif
.include "${SYSDIR}/conf/kmod.mk"
#
# To use aesni and friends in FreeBSD kernel we need to adjust build flags.
# See these kernel makefiles for reference:
# - /usr/src/sys/modules/aesni/Makefile
# - /usr/src/sys/conf/kern.mk
#
WOLFKMOD_SIMD_BASE = -msse -msse2 -msse4.1
WOLFKMOD_SIMD_AES = -maes -mpclmul
WOLFKMOD_SIMD_AVX = -mavx -mavx2
.if ${ENABLED_AESNI} == "yes"
CFLAGS.aes.c += ${WOLFKMOD_SIMD_BASE}
CFLAGS.aes.c += ${WOLFKMOD_SIMD_AES}
.if ${ENABLED_AESNI_WITH_AVX} == "yes"
CFLAGS.aes.c += ${WOLFKMOD_SIMD_AVX}
.endif # ENABLED_AESNI_WITH_AVX #
CFLAGS.aes.c := ${CFLAGS.aes.c:N-nostdinc}
CFLAGS.aes.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.endif # ENABLED_AESNI
.if ${ENABLED_ASM} == "yes"
.for f in chacha dilithium poly1305 sha sha256 sha3 sha512
CFLAGS.${f}.c += ${WOLFKMOD_SIMD_BASE}
CFLAGS.${f}.c += ${WOLFKMOD_SIMD_AVX}
CFLAGS.${f}.c := ${CFLAGS.${f}.c:N-nostdinc}
CFLAGS.${f}.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.endfor
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.endif # ENABLED_ASM == "yes"
# wolfcrypt benchmark always needs simd for the floating point timings.
.if ${ENABLED_KERNEL_BENCHMARKS} == "yes"
CFLAGS.benchmark.c += ${WOLFKMOD_SIMD_BASE}
CFLAGS.benchmark.c := ${CFLAGS.benchmark.c:N-nostdinc}
CFLAGS.benchmark.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers
.endif
# Smooth out a few inconsistencies between FreeBSD default compiler flags
# in /usr/src/sys/conf/kern.mk, vs wolfssl harden flags in
# m4/ax_harden_compiler_flags.m4. E.g. some FreeBSD header files shorten
# 64 to 32 bit, and some wolfcrypt functions cast away const.
CFLAGS+= -Wno-unused-function
CFLAGS+= -Wno-cast-qual
CFLAGS+= -Wno-error=cast-qual
CFLAGS+= -Wno-shorten-64-to-32
CFLAGS+= -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
CFLAGS += -Wno-unused-function
CFLAGS += -Wno-cast-qual
CFLAGS += -Wno-error=cast-qual
CFLAGS += -Wno-shorten-64-to-32
CFLAGS += -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\""
+8 -6
View File
@@ -7,10 +7,10 @@ other loadable modules to link to wolfCrypt.
Supported features:
- wolfCrypt in kernel.
- FIPS-wolfcrypt.
- crypto acceleration: AES-NI, AVX, etc.
Planned features:
- crypto acceleration: AES-NI, AVX, etc.
- kernel opencrypto driver registration.
- kernel opencrypto driver registration (supported for internal testing presently).
- full wolfSSL in kernel (kernel TLS).
## Building and Installing
@@ -44,10 +44,12 @@ sudo kldunload libwolfssl
### options
| freebsdkm option | description |
| :------------------------------- | :--------------------------------------- |
| --with-bsd-export-syms=LIST | Export list of symbols as global. <br>. Options are 'all', 'none', or <br> comma separated list of symbols. |
| --with-kernel-source=PATH | Path to kernel tree root (default `/usr/src/sys`) |
| freebsdkm option | description |
| :--------------------------------- | :--------------------------------------- |
| --with-bsd-export-syms=LIST | Export list of symbols as global. <br>. Options are 'all', 'none', or <br> comma separated list of symbols. |
| --with-kernel-source=PATH | Path to kernel tree root (default `/usr/src/sys`) |
| --enable-kernel-benchmarks | Run wolfcrypt benchmark at module load |
| --enable-freebsdkm-crypto-register | Register with the FreeBSD kernel opencrypto <br>framework (preliminary, for testing) |
### FIPS
+36 -8
View File
@@ -61,13 +61,13 @@ static inline time_t wolfkmod_time(time_t * tloc) {
#define WOLFSSL_DEBUG_PRINTF_FN printf
/* str and char utility functions */
#define XATOI(s) ({ \
char * endptr = NULL; \
long _xatoi_ret = strtol(s, &endptr, 10); \
if ((s) == endptr || *endptr != '\0') { \
_xatoi_ret = 0; \
} \
(int)_xatoi_ret; \
#define XATOI(s) ({ \
char * endptr = NULL; \
long _xatoi_ret = strtol(s, &endptr, 10); \
if ((s) == endptr || *endptr != '\0') { \
_xatoi_ret = 0; \
} \
(int)_xatoi_ret; \
})
#if !defined(XMALLOC_OVERRIDE)
@@ -103,6 +103,33 @@ extern struct malloc_type M_WOLFSSL[1];
})
#endif /* WOLFSSL_BSDKM_DEBUG_MEMORY */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
int wolfkmod_vecreg_init(void);
void wolfkmod_vecreg_exit(void);
int wolfkmod_vecreg_save(int flags_unused);
void wolfkmod_vecreg_restore(void);
/* wrapper defines for FPU_KERN(9).
* /usr/src/sys/amd64/amd64/fpu.c
* /usr/src/sys/amd64/include/pcb.h
* */
#ifndef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
#define WOLFSSL_USE_SAVE_VECTOR_REGISTERS
#endif
#define SAVE_VECTOR_REGISTERS(fail_clause) { \
int _svr_ret = wolfkmod_vecreg_save(0); \
if (_svr_ret != 0) { \
fail_clause \
} \
}
#define SAVE_VECTOR_REGISTERS2() wolfkmod_vecreg_save(0)
#define RESTORE_VECTOR_REGISTERS() wolfkmod_vecreg_restore()
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS */
#if !defined(SINGLE_THREADED)
#define WC_MUTEX_OPS_INLINE
@@ -149,7 +176,8 @@ extern struct malloc_type M_WOLFSSL[1];
typedef volatile int wolfSSL_Atomic_Int;
typedef volatile unsigned int wolfSSL_Atomic_Uint;
#define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
#define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x))
#define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x))
#define WOLFSSL_ATOMIC_LOAD_UINT(x) atomic_load_acq_int(&(x))
#define WOLFSSL_ATOMIC_STORE(x, v) atomic_store_rel_int(&(x), (v))
#define WOLFSSL_ATOMIC_OPS
+6 -4
View File
@@ -2,8 +2,10 @@
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST += m4/ax_bsdkm.m4 \
bsdkm/Makefile \
bsdkm/README.md \
bsdkm/wolfkmod.c \
EXTRA_DIST += m4/ax_bsdkm.m4 \
bsdkm/Makefile \
bsdkm/README.md \
bsdkm/wolfkmod.c \
bsdkm/wolfkmod_aes.c \
bsdkm/x86_vecreg.c \
bsdkm/bsdkm_wc_port.h
+780 -17
View File
@@ -26,6 +26,12 @@
#include <sys/module.h>
#include <sys/kernel.h>
#if defined(BSDKM_CRYPTO_REGISTER)
#include <opencrypto/cryptodev.h>
#include <sys/bus.h>
#include "cryptodev_if.h"
#endif
/* wolf includes */
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#ifdef WOLFCRYPT_ONLY
@@ -44,15 +50,42 @@
#if !defined(NO_CRYPT_TEST)
#include <wolfcrypt/test/test.h>
#endif
#if defined(WOLFSSL_KERNEL_BENCHMARKS)
#include <wolfcrypt/benchmark/benchmark.h>
#endif
#include <wolfssl/wolfcrypt/random.h>
MALLOC_DEFINE(M_WOLFSSL, "libwolfssl", "wolfSSL kernel memory");
static int wolfkmod_init(void);
static int wolfkmod_cleanup(void);
static int wolfkmod_load(void);
static int wolfkmod_unload(void);
#if defined(BSDKM_CRYPTO_REGISTER)
#include "bsdkm/wolfkmod_aes.c"
#endif
/* common functions. */
static int wolfkmod_init(void);
static int wolfkmod_cleanup(void);
#if !defined(BSDKM_CRYPTO_REGISTER)
/* functions specific to a pure kernel module library build. */
static int wolfkmod_load(void);
static int wolfkmod_unload(void);
#else
/* functions specific to a kernel crypto driver module build. */
static void wolfkdriv_identify(driver_t * driver, device_t parent);
static int wolfkdriv_probe(device_t dev);
static int wolfkdriv_attach(device_t dev);
static int wolfkdriv_detach(device_t dev);
static int wolfkdriv_probesession(device_t dev,
const struct crypto_session_params *csp);
static int wolfkdriv_newsession(device_t dev, crypto_session_t cses,
const struct crypto_session_params *csp);
static void wolfkdriv_freesession(device_t dev, crypto_session_t cses);
static int wolfkdriv_process(device_t dev, struct cryptop *crp, int hint);
#endif /* !BSDKM_CRYPTO_REGISTER */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
#include "bsdkm/x86_vecreg.c"
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
#ifdef HAVE_FIPS
#define WOLFKMOD_FIPS_ERR_MSG(hash) ({ \
@@ -82,6 +115,14 @@ static int wolfkmod_init(void)
{
int error = 0;
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
error = wolfkmod_vecreg_init();
if (error != 0) {
printf("error: wolfkmod_vecreg_init: %d\n", error);
return (ECANCELED);
}
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
#ifdef HAVE_FIPS
error = wolfCrypt_SetCb_fips(wolfkmod_fips_cb);
if (error != 0) {
@@ -174,14 +215,16 @@ static int wolfkmod_cleanup(void)
if (error != 0) {
printf("error: wolfCrypt_Cleanup failed: %s\n",
wc_GetErrorString(error));
return (ECANCELED);
error = ECANCELED;
goto wolfkmod_cleanup_out;
}
#else
error = wolfSSL_Cleanup();
if (error != WOLFSSL_SUCCESS) {
printf("error: wolfSSL_Cleanup failed: %s\n",
wc_GetErrorString(error));
return (ECANCELED);
error = ECANCELED;
goto wolfkmod_cleanup_out;
}
#endif /* WOLFCRYPT_ONLY */
@@ -189,10 +232,17 @@ static int wolfkmod_cleanup(void)
printf("info: libwolfssl " LIBWOLFSSL_VERSION_STRING
" cleanup complete.\n");
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
error = 0;
return (0);
wolfkmod_cleanup_out:
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS)
wolfkmod_vecreg_exit();
#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/
return (error);
}
#if !defined(BSDKM_CRYPTO_REGISTER)
static int wolfkmod_load(void)
{
int error = 0;
@@ -212,10 +262,15 @@ static int wolfkmod_load(void)
printf("info: wolfCrypt self-test passed.\n");
#endif /* NO_CRYPT_TEST */
/**
* todo: register wolfcrypt algs here with crypto_get_driverid
* and related.
* */
#ifdef WOLFSSL_KERNEL_BENCHMARKS
error = benchmark_test(NULL);
if (error != 0) {
printf("error: wolfcrypt benchmark failed: %d\n", error);
(void)wolfkmod_cleanup();
return (ECANCELED);
}
printf("info: wolfCrypt benchmark passed.\n");
#endif /* WOLFSSL_KERNEL_BENCHMARKS */
printf("info: libwolfssl loaded\n");
@@ -239,11 +294,6 @@ static int wolfkmod_unload(void)
error = wolfkmod_cleanup();
/**
* todo: unregister wolfcrypt algs here with crypto_unregister_all
* and related.
* */
if (error == 0) {
printf("info: libwolfssl unloaded\n");
}
@@ -294,7 +344,718 @@ wolfkmod_event(struct module * m, int what, void * arg)
return (error);
}
#endif /* !BSDKM_CRYPTO_REGISTER */
#if defined(BSDKM_CRYPTO_REGISTER)
/* wolfkdriv device driver software context. */
struct wolfkdriv_softc {
int32_t crid;
device_t dev;
};
struct km_aes_ctx {
Aes aes_encrypt;
Aes aes_decrypt;
};
typedef struct km_aes_ctx km_aes_ctx;
struct wolfkdriv_session {
km_aes_ctx aes_ctx;
int32_t crid;
int type;
int ivlen;
int klen;
};
typedef struct wolfkdriv_session wolfkdriv_session_t;
static void km_AesFree(Aes * aes) {
if (aes == NULL) {
return;
}
wc_AesFree(aes);
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
ForceZero(aes, sizeof(*aes));
#endif
}
static void wolfkdriv_aes_ctx_clear(km_aes_ctx * ctx)
{
if (ctx != NULL) {
km_AesFree(&ctx->aes_encrypt);
km_AesFree(&ctx->aes_decrypt);
}
#ifdef WOLFKM_DEBUG_AES
printf("info: exiting km_AesExitCommon\n");
#endif /* WOLFKM_DEBUG_AES */
}
static void wolfkdriv_identify(driver_t * driver, device_t parent)
{
(void)driver;
/* don't double add wolfkdriv child. */
if (device_find_child(parent, "libwolf", -1) != NULL) {
return;
}
BUS_ADD_CHILD(parent, 10, "libwolf", -1);
}
static int wolfkdriv_probe(device_t dev)
{
device_set_desc(dev, "wolfSSL crypto");
return (BUS_PROBE_DEFAULT);
}
/*
* unregister libwolfssl crypto driver
*/
static void wolfkdriv_unregister(struct wolfkdriv_softc * softc)
{
if (softc && softc->crid >= 0) {
crypto_unregister_all(softc->crid);
device_printf(softc->dev, "info: crid unregistered: %d\n", softc->crid);
softc->crid = -1;
}
return;
}
static int wolfkdriv_attach(device_t dev)
{
struct wolfkdriv_softc * softc = NULL;
int flags = CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC |
CRYPTOCAP_F_ACCEL_SOFTWARE | CRYPTOCAP_F_HARDWARE;
int ret = 0;
int crid = 0;
int error = 0;
ret = wolfkmod_init();
if (ret != 0) {
return (ECANCELED);
}
/**
* register wolfcrypt algs here with crypto_get_driverid.
*
* The crid is the literal index into the kernel crypto_drivers array:
* - crid >= 0 is valid.
* - crid < 0 is error.
* */
softc = device_get_softc(dev);
softc->dev = dev;
softc->crid = crypto_get_driverid(dev, sizeof(wolfkdriv_session_t), flags);
if (softc->crid < 0) {
device_printf(dev, "error: crypto_get_driverid failed: %d\n",
softc->crid);
return (ENXIO);
}
/*
* various sanity checks
*/
/* 1. we should find ourself by name */
crid = crypto_find_driver("libwolf");
if (crid != softc->crid) {
device_printf(dev, "error: attach: got crid %d, expected %d\n", crid,
softc->crid);
error = ENXIO;
goto attach_out;
}
/* 2. test various algs */
error = wolfkdriv_test_aes(dev, crid);
if (error) {
device_printf(dev, "error: attach: test_aes: %d\n", error);
error = ENXIO;
goto attach_out;
}
device_printf(dev, "info: driver loaded: %d\n", crid);
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: exiting attach\n");
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
attach_out:
if (error) {
wolfkdriv_unregister(softc);
error = ENXIO;
}
return (error);
}
static int wolfkdriv_detach(device_t dev)
{
struct wolfkdriv_softc * softc = NULL;
int ret = 0;
ret = wolfkmod_cleanup();
if (ret == 0) {
/* unregister wolfcrypt algs */
softc = device_get_softc(dev);
wolfkdriv_unregister(softc);
}
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: exiting detach\n");
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (0);
}
static int wolfkdriv_probesession(device_t dev,
const struct crypto_session_params *csp)
{
struct wolfkdriv_softc * softc = NULL;
int error = CRYPTODEV_PROBE_ACCEL_SOFTWARE;
softc = device_get_softc(dev);
switch (csp->csp_mode) {
case CSP_MODE_CIPHER:
switch (csp->csp_cipher_alg) {
case CRYPTO_AES_CBC:
break;
default:
error = EINVAL;
break;
}
break;
case CSP_MODE_AEAD:
switch (csp->csp_cipher_alg) {
case CRYPTO_AES_NIST_GCM_16:
break;
default:
error = EINVAL;
break;
}
break;
case CSP_MODE_DIGEST:
case CSP_MODE_ETA:
default:
error = EINVAL;
break;
}
(void)softc;
(void)csp;
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: probesession: mode=%d, cipher_alg=%d, error=%d\n",
csp->csp_mode, csp->csp_cipher_alg, error);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (error);
}
static int wolfkdriv_newsession_aes(device_t dev,
wolfkdriv_session_t * session,
const struct crypto_session_params *csp)
{
int error = 0;
int klen = csp->csp_cipher_klen; /* key len in bytes */
switch (csp->csp_cipher_alg) {
case CRYPTO_AES_NIST_GCM_16:
session->type = CRYPTO_AES_NIST_GCM_16;
break;
case CRYPTO_AES_CBC:
session->type = CRYPTO_AES_CBC;
break;
default:
return (EOPNOTSUPP);
}
if (klen != 16 && klen != 24 && klen != 32) {
device_printf(dev, "info: newsession_cipher: invalid klen: %d\n", klen);
return (EINVAL);
}
session->klen = klen;
session->ivlen = csp->csp_ivlen;
/* encrypt */
error = wc_AesInit(&session->aes_ctx.aes_encrypt, NULL, INVALID_DEVID);
if (error) {
device_printf(dev, "error: newsession_cipher: aes init: %d\n", error);
goto newsession_cipher_out;
}
if (session->type == CRYPTO_AES_CBC) {
/* Need a separate decrypt structure for aes-cbc. */
error = wc_AesInit(&session->aes_ctx.aes_decrypt, NULL, INVALID_DEVID);
if (error) {
device_printf(dev, "error: newsession_cipher: aes init: %d\n",
error);
goto newsession_cipher_out;
}
}
newsession_cipher_out:
if (error != 0) {
wolfkdriv_aes_ctx_clear(&session->aes_ctx);
return (EINVAL);
}
return (error);
}
static int wolfkdriv_newsession(device_t dev, crypto_session_t cses,
const struct crypto_session_params *csp)
{
wolfkdriv_session_t * session = NULL;
int error = 0;
/* get the wolfkdriv_session_t context */
session = crypto_get_driver_session(cses);
switch (csp->csp_mode) {
case CSP_MODE_DIGEST:
case CSP_MODE_ETA:
device_printf(dev, "info: not supported: %d\n", csp->csp_mode);
error = EOPNOTSUPP;
break;
case CSP_MODE_CIPHER:
case CSP_MODE_AEAD:
error = wolfkdriv_newsession_aes(dev, session, csp);
break;
default:
__assert_unreachable();
}
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: newsession: mode=%d, cipher_alg=%d, error=%d\n",
csp->csp_mode, csp->csp_cipher_alg, error);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (error);
}
static void
wolfkdriv_freesession(device_t dev, crypto_session_t cses)
{
wolfkdriv_session_t * session = NULL;
(void)dev;
/* get the wolfkdriv_session_t context */
session = crypto_get_driver_session(cses);
/* clean it up */
wolfkdriv_aes_ctx_clear(&session->aes_ctx);
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: exiting freesession\n");
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return;
}
static int wolfkdriv_cbc_work(device_t dev, wolfkdriv_session_t * session,
struct cryptop * crp,
const struct crypto_session_params * csp)
{
struct crypto_buffer_cursor cc_in;
struct crypto_buffer_cursor cc_out;
const unsigned char * in_block = NULL;
const unsigned char * in_seg = NULL;
unsigned char * out_block = NULL;
unsigned char * out_seg = NULL;
Aes aes;
uint8_t iv[WC_AES_BLOCK_SIZE];
uint8_t block[EALG_MAX_BLOCK_LEN];
size_t data_len = 0;
size_t seg_len = 0;
size_t in_len = 0;
size_t out_len = 0;
int error = 0;
int is_encrypt = 0;
int type = AES_ENCRYPTION;
if (csp->csp_cipher_alg != CRYPTO_AES_CBC) {
error = EINVAL;
goto cbc_work_out;
}
data_len = crp->crp_payload_length;
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
is_encrypt = 1;
type = AES_ENCRYPTION;
memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes));
}
else {
is_encrypt = 0;
type = AES_DECRYPTION;
memcpy(&aes, &session->aes_ctx.aes_decrypt, sizeof(aes));
}
/* must be multiple of block size */
if (data_len % WC_AES_BLOCK_SIZE) {
error = EINVAL;
goto cbc_work_out;
}
crypto_read_iv(crp, iv);
error = wc_AesSetKey(&aes, csp->csp_cipher_key,
csp->csp_cipher_klen, iv, type);
if (error) {
device_printf(dev, "error: wc_AesSetKey: %d\n", error);
goto cbc_work_out;
}
/* set up the crypto buffers */
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
in_seg = crypto_cursor_segment(&cc_in, &in_len);
/* handle if the user supplied a separate out buffer. */
if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {
crypto_cursor_init(&cc_out, &crp->crp_obuf);
crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);
}
else {
cc_out = cc_in;
}
out_seg = crypto_cursor_segment(&cc_out, &out_len);
while (data_len) {
/* set up input buffers */
if (in_len < WC_AES_BLOCK_SIZE) {
/* less than a block in segment */
crypto_cursor_copydata(&cc_in, WC_AES_BLOCK_SIZE, block);
in_block = block;
in_len = WC_AES_BLOCK_SIZE;
}
else {
in_block = in_seg;
}
/* set up output buffers */
if (out_len < WC_AES_BLOCK_SIZE) {
out_block = block;
out_len = WC_AES_BLOCK_SIZE;
}
else {
out_block = out_seg;
}
/* choose which of data_len, in_len, out_len, is shorter.
* round down to multiple of aes block size. */
seg_len = rounddown(MIN(data_len, MIN(in_len, out_len)),
WC_AES_BLOCK_SIZE);
if (is_encrypt) {
error = wc_AesCbcEncrypt(&aes, out_block, in_block, seg_len);
if (error) {
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
goto cbc_work_out;
}
}
else {
error = wc_AesCbcDecrypt(&aes, out_block, in_block, seg_len);
if (error) {
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
goto cbc_work_out;
}
}
if (out_block == block) {
/* we used the block as local output buffer. copy to cc_out,
* and grab the next out cursor segment. */
crypto_cursor_copyback(&cc_out, WC_AES_BLOCK_SIZE, block);
out_seg = crypto_cursor_segment(&cc_out, &out_len);
} else {
/* we worked directly in cc_out. advance the cursor. */
crypto_cursor_advance(&cc_out, seg_len);
out_seg += seg_len;
out_len -= seg_len;
}
if (in_block == block) {
/* grab a new in cursor segment. */
in_seg = crypto_cursor_segment(&cc_in, &in_len);
} else {
/* else advance existing in cursor. */
crypto_cursor_advance(&cc_in, seg_len);
in_seg += seg_len;
in_len -= seg_len;
}
data_len -= seg_len;
}
cbc_work_out:
/* cleanup. */
wc_ForceZero(iv, sizeof(iv));
wc_ForceZero(block, sizeof(block));
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: cbc_work: mode=%d, cipher_alg=%d, "
"payload_length=%d, error=%d\n",
csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length,
error);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (error);
}
static int wolfkdriv_gcm_work(device_t dev, wolfkdriv_session_t * session,
struct cryptop * crp,
const struct crypto_session_params * csp)
{
struct crypto_buffer_cursor cc_in;
struct crypto_buffer_cursor cc_out;
const unsigned char * in_seg = NULL;
unsigned char * out_seg = NULL;
Aes aes;
uint8_t iv[WC_AES_BLOCK_SIZE];
uint8_t auth_tag[WC_AES_BLOCK_SIZE];
size_t data_len = 0;
size_t seg_len = 0;
size_t in_len = 0;
size_t out_len = 0;
int error = 0;
int is_encrypt = 0;
memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes));
if (csp->csp_cipher_alg != CRYPTO_AES_NIST_GCM_16) {
error = EINVAL;
goto gcm_work_out;
}
data_len = crp->crp_payload_length;
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
is_encrypt = 1;
}
else {
is_encrypt = 0;
}
error = wc_AesGcmSetKey(&aes, csp->csp_cipher_key,
csp->csp_cipher_klen);
if (error) {
device_printf(dev, "error: wc_AesGcmSetKey: %d\n", error);
goto gcm_work_out;
}
crypto_read_iv(crp, iv);
error = wc_AesGcmInit(&aes, NULL /* key */, 0 /* keylen */,
iv, csp->csp_ivlen);
if (error) {
device_printf(dev, "error: wc_AesGcmInit: %d\n", error);
goto gcm_work_out;
}
/* process aad first */
if (crp->crp_aad != NULL) {
/* they passed aad in separate buffer. */
if (is_encrypt) {
error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0,
crp->crp_aad, crp->crp_aad_length);
}
else {
error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0,
crp->crp_aad, crp->crp_aad_length);
}
if (error) {
error = EINVAL;
}
}
else {
/* we need to pull aad out of crp->crp_buf from crp_aad_start. */
size_t aad_len = 0;
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_aad_start);
for (aad_len = crp->crp_aad_length; aad_len > 0; aad_len -= seg_len) {
in_seg = crypto_cursor_segment(&cc_in, &in_len);
seg_len = MIN(aad_len, in_len);
if (is_encrypt) {
error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0,
in_seg, seg_len);
}
else {
error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0,
in_seg, seg_len);
}
if (error) {
error = EINVAL;
goto gcm_work_out;
}
crypto_cursor_advance(&cc_in, seg_len);
}
}
/*
* process cipher/plaintext next
*/
/* set up the crypto buffers */
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
in_seg = crypto_cursor_segment(&cc_in, &in_len);
/* handle if the user supplied a separate out buffer. */
if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {
crypto_cursor_init(&cc_out, &crp->crp_obuf);
crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);
}
else {
cc_out = cc_in;
}
out_seg = crypto_cursor_segment(&cc_out, &out_len);
while (data_len) {
/* process through the available segments. */
in_seg = crypto_cursor_segment(&cc_in, &in_len);
out_seg = crypto_cursor_segment(&cc_out, &out_len);
seg_len = MIN(data_len, MIN(in_len, out_len));
if (is_encrypt) {
error = wc_AesGcmEncryptUpdate(&aes, out_seg, in_seg, seg_len,
NULL, 0);
if (error) {
device_printf(dev, "error: wc_AesGcmEncrypt: %d\n", error);
goto gcm_work_out;
}
}
else {
error = wc_AesGcmDecryptUpdate(&aes, out_seg, in_seg, seg_len,
NULL, 0);
if (error) {
device_printf(dev, "error: wc_AesGcmDecrypt: %d\n", error);
goto gcm_work_out;
}
}
/* advance the cursors by amount processed */
crypto_cursor_advance(&cc_in, seg_len);
crypto_cursor_advance(&cc_out, seg_len);
data_len -= seg_len;
}
/* process auth tag finally */
if (is_encrypt) {
error = wc_AesGcmEncryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE);
if (error == 0) {
crypto_copyback(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE,
auth_tag);
}
}
else {
crypto_copydata(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE,
auth_tag);
error = wc_AesGcmDecryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE);
if (error) {
error = EBADMSG;
}
}
gcm_work_out:
/* cleanup. */
wc_ForceZero(iv, sizeof(iv));
wc_ForceZero(auth_tag, sizeof(auth_tag));
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: gcm_work: mode=%d, cipher_alg=%d, "
"payload_length=%d, error=%d\n",
csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length,
error);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (error);
}
static int wolfkdriv_process(device_t dev, struct cryptop * crp, int hint)
{
const struct crypto_session_params * csp = NULL;
wolfkdriv_session_t * session = NULL;
int error = 0;
(void)hint;
session = crypto_get_driver_session(crp->crp_session);
csp = crypto_get_params(crp->crp_session);
switch (csp->csp_mode) {
case CSP_MODE_CIPHER:
error = wolfkdriv_cbc_work(dev, session, crp, csp);
break;
case CSP_MODE_DIGEST:
case CSP_MODE_ETA:
error = EINVAL;
break;
case CSP_MODE_AEAD:
error = wolfkdriv_gcm_work(dev, session, crp, csp);
break;
default:
__assert_unreachable();
}
crp->crp_etype = error;
crypto_done(crp);
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: process: mode=%d, cipher_alg=%d, error=%d\n",
csp->csp_mode, csp->csp_cipher_alg, error);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
return (error);
}
/*
* wolfkmod as a crypto device driver.
*/
static device_method_t wolfkdriv_methods[] = {
/* device interface methods: called during device setup, etc. */
DEVMETHOD(device_identify, wolfkdriv_identify),
DEVMETHOD(device_probe, wolfkdriv_probe),
DEVMETHOD(device_attach, wolfkdriv_attach),
DEVMETHOD(device_detach, wolfkdriv_detach),
/* crypto device session methods: called during crypto session setup,
* work, etc. */
DEVMETHOD(cryptodev_probesession, wolfkdriv_probesession),
DEVMETHOD(cryptodev_newsession, wolfkdriv_newsession),
DEVMETHOD(cryptodev_freesession, wolfkdriv_freesession),
DEVMETHOD(cryptodev_process, wolfkdriv_process),
DEVMETHOD_END
};
static driver_t wolfkdriv_driver = {
.name = "libwolf",
.methods = wolfkdriv_methods,
.size = sizeof(struct wolfkdriv_softc),
};
/* on x86, software-only drivers usually attach to nexus bus. */
DRIVER_MODULE(libwolfssl, nexus, wolfkdriv_driver, NULL, NULL);
#endif /* BSDKM_CRYPTO_REGISTER */
#if !defined(BSDKM_CRYPTO_REGISTER)
/*
* wolfkmod as a pure kernel module.
*/
static moduledata_t libwolfmod = {
#ifdef HAVE_FIPS
"libwolfssl_fips", /* module name */
@@ -305,6 +1066,8 @@ static moduledata_t libwolfmod = {
NULL /* extra data, unused */
};
MODULE_VERSION(libwolfssl, 1);
DECLARE_MODULE(libwolfssl, libwolfmod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
#endif /* !BSDKM_CRYPTO_REGISTER */
MODULE_VERSION(libwolfssl, 1);
#endif /* WOLFSSL_BSDKM */
+347
View File
@@ -0,0 +1,347 @@
#if !defined(WC_SKIP_INCLUDED_C_FILES) && defined(BSDKM_CRYPTO_REGISTER)
#include <wolfssl/wolfcrypt/aes.h>
/*
* the cryptodev framework always calls a callback, even when CRYPTOCAP_F_SYNC.
*/
static int
wolfkdriv_test_crp_callback(struct cryptop * crp)
{
(void)crp;
return (0);
}
/* Test aes-cbc with a buffer larger than aes block size.
* Verify direct wolfcrypt API and opencrypto framework return
* same result. */
static int wolfkdriv_test_aes_cbc_big(device_t dev, int crid)
{
crypto_session_t session = NULL;
struct crypto_session_params csp;
struct cryptop * crp = NULL;
Aes * aes_encrypt = NULL;
int error = 0;
byte msg[] = {
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20
};
byte work1[WC_AES_BLOCK_SIZE * 3]; /* wolfcrypt buffer */
byte work2[WC_AES_BLOCK_SIZE * 3]; /* opencrypto buffer */
/* padded to 16-bytes */
const byte key[] = "0123456789abcdef ";
/* padded to 16-bytes */
const byte iv[] = "1234567890abcdef ";
memset(&csp, 0, sizeof(csp));
memcpy(work1, msg, sizeof(msg)); /* wolfcrypt work buffer */
memcpy(work2, msg, sizeof(msg)); /* opencrypto work buffer */
/* wolfcrypt encrypt */
aes_encrypt = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
if (aes_encrypt == NULL) {
error = ENOMEM;
device_printf(dev, "error: malloc failed\n");
goto test_aes_cbc_big_out;
}
error = wc_AesInit(aes_encrypt, NULL, INVALID_DEVID);
if (error) {
device_printf(dev, "error: newsession_cipher: aes init: %d\n", error);
goto test_aes_cbc_big_out;
}
error = wc_AesSetKey(aes_encrypt, key, 16, iv, AES_ENCRYPTION);
if (error) {
device_printf(dev, "error: wc_AesSetKey: %d\n", error);
goto test_aes_cbc_big_out;
}
error = wc_AesCbcEncrypt(aes_encrypt, work1, work1, sizeof(work1));
if (error) {
device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error);
goto test_aes_cbc_big_out;
}
/* opencrypto encrypt */
csp.csp_mode = CSP_MODE_CIPHER;
csp.csp_cipher_alg = CRYPTO_AES_CBC;
csp.csp_ivlen = WC_AES_BLOCK_SIZE;
csp.csp_cipher_key = key;
csp.csp_cipher_klen = WC_AES_BLOCK_SIZE;
error = crypto_newsession(&session, &csp, crid);
if (error || session == NULL) {
goto test_aes_cbc_big_out;
}
crp = crypto_getreq(session, M_WAITOK);
if (crp == NULL) {
device_printf(dev, "error: test_aes: crypto_getreq failed\n");
goto test_aes_cbc_big_out;
}
crp->crp_callback = wolfkdriv_test_crp_callback;
crp->crp_op = CRYPTO_OP_ENCRYPT;
crp->crp_flags = CRYPTO_F_IV_SEPARATE;
memcpy(crp->crp_iv, iv, WC_AES_BLOCK_SIZE);
crypto_use_buf(crp, work2, sizeof(work2));
crp->crp_payload_start = 0;
crp->crp_payload_length = sizeof(work2);
error = crypto_dispatch(crp);
if (error) {
goto test_aes_cbc_big_out;
}
error = XMEMCMP(work1, work2, sizeof(work2));
if (error) {
device_printf(dev, "error: test_aes: enc vectors diff: %d\n", error);
goto test_aes_cbc_big_out;
}
/* opencrypto decrypt */
crp->crp_op = CRYPTO_OP_DECRYPT;
error = crypto_dispatch(crp);
if (error) {
goto test_aes_cbc_big_out;
}
error = XMEMCMP(work2, msg, sizeof(msg));
if (error) {
device_printf(dev, "error: test_aes: dec vectors diff: %d\n", error);
goto test_aes_cbc_big_out;
}
test_aes_cbc_big_out:
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: test_aes_cbc_big: error=%d, session=%p, crp=%p\n",
error, (void *)session, (void*)crp);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
if (crp != NULL) {
crypto_freereq(crp);
crp = NULL;
}
if (session != NULL) {
crypto_freesession(session);
session = NULL;
}
if (aes_encrypt != NULL) {
wc_AesFree(aes_encrypt);
XFREE(aes_encrypt, NULL, DYNAMIC_TYPE_AES);
aes_encrypt = NULL;
}
return (error);
}
/* Test aes-gcm encrypt and decrypt a small buffer with opencrypto
* framework and wolfcrypt.
*/
static int wolfkdriv_test_aes_gcm(device_t dev, int crid)
{
crypto_session_t session = NULL;
struct crypto_session_params csp;
struct cryptop * crp = NULL;
Aes * enc = NULL;
int error = 0;
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
WOLFSSL_SMALL_STACK_STATIC byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC2[sizeof(p) + WC_AES_BLOCK_SIZE];
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultC2, 0, sizeof(resultC));
XMEMCPY(resultC2, p, sizeof(p));
/* wolfcrypt encrypt */
enc = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
if (enc == NULL) {
error = ENOMEM;
device_printf(dev, "error: malloc failed\n");
goto test_aes_gcm_out;
}
error = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (error) { goto test_aes_gcm_out; }
error = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
if (error) { goto test_aes_gcm_out; }
error = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
if (error) { goto test_aes_gcm_out; }
error = XMEMCMP(resultC, c1, sizeof(c1));
if (error) { goto test_aes_gcm_out; }
error = XMEMCMP(resultT, t1, sizeof(t1));
if (error) { goto test_aes_gcm_out; }
/*
* opencrypto encrypt
* */
/* set crypto session params */
memset(&csp, 0, sizeof(csp));
csp.csp_flags |= CSP_F_SEPARATE_AAD;
csp.csp_mode = CSP_MODE_AEAD;
csp.csp_cipher_alg = CRYPTO_AES_NIST_GCM_16;
csp.csp_ivlen = sizeof(iv1);
csp.csp_cipher_key = k1;
csp.csp_cipher_klen = sizeof(k1);
/* get crypto session handle */
error = crypto_newsession(&session, &csp, crid);
if (error || session == NULL) {
device_printf(dev, "error: test_aes: crypto_newsession: %d, %p\n",
error, (void *)session);
goto test_aes_gcm_out;
}
/* get a crypto op handle */
crp = crypto_getreq(session, M_WAITOK);
if (crp == NULL) {
device_printf(dev, "error: test_aes: crypto_getreq failed\n");
goto test_aes_gcm_out;
}
/* configure it */
crp->crp_callback = wolfkdriv_test_crp_callback;
crp->crp_op = (CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST);
crp->crp_flags = CRYPTO_F_IV_SEPARATE;
memcpy(crp->crp_iv, iv1, sizeof(iv1));
crypto_use_buf(crp, resultC2, sizeof(resultC2));
crp->crp_payload_start = 0;
crp->crp_payload_length = sizeof(p);
crp->crp_aad = a;
crp->crp_aad_start = 0;
crp->crp_aad_length = sizeof(a);
crp->crp_digest_start = crp->crp_payload_start + sizeof(p);
error = crypto_dispatch(crp);
if (error) {
goto test_aes_gcm_out;
}
error = XMEMCMP(resultC2, c1, sizeof(c1));
if (error) { goto test_aes_gcm_out; }
error = XMEMCMP(resultC2 + sizeof(p), t1, sizeof(t1));
if (error) { goto test_aes_gcm_out; }
/* opencrypto decrypt */
crp->crp_op = (CRYPTO_OP_DECRYPT | CRYPTO_OP_VERIFY_DIGEST);
error = crypto_dispatch(crp);
if (error) {
goto test_aes_gcm_out;
}
error = XMEMCMP(resultC2, p, sizeof(p));
if (error) { goto test_aes_gcm_out; }
test_aes_gcm_out:
#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG)
device_printf(dev, "info: test_aes_gcm: error=%d, session=%p, crp=%p\n",
error, (void *)session, (void*)crp);
#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */
if (crp != NULL) {
crypto_freereq(crp);
crp = NULL;
}
if (session != NULL) {
crypto_freesession(session);
session = NULL;
}
if (enc != NULL) {
wc_AesFree(enc);
XFREE(enc, NULL, DYNAMIC_TYPE_AES);
enc = NULL;
}
return (error);
}
static int wolfkdriv_test_aes(device_t dev, int crid)
{
int error = 0;
if (error == 0) {
error = wolfkdriv_test_aes_cbc_big(dev, crid);
}
if (error == 0) {
error = wolfkdriv_test_aes_gcm(dev, crid);
}
return (error);
}
#endif /* !WC_SKIP_INCLUDED_C_FILES && BSDKM_CRYPTO_REGISTER */
+225
View File
@@ -0,0 +1,225 @@
/* x86_vecreg.c -- logic to save and restore vector registers
* on amd64 in FreeBSD kernel.
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* included by bsdkm/wolfkmod.c */
#ifndef WC_SKIP_INCLUDED_C_FILES
#include <sys/proc.h>
#include <sys/smp.h>
#include <machine/fpu.h>
#include <machine/pcb.h>
struct wolfkmod_fpu_state_t {
volatile lwpid_t td_tid;
volatile u_int nest;
};
typedef struct wolfkmod_fpu_state_t wolfkmod_fpu_state_t;
/* fpu_states array tracks thread id and nesting level of save/restore
* and push/pop vector registers macro calls. It is indexed by raw cpu id,
* and only accessed after the thread calls fpu_kern_enter(), and before
* calling fpu_kern_leave(), and only indexed by the thread's PCPU_GET(cpuid).
*
* after calling fpu_kern_enter():
* - kernel fpu is enabled
* - migration is disabled
* - soft preempts are disabled
* Hard irq are still possible , but hard irq are forbidden from using FPU
* in FreeBSD kernel.
* */
static wolfkmod_fpu_state_t * fpu_states = NULL;
/* check for active td_tid with atomic before proceeding.
* technically not necessary because fpu_kern_enter() gives thread pinning
* to cpu, but just to be safe...
* */
#define wolfkmod_fpu_get_tid() \
atomic_load_acq_int(&fpu_states[PCPU_GET(cpuid)].td_tid)
int wolfkmod_vecreg_init(void)
{
if (mp_ncpus <= 0) {
printf("error: wolfkmod_vecreg_init: mp_ncpus = %d\n", mp_ncpus);
return (EINVAL);
}
fpu_states = malloc(mp_ncpus * sizeof(wolfkmod_fpu_state_t),
M_WOLFSSL, M_WAITOK | M_ZERO);
if (fpu_states == NULL) {
printf("error: wolfkmod_vecreg_init: malloc(%lu) failed\n",
mp_ncpus * sizeof(wolfkmod_fpu_state_t));
return (ENOMEM);
}
return (0);
}
void wolfkmod_vecreg_exit(void)
{
int i = 0;
if (fpu_states == NULL) {
return;
}
for (i = 0; i < mp_ncpus; ++i) {
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
printf("info: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n",
i, fpu_states[i].nest, fpu_states[i].td_tid);
#endif /* WOLFSSL_BSDKM_FPU_DEBUG */
if (fpu_states[i].nest != 0 || fpu_states[i].td_tid != 0) {
/* Check for orphaned fpu state. There's nothing we can do
* but log the event and zero the nesting level. */
printf("error: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n",
i, fpu_states[i].nest, fpu_states[i].td_tid);
fpu_states[i].nest = 0;
}
}
free(fpu_states, M_WOLFSSL);
fpu_states = NULL;
return;
}
/* fpu_kern_enter() and fpu_kern_leave() wrapper defines.
* Build with WOLFSSL_BSDKM_FPU_DEBUG to see verbose FPU logging.
*/
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
#define wolfkmod_print_curthread(what) \
printf("%s: cpuid = %d, curthread: td_tid = %d, pid = %d (%s), " \
"td_critnest = %d, kernfpu = %02x\n", \
(what), PCPU_GET(cpuid), curthread->td_tid, \
curthread->td_proc ? curthread->td_proc->p_pid : -1, \
curthread->td_proc ? curthread->td_proc->p_comm : "noproc", \
curthread->td_critnest, \
curthread->td_pcb->pcb_flags & PCB_KERNFPU);
#define wolfkmod_fpu_kern_enter() \
wolfkmod_print_curthread("fpu_kern_enter"); \
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);
#define wolfkmod_fpu_kern_leave() \
wolfkmod_print_curthread("fpu_kern_leave"); \
fpu_kern_leave(curthread, NULL);
#else
#define wolfkmod_fpu_kern_enter() \
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);
#define wolfkmod_fpu_kern_leave() \
fpu_kern_leave(curthread, NULL);
#endif /* WOLFSSL_BSDKM_FPU_DEBUG */
int wolfkmod_vecreg_save(int flags_unused)
{
(void)flags_unused;
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
wolfkmod_print_curthread("wolfkmod_vecreg_save");
#endif
if (is_fpu_kern_thread(0)) {
/* kernel fpu threads are special, do nothing. They own a
* persistent, dedicated fpu context. */
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
printf("info: wolfkmod_vecreg_save: is fpu kern thread\n");
#endif
return (0);
}
if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) {
/* kern fpu is active for this thread. check td_tid and
* increment nesting level. */
lwpid_t td_tid = wolfkmod_fpu_get_tid();
if (td_tid != curthread->td_tid) {
printf("error: wolfkmod_vecreg_save: got tid = %d, expected %d\n",
td_tid, curthread->td_tid);
return (EINVAL);
}
fpu_states[PCPU_GET(cpuid)].nest++;
}
else {
/* kern fpu not active for this thread, call fpu_kern_enter().
* after calling fpu_kern_enter():
* - kernel fpu is enabled
* - migration is disabled
* - soft preempts are disabled */
lwpid_t td_tid = 0;
wolfkmod_fpu_kern_enter();
td_tid = wolfkmod_fpu_get_tid();
if (fpu_states[PCPU_GET(cpuid)].nest != 0 || td_tid != 0) {
printf("error: wolfkmod_fpu_kern_enter() with nest: %d, %d\n",
fpu_states[PCPU_GET(cpuid)].nest, td_tid);
return (EINVAL);
}
/* increment nest and save td_tid. */
fpu_states[PCPU_GET(cpuid)].nest++;
fpu_states[PCPU_GET(cpuid)].td_tid = curthread->td_tid;
}
return (0);
}
void wolfkmod_vecreg_restore(void)
{
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
wolfkmod_print_curthread("wolfkmod_vecreg_restore");
#endif
if (is_fpu_kern_thread(0)) {
/* kernel fpu threads are special, do nothing. They own a
* persistent, dedicated fpu context. */
#if defined(WOLFSSL_BSDKM_FPU_DEBUG)
printf("info: wolfkmod_vecreg_restore: is fpu kern thread\n");
#endif
return;
}
if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) {
/* kern fpu is active for this thread. check tid and nesting level. */
lwpid_t td_tid = wolfkmod_fpu_get_tid();
if (td_tid != curthread->td_tid) {
printf("error: wolfkmod_vecreg_restore: got tid = %d, "
"expected %d\n", td_tid, curthread->td_tid);
return;
}
/* decrement the nesting level. */
if (fpu_states[PCPU_GET(cpuid)].nest > 0) {
fpu_states[PCPU_GET(cpuid)].nest--;
}
/* if last level, zero the thread id then call fpu_kern_leave */
if (fpu_states[PCPU_GET(cpuid)].nest == 0) {
fpu_states[PCPU_GET(cpuid)].td_tid = 0;
wolfkmod_fpu_kern_leave();
}
}
return;
}
#endif /* !WC_SKIP_INCLUDED_C_FILES */
+20
View File
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUDCCAjigAwIBAgIUQy4lyOzJcvFVekNsQWuUegW0kGgwDQYJKoZIhvcNAQEL
BQAwGzEZMBcGA1UEAwwQd29sZnNzbC1haWEtdGVzdDAeFw0yNjAxMjYyMzE1NTZa
Fw0yNzAxMjYyMzE1NTZaMBsxGTAXBgNVBAMMEHdvbGZzc2wtYWlhLXRlc3QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1vUyiX+qtPFhhEqZq3bCUKpd
6QtswO7YWj+us79yh99mIGE7EZlSfTv0n3rn2//m5bQ7a+TSYMkDyNjPEH6Z+ub2
qW4EJyc4J9DfC+T9gJM4dvsij+F8TUne/o5iCwFdiZEycEj0vtyYh53du3oqlZTY
yt8q4k5INoTl+ELCX/L0YqR/+Fl2qaloK7YHUb3EdSqBEGoa/IEfnxHMreZWhVYd
pSdDnT9rfNqT5Kb2e+eZbZZSouEmebhx9ioRfIXDadSCCa1JNp4fO3YlcDmmEahx
6TcjEmhUt80+hjhJhqrh4vPlxI24qHmfOe+k2qSimpJse/AUuz7wGRjx6ktfAgMB
AAGjgYswgYgwHQYDVR0OBBYEFMvT3KE5dvI6t3KNrcuctkm6wvXMMB8GA1UdIwQY
MBaAFMvT3KE5dvI6t3KNrcuctkm6wvXMMA8GA1UdEwEB/wQFMAMBAf8wNQYIKwYB
BQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vZXhhbXBsZS5jb20vY2EucGVt
MA0GCSqGSIb3DQEBCwUAA4IBAQCjxEHOlxVfmE8xgcQCnr1b4IK5EBuIMUaS7lko
AHmHvj7z9rr2cxbJhGYQxcttZ4/SQldRqpmiB0cUmko4LbD9yos4FKlyGe3xWvKa
W17SdpJU2PREShGLLqP7bwiWV6wVyo6puwDHLYSjH5vYr+IcSNNc0GuMZg1OhTWt
2PYG2vGbHoNR0/UyNibGmaPBimg0nb2GTizY7yWm+N/yXnWa6Wc5yyiF1zExw/GO
8O/rF0Lg/Gy/v6LnnNmhSOr9ENPKgQEAHFmJRXBXqDYUNhcm2U3PzlfBa06SHFcr
b59n5jgJmcNSwYDJAYKEhMvjBL40DmiWaRfol2DPoIZ7YtRf
-----END CERTIFICATE-----
+23
View File
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwTCCAqmgAwIBAgIUEcNoHSMtIkVhW/MmkmUEsVoJVQEwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWd29sZnNzbC1haWEtbXVsdGktdGVzdDAeFw0yNjAxMjcw
MTUwNDRaFw0yNzAxMjcwMTUwNDRaMCExHzAdBgNVBAMMFndvbGZzc2wtYWlhLW11
bHRpLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVdogPQ2I
/nErbxSaNGoYhkwoj1qt+Be1/qWnvZzJ0EBOG4EdioMRIkJzP6W3HoAhkGBrueXf
riN07M3XLocRfE+9C1+jZQxBGRxysns9z7K+i0pBtPN/AXV2RCSz13FFyVyLhLks
2YAL9By36X9R0wsL+Nd4EAQ4ouf0GglmTmtb5rHf2GIno4xFg9tpWosiUTytwgDC
K9lQEQnTnPG6E43N2bszqBc4roOPrYDnd7raNTqcv9yTHM8zwffGJuCogE/Fbr2R
yVubLW28n5/O1Pb47hHuPJv6oHMZgct2SV5OB/mwVgI0eoFMSQZ35o6BpHD0C497
L2IcoMi8A9rFAgMBAAGjgfAwge0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQw
gbAGCCsGAQUFBwEBBIGjMIGgMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4x
OjIyMjIxMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMCkGCCsG
AQUFBzAChh1odHRwOi8vd3d3LndvbGZzc2wuY29tL2NhLnBlbTArBggrBgEFBQcw
AoYfaHR0cHM6Ly93d3cud29sZnNzbC5jb20vY2EyLnBlbTAdBgNVHQ4EFgQU1GNm
eP/LXQk0tFaTeWoNHyLhLZkwDQYJKoZIhvcNAQELBQADggEBACwuXdKYI2Q/Vhd7
TJFvKdp7BuUopQGEQ+4vR+FoesYXc9MHjZJfMqEffv1MArTeY46At/zvcTeszagi
io+jjGBLOutsAf9WK3PnKMIkGGfro6btZ8QFyKiZ6unMMlqe6cGqrCrNKp8jLP3k
CKZltR5c+MIPhpjoOhNDMOcPMwZBGQJWubwOb4uOu3wv7UWJk/ovKP9WJCUn6wLH
soDs+MHMICkxOvDfPf+F4URVqTbzE8IvSMv38z4cAqsyEfWxr32Dg34S/NmeePFV
7sSDpksvyITGsxjnQulSuUFSmldumQ6GnA4ZUXvCNdJ0zbD/Iib9ud6K05VdWYZP
uyCRkjY=
-----END CERTIFICATE-----
+26
View File
@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEcDCCA1igAwIBAgIUN5kIU1GLRP5bRKctP271p7IGFVowDQYJKoZIhvcNAQEL
BQAwJDEiMCAGA1UEAwwZd29sZnNzbC1haWEtb3ZlcmZsb3ctdGVzdDAeFw0yNjAx
MjcwMTU1NTBaFw0yNzAxMjcwMTU1NTBaMCQxIjAgBgNVBAMMGXdvbGZzc2wtYWlh
LW92ZXJmbG93LXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS
eHeAzVuCe44SU8bcyIWLwkA2AABw/ctSBWKAFEd7DYHduRr3diblHERU1Fv5JzYx
JnZquj1IO/qsnSFJYDc9sQmYea89iW8KNPVXKDzdbzhpiQLZL7Yq71ICxxqVLfRr
91lyAj0+Syncrp96olSpMJochVnQ6PqLcc/Gq7CMtrKn5KAN7Mn3+LdAQYU8JjRa
zqEJ8fmkBKbS5watzgnkP2o5jWSpWzpDOxTdw85hju4H9m5Gmun3XVO9dEAN/dqK
vklkzgQGvAMMQMIcgOzw0HxAuvsSNtjgEpIlOir0M7YiC0pYqtMO+thSCmVCvsDR
/nG/iqe6YBSXh6oszGwTAgMBAAGjggGYMIIBlDAMBgNVHRMEBTADAQH/MAsGA1Ud
DwQEAwIChDCCAVYGCCsGAQUFBwEBBIIBSDCCAUQwIgYIKwYBBQUHMAGGFmh0dHA6
Ly8xMjcuMC4wLjE6MjIyMjAwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
MjIyMjEwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjIwIgYIKwYB
BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjMwIgYIKwYBBQUHMAGGFmh0dHA6
Ly8xMjcuMC4wLjE6MjIyMjQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6
MjIyMjUwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjYwIgYIKwYB
BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjcwIgYIKwYBBQUHMAGGFmh0dHA6
Ly8xMjcuMC4wLjE6MjIyMjgwHQYDVR0OBBYEFJt6TNgqMFBebotXaauIYPpUJi1S
MA0GCSqGSIb3DQEBCwUAA4IBAQA5noHB343sKQqVmmLds0gC/k1UhVA5iftAGmes
uRdNOOCdo2i739DmRAXggetgtatcjDfjxkrvq0Qi+geozZra6uX9FT/hgfw6kDpU
HKzJFy4E0G0HTM8mtJi+aGDZL3Lts+h272eahkT1jVKGAPFugqfz7fKRsMce6eCE
UD5cvtQXX16fGhBxxmUCZPnxMKcj2oNl7RliHphK6ofXuNbKjqjVQfxsTUXSQDyS
ApH5w6iUnAvC5l19qYrBcCVOB6CNJ2CdmvFI//Ox8Jc56HRYYDIdVp2Q3FFA5Z4s
gTLvlumVgihAekD+0zVF9q+AJ4TSbE3cqsQgHF/+p84KxWid
-----END CERTIFICATE-----
Binary file not shown.
+10
View File
@@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBdDCCARkCAQEwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBAxcNMjYwMjA0MDM1NDI5
WjAKBggqhkjOPQQDAgNJADBGAiEA6xz109x9tZwaxxs3iLvW65h9AGL8+e1gTnbr
GoEsXaQCIQDzxO4LU1d6seHETQDKjUEXivHuvC6f0Nq5uARmWX0DOA==
-----END X509 CRL-----
Binary file not shown.
+14
View File
@@ -0,0 +1,14 @@
-----BEGIN X509 CRL-----
MIICMTCCARkCAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAyMDQwMzU0Mjla
Fw0yNjAzMDYwMzU0MjlaMFAwEgIBAhcNMjYwMjA0MDM1NDI5WjASAgEDFw0yNjAy
MDQwMzU0MjlaMBICAQQXDTI2MDIwNDAzNTQyOVowEgIBARcNMjYwMjA0MDM1NDI5
WjANBgkqhkiG9w0BAQsFAAOCAQEAid2CDa/invAbnAJaeVVkS8mRjI/kR0aPHwt1
/Sz6w+j163+KZnBwUNgrMmLSMbssm8oxQ8i8zNvBeYd6u1x2N/jw/cwH2rxhZ3zQ
bOkDQKKe2eRYXMykAl1uj2VwCeu8/ivqbimYReq7iloEHo8PUiizs1Pj6zJ59I1u
LRZDDlS9wiY+VVkKx28dxyClsqtJNCvz5ezNB8GeH+gekaJ1tJVbd3TujBajPPAx
R6FobbOOavCZPyGkeZlU/T9S5FwIi07qga5Zuq/9Dy7YwiVya3sAZ/nTYY++HKDQ
DL0Bs3/05Lf8BLaf2CX2vGvan4JCQv9CMdnlYBifwvQCeUToyQ==
-----END X509 CRL-----
+3 -1
View File
@@ -22,7 +22,9 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/crl/crl.revoked \
certs/crl/extra-crls/ca-int-cert-revoked.pem \
certs/crl/extra-crls/general-server-crl.pem
certs/crl/extra-crls/general-server-crl.pem \
certs/crl/extra-crls/large_crlnum.pem \
certs/crl/extra-crls/large_crlnum2.pem
# Intermediate cert CRL's
EXTRA_DIST += \
+5 -1
View File
@@ -85,6 +85,11 @@ EXTRA_DIST += \
certs/dh-pub-2048.pem \
certs/dsa2048.pem
EXTRA_DIST += \
certs/aia/ca-issuers-cert.pem \
certs/aia/multi-aia-cert.pem \
certs/aia/overflow-aia-cert.pem
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \
@@ -154,4 +159,3 @@ include certs/sphincs/include.am
include certs/rpk/include.am
include certs/acert/include.am
include certs/mldsa/include.am
+57
View File
@@ -31,6 +31,9 @@
# fpki-cert.der
# fpki-certpol-cert.der
# rid-cert.der
# aia/ca-issuers-cert.pem
# aia/multi-aia-cert.pem
# aia/overflow-aia-cert.pem
# updates the following crls:
# crl/cliCrl.pem
# crl/crl.pem
@@ -292,6 +295,60 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## update AIA test certs ###########################
############################################################
echo "Updating AIA test certs"
echo ""
mkdir -p aia
echo "Updating aia/ca-issuers-cert.pem"
echo ""
openssl req -new -newkey rsa:2048 -nodes -keyout aia/ca-issuers-key.pem -subj "/CN=wolfssl-aia-test" -out aia/ca-issuers-cert.csr
check_result $? "Step AIA-1"
openssl x509 -req -in aia/ca-issuers-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_ca_issuers -signkey aia/ca-issuers-key.pem -out aia/ca-issuers-cert.pem
check_result $? "Step AIA-2"
rm aia/ca-issuers-cert.csr
openssl x509 -in aia/ca-issuers-cert.pem -text > tmp.pem
check_result $? "Step AIA-3"
mv tmp.pem aia/ca-issuers-cert.pem
rm aia/ca-issuers-key.pem
echo "End of section"
echo "---------------------------------------------------------------------"
echo "Updating aia/multi-aia-cert.pem"
echo ""
openssl req -new -newkey rsa:2048 -nodes -keyout aia/multi-aia-key.pem -subj "/CN=wolfssl-aia-multi-test" -out aia/multi-aia-cert.csr
check_result $? "Step AIA-4"
openssl x509 -req -in aia/multi-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_multi -signkey aia/multi-aia-key.pem -out aia/multi-aia-cert.pem
check_result $? "Step AIA-5"
rm aia/multi-aia-cert.csr
openssl x509 -in aia/multi-aia-cert.pem -text > tmp.pem
check_result $? "Step AIA-6"
mv tmp.pem aia/multi-aia-cert.pem
rm aia/multi-aia-key.pem
echo "End of section"
echo "---------------------------------------------------------------------"
echo "Updating aia/overflow-aia-cert.pem"
echo ""
openssl req -new -newkey rsa:2048 -nodes -keyout aia/overflow-aia-key.pem -subj "/CN=wolfssl-aia-overflow-test" -out aia/overflow-aia-cert.csr
check_result $? "Step AIA-7"
openssl x509 -req -in aia/overflow-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_overflow -signkey aia/overflow-aia-key.pem -out aia/overflow-aia-cert.pem
check_result $? "Step AIA-8"
rm aia/overflow-aia-cert.csr
openssl x509 -in aia/overflow-aia-cert.pem -text > tmp.pem
check_result $? "Step AIA-9"
mv tmp.pem aia/overflow-aia-cert.pem
rm aia/overflow-aia-key.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## update the self-signed ca-cert-chain.der ########
############################################################
echo "Updating ca-cert-chain.der"
+39 -1
View File
@@ -321,6 +321,45 @@ keyUsage=critical, digitalSignature, keyCertSign, cRLSign
[ crl_dist_points ]
crlDistributionPoints=URI:http://www.wolfssl.com/crl.pem
# AIA test certs
[ aia_ca_issuers ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical,CA:true
authorityInfoAccess=@aia_ca_issuers_info
[ aia_ca_issuers_info ]
caIssuers;URI.0=http://example.com/ca.pem
[ aia_multi ]
subjectKeyIdentifier=hash
basicConstraints=CA:true
keyUsage=digitalSignature, keyCertSign
authorityInfoAccess=@aia_multi_info
[ aia_multi_info ]
OCSP;URI.0=http://127.0.0.1:22221
OCSP;URI.1=http://127.0.0.1:22222
caIssuers;URI.0=http://www.wolfssl.com/ca.pem
caIssuers;URI.1=https://www.wolfssl.com/ca2.pem
[ aia_overflow ]
subjectKeyIdentifier=hash
basicConstraints=CA:true
keyUsage=digitalSignature, keyCertSign
authorityInfoAccess=@aia_overflow_info
[ aia_overflow_info ]
OCSP;URI.0=http://127.0.0.1:22220
OCSP;URI.1=http://127.0.0.1:22221
OCSP;URI.2=http://127.0.0.1:22222
OCSP;URI.3=http://127.0.0.1:22223
OCSP;URI.4=http://127.0.0.1:22224
OCSP;URI.5=http://127.0.0.1:22225
OCSP;URI.6=http://127.0.0.1:22226
OCSP;URI.7=http://127.0.0.1:22227
OCSP;URI.8=http://127.0.0.1:22228
#tsa default
[ tsa ]
default_tsa = tsa_config1
@@ -404,4 +443,3 @@ DNS.1 = www.example.org
URI.1 = https://www.wolfssl.com/
otherName.2 = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB
+5
View File
@@ -1,4 +1,9 @@
@PACKAGE_INIT@
# Autoconf-generated configs won't define PACKAGE_PREFIX_DIR; fall back to the
# configured install prefix for non-relocatable packages.
if (NOT DEFINED PACKAGE_PREFIX_DIR)
set(PACKAGE_PREFIX_DIR "@WOLFSSL_PREFIX_ABS@")
endif()
include(CMakeFindDependencyMacro)
if (@HAVE_PTHREAD@)
+3 -1
View File
@@ -3,6 +3,9 @@
This directory contains some supplementary functions for the [CMakeLists.txt](../CMakeLists.txt) in the root.
See also cmake notes in the [INSTALL](../INSTALL) documentation file.
When building with autoconf/automake, CMake package files are installed by default
under $(libdir)/cmake/wolfssl to support find_package(wolfssl). Disable with
./configure --disable-cmake-install.
If new CMake build options are added `cmake/options.h.in` must also be updated.
@@ -56,4 +59,3 @@ See the Microsoft [CMakeSettings.json schema reference](https://learn.microsoft.
* Specific environment variables
* *UI-related tweaks
+8
View File
@@ -0,0 +1,8 @@
cmake_minimum_required(VERSION 3.10)
project(wolfssl_consumer C)
find_package(wolfssl CONFIG REQUIRED)
add_executable(wolfssl_consumer main.c)
target_link_libraries(wolfssl_consumer PRIVATE wolfssl::wolfssl)
+12
View File
@@ -0,0 +1,12 @@
# CMake consumer test
This is a minimal CMake project that consumes the installed wolfSSL
package config.
## Build
```
cmake -S . -B build -DCMAKE_PREFIX_PATH=/path/to/wolfssl/install
cmake --build build
./build/wolfssl_consumer
```
+11
View File
@@ -0,0 +1,11 @@
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
int main(void)
{
if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
return 1;
}
wolfSSL_Cleanup();
return 0;
}
+12
View File
@@ -1,7 +1,19 @@
EXTRA_DIST += cmake/README.md
EXTRA_DIST += cmake/Config.cmake.in
EXTRA_DIST += cmake/wolfssl-config-version.cmake.in
EXTRA_DIST += cmake/wolfssl-targets.cmake.in
EXTRA_DIST += cmake/consumer/CMakeLists.txt
EXTRA_DIST += cmake/consumer/main.c
EXTRA_DIST += cmake/consumer/README.md
EXTRA_DIST += cmake/config.in
EXTRA_DIST += cmake/functions.cmake
EXTRA_DIST += cmake/options.h.in
EXTRA_DIST += cmake/modules/FindARIA.cmake
EXTRA_DIST += cmake/modules/FindOQS.cmake
if CMAKE_INSTALL
cmakedir = $(libdir)/cmake/wolfssl
cmake_DATA = cmake/wolfssl-config.cmake \
cmake/wolfssl-config-version.cmake \
cmake/wolfssl-targets.cmake
endif
+8
View File
@@ -270,6 +270,10 @@ extern "C" {
#cmakedefine WOLFSSL_AES_OFB
#undef WOLFSSL_AES_SIV
#cmakedefine WOLFSSL_AES_SIV
#undef HAVE_AES_ECB
#cmakedefine HAVE_AES_ECB
#undef WOLFSSL_AES_CTS
#cmakedefine WOLFSSL_AES_CTS
#undef WOLFSSL_ALT_CERT_CHAINS
#cmakedefine WOLFSSL_ALT_CERT_CHAINS
#undef WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
@@ -302,6 +306,8 @@ extern "C" {
#cmakedefine WOLFSSL_DTLS_CID
#undef WOLFSSL_DTLS13
#cmakedefine WOLFSSL_DTLS13
#undef WOLFSSL_DTLS_CH_FRAG
#cmakedefine WOLFSSL_DTLS_CH_FRAG
#undef WOLFSSL_EITHER_SIDE
#cmakedefine WOLFSSL_EITHER_SIDE
#undef WOLFSSL_ENCRYPTED_KEYS
@@ -402,6 +408,8 @@ extern "C" {
#cmakedefine WOLFSSL_WC_XMSS
#undef HAVE_SECRET_CALLBACK
#cmakedefine HAVE_SECRET_CALLBACK
#undef WC_RSA_DIRECT
#cmakedefine WC_RSA_DIRECT
#ifdef __cplusplus
}
+17
View File
@@ -0,0 +1,17 @@
# Generated by autoconf; do not edit.
set(PACKAGE_VERSION "@PACKAGE_VERSION@")
# Keep behavior aligned with the native CMake build's AnyNewerVersion semantics:
# compatible when the installed version is >= the requested version.
set(PACKAGE_VERSION_COMPATIBLE FALSE)
set(PACKAGE_VERSION_EXACT FALSE)
if (PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION)
# not compatible
else ()
set(PACKAGE_VERSION_COMPATIBLE TRUE)
if (PACKAGE_FIND_VERSION STREQUAL PACKAGE_VERSION)
set(PACKAGE_VERSION_EXACT TRUE)
endif ()
endif ()
+27
View File
@@ -0,0 +1,27 @@
# Generated by autoconf; do not edit.
if (NOT TARGET wolfssl::wolfssl)
add_library(wolfssl::wolfssl UNKNOWN IMPORTED)
set(_wolfssl_libdir "@WOLFSSL_LIBDIR_ABS@")
set(_wolfssl_includedir "@WOLFSSL_INCLUDEDIR_ABS@")
find_library(WOLFSSL_LIBRARY NAMES wolfssl PATHS "${_wolfssl_libdir}" NO_DEFAULT_PATH)
if (NOT WOLFSSL_LIBRARY)
find_library(WOLFSSL_LIBRARY NAMES wolfssl)
endif()
if (NOT WOLFSSL_LIBRARY)
message(FATAL_ERROR "wolfssl library not found. Looked in: ${_wolfssl_libdir}")
endif()
set_target_properties(wolfssl::wolfssl PROPERTIES
IMPORTED_LOCATION "${WOLFSSL_LIBRARY}"
INTERFACE_INCLUDE_DIRECTORIES "${_wolfssl_includedir}"
)
if (@WOLFSSL_HAVE_PTHREAD@)
set_property(TARGET wolfssl::wolfssl APPEND PROPERTY
INTERFACE_LINK_LIBRARIES Threads::Threads
)
endif()
endif()
+70 -15
View File
@@ -33,6 +33,13 @@ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AC_ARG_PROGRAM
# Optional CMake package install (enabled by default)
AC_ARG_ENABLE([cmake-install],
[AS_HELP_STRING([--disable-cmake-install],[Disable installation of CMake package files])],
[ ENABLED_CMAKE_INSTALL=$enableval ],
[ ENABLED_CMAKE_INSTALL=yes ])
AM_CONDITIONAL([CMAKE_INSTALL],[test "x$ENABLED_CMAKE_INSTALL" = "xyes"])
AC_CONFIG_HEADERS([config.h:config.in])
LT_PREREQ([2.4.2])
@@ -123,9 +130,18 @@ then
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
fi
# Kernel module benchmark
ENABLED_KERNEL_BENCHMARKS=""
AC_ARG_ENABLE([kernel-benchmarks],
[AS_HELP_STRING([--enable-kernel-benchmarks],[Enable crypto benchmarking autorun at module load time for kernel module (default: disabled)])],
[ENABLED_KERNEL_BENCHMARKS=$enableval])
if test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_BENCHMARKS"
fi
AC_SUBST([ENABLED_KERNEL_BENCHMARKS])
# Linux Kernel Module options (more options later)
AC_ARG_ENABLE([linuxkm],
[AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
[ENABLED_LINUXKM=$enableval],
@@ -145,6 +161,12 @@ AC_ARG_ENABLE([freebsdkm],
[ENABLED_BSDKM=no]
)
AC_ARG_ENABLE([freebsdkm-crypto-register],
[AS_HELP_STRING([--enable-freebsdkm-crypto-register],[Register wolfCrypt implementations with the FreeBSD kernel opencrypto framework. (default: disabled)])],
[ENABLED_BSDKM_REGISTER=$enableval],
[ENABLED_BSDKM_REGISTER=no]
)
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
AC_CHECK_LIB([network],[socket])
AC_C_BIGENDIAN
@@ -727,10 +749,8 @@ AC_SUBST([ENABLED_LINUXKM_PIE])
AC_ARG_ENABLE([linuxkm-benchmarks],
[AS_HELP_STRING([--enable-linuxkm-benchmarks],[Enable crypto benchmarking autorun at module load time for Linux kernel module (default: disabled)])],
[ENABLED_KERNEL_BENCHMARKS=$enableval],
[ENABLED_KERNEL_BENCHMARKS=no]
)
if test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
[ENABLED_KERNEL_BENCHMARKS=$enableval])
if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM_BENCHMARKS"
fi
@@ -819,17 +839,15 @@ AC_ARG_WITH([bsd-export-syms],
if test "x$ENABLED_BSDKM" = "xyes"
then
# wolfcrypt only, no-asm supported for now.
# note: bsdkm is wolfcrypt only for now.
HAVE_KERNEL_MODE=yes
KERNEL_MODE_DEFAULTS=yes
ENABLED_NO_LIBRARY=yes
ENABLED_BENCHMARK=no
ENABLED_ASM=no
output_objdir="$(realpath "$output_objdir")/bsdkm"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM -DWC_SIPHASH_NO_ASM"
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
AM_CFLAGS="$AM_CFLAGS -DXMALLOC_OVERRIDE -DWOLFCRYPT_ONLY"
@@ -846,7 +864,16 @@ then
fi
AC_SUBST([KERNEL_ROOT])
AC_SUBST([BSDKM_EXPORT_SYMS])
fi
if test "x$ENABLED_BSDKM_REGISTER" = "xyes"
then
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
ENABLED_AESGCM_STREAM=yes
fi
AM_CFLAGS="$AM_CFLAGS -DBSDKM_CRYPTO_REGISTER"
AC_SUBST([ENABLED_BSDKM_REGISTER])
fi
# end FreeBSD configure
@@ -1383,13 +1410,13 @@ then
esac
fi
# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM. Disable
# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable
# implicit activation, and error on explicit activation.
if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
if test "$enable_riscv_asm" = "yes"
then
if test "$enable_aesgcm_stream" = "yes"
then
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
fi
enable_aesgcm_stream=no
fi
@@ -2061,9 +2088,11 @@ AC_ARG_ENABLE([singlethreaded],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
WOLFSSL_HAVE_PTHREAD=0
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
WOLFSSL_HAVE_PTHREAD=1
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
# versions of clang don't need the -Q flag when using pthreads.
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
@@ -3969,6 +3998,8 @@ then
ENABLED_X86_ASM=yes
fi
fi
AC_SUBST([ENABLED_AESNI])
AC_SUBST([ENABLED_AESNI_WITH_AVX])
AC_ARG_ENABLE([aligndata],
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
@@ -10689,11 +10720,9 @@ then
if test "$ENABLED_AESGCM" = "no"
then
AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
elif test "$ENABLED_RISCV_ASM" = "yes" || \
(test "$ENABLED_ARMASM" = "yes" && \
test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
elif test "$ENABLED_RISCV_ASM" = "yes"
then
AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
@@ -11263,6 +11292,26 @@ AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
AC_SUBST([LIBM])
AC_SUBST([PC_LIBS_PRIVATE])
AC_SUBST([WOLFSSL_HAVE_PTHREAD])
HAVE_PTHREAD=$WOLFSSL_HAVE_PTHREAD
AC_SUBST([HAVE_PTHREAD])
PACKAGE_INIT=''
AC_SUBST([PACKAGE_INIT])
WOLFSSL_PREFIX_ABS=$prefix
if test "x$WOLFSSL_PREFIX_ABS" = "xNONE"; then
WOLFSSL_PREFIX_ABS=$ac_default_prefix
fi
WOLFSSL_EXEC_PREFIX_ABS=$exec_prefix
if test "x$WOLFSSL_EXEC_PREFIX_ABS" = "xNONE"; then
WOLFSSL_EXEC_PREFIX_ABS=$WOLFSSL_PREFIX_ABS
fi
prefix=$WOLFSSL_PREFIX_ABS
exec_prefix=$WOLFSSL_EXEC_PREFIX_ABS
eval WOLFSSL_LIBDIR_ABS=\"$libdir\"
eval WOLFSSL_INCLUDEDIR_ABS=\"$includedir\"
AC_SUBST([WOLFSSL_PREFIX_ABS])
AC_SUBST([WOLFSSL_LIBDIR_ABS])
AC_SUBST([WOLFSSL_INCLUDEDIR_ABS])
# FINAL
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
@@ -11275,6 +11324,12 @@ AC_CONFIG_FILES([Makefile
rpm/spec
wolfcrypt/test/test_paths.h
])
AS_IF([ test "x$ENABLED_CMAKE_INSTALL" = "xyes" ],[
AC_CONFIG_FILES([cmake/wolfssl-config.cmake:cmake/Config.cmake.in
cmake/wolfssl-config-version.cmake:cmake/wolfssl-config-version.cmake.in
cmake/wolfssl-targets.cmake:cmake/wolfssl-targets.cmake.in
])
])
AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])
+1
View File
@@ -2,5 +2,6 @@ usr/include/
usr/lib/*/libwolfssl.so
usr/lib/*/libwolfssl.a
usr/lib/*/pkgconfig/wolfssl.pc
usr/lib/*/cmake/wolfssl/*
usr/bin/wolfssl-config
usr/share/doc/wolfssl/
+60
View File
@@ -180,3 +180,63 @@ void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb);
\sa wc_CryptoCb_RegisterDevice
*/
void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
/*!
\ingroup CryptoCb
\brief Import an AES key into a CryptoCB device for hardware offload.
This function allows AES keys to be handled by an external device
(e.g. Secure Element or HSM). When supported, the device callback stores
the key internally and sets an opaque handle in aes->devCtx.
When CryptoCB AES SetKey support is enabled
(WOLF_CRYPTO_CB_AES_SETKEY), wolfCrypt routes AES-GCM operations
through the CryptoCB interface.
**TLS Builds (Default):**
- Key bytes ARE stored in wolfCrypt memory (devKey) for fallback
- GCM tables ARE generated for software fallback
- Provides hardware acceleration with automatic fallback
**Crypto-Only Builds (--disable-tls):**
- Key bytes NOT stored in wolfCrypt memory (true key isolation)
- GCM tables skipped (true hardware offload)
- Callback must handle all GCM operations (SetKey, Encrypt, Decrypt, Free)
If the callback returns success (0), full AES-GCM offload is assumed.
The callback must handle SetKey, Encrypt, Decrypt, and Free operations.
\param aes AES context
\param key Pointer to raw AES key material
\param keySz Size of key in bytes
\return 0 on success
\return CRYPTOCB_UNAVAILABLE if device does not support this operation
\return BAD_FUNC_ARG on invalid parameters
_Example_
\code
#include <wolfssl/wolfcrypt/cryptocb.h>
#include <wolfssl/wolfcrypt/aes.h>
Aes aes;
byte key[32] = { /* 256-bit key */ };
int devId = 1;
/* Register your CryptoCB callback first */
wc_CryptoCb_RegisterDevice(devId, myCryptoCallback, NULL);
wc_AesInit(&aes, NULL, devId);
/* wc_AesGcmSetKey internally calls wc_CryptoCb_AesSetKey */
if (wc_CryptoCb_AesSetKey(&aes, key, sizeof(key)) == 0) {
/* Key successfully imported to device via callback */
/* aes.devCtx now contains device handle */
/* Full GCM offload is assumed - callback must handle all operations */
}
\endcode
\sa wc_CryptoCb_RegisterDevice
\sa wc_AesInit
*/
int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz);
@@ -74,4 +74,27 @@
- \ref SAKKE_RSK
- \ref SAKKE_Operations
*/
/*!
\page AES_CryptoCB_KeyImport AES CryptoCB Key Import
When enabled via WOLF_CRYPTO_CB_AES_SETKEY, wolfSSL invokes a CryptoCB
callback during AES key setup. The callback behavior determines the mode:
**If callback returns 0 (success):**
- Key is imported to Secure Element/HSM
- Key is NOT copied to wolfSSL RAM (true key isolation)
- GCM tables are NOT generated (full hardware offload)
- All subsequent AES operations route through CryptoCB
**If callback returns CRYPTOCB_UNAVAILABLE:**
- SE doesn't support key import
- Normal software AES path is used
- Key is copied to devKey for CryptoCB encrypt/decrypt acceleration
This mode is compatible with Secure Elements and hardware-backed
key storage and is intended for protecting TLS traffic keys.
\sa wc_CryptoCb_AesSetKey
\sa \ref Crypto Callbacks
*/
+6 -4
View File
@@ -376,7 +376,8 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
buffers to themselves for their lifetime.
WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running
\return none This function does not return a value.
\return Returns 0 on success.
\return Returns a non-zero integer on failure.
\param pHint WOLFSSL_HEAP_HINT structure to use
\param buf memory to use for all operations.
@@ -396,7 +397,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
// load in memory for use
ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0);
if (ret != SSL_SUCCESS) {
if (ret) {
// handle error case
}
...
@@ -419,7 +420,8 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf,
into functions. This extended version allows for custom bucket sizes and distributions
instead of using the default predefined sizes.
\return none This function does not return a value.
\return Returns 0 on success.
\return Returns a non-zero integer on failure.
\param pHint WOLFSSL_HEAP_HINT handle to initialize
\param listSz number of entries in the size and distribution lists
@@ -447,7 +449,7 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf,
ret = wc_LoadStaticMemory_ex(&hint, listSz, sizeList, distList,
memory, memorySz, flag, 0);
if (ret != SSL_SUCCESS) {
if (ret) {
// handle error case
}
...
+4 -3
View File
@@ -545,9 +545,10 @@
* to assure that calls to get_random_bytes() in random.c are gated out
* (they would recurse, potentially infinitely).
*/
#if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
#if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \
!defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \
!defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
#define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
#endif
+25 -16
View File
@@ -30,6 +30,22 @@
#error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported.
#endif
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \
defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
#define LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#else
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#endif
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/hmac.h>
@@ -94,7 +110,14 @@
* exhaustion. A caller that really needs PR can pass in seed data in its call
* to our rng_alg.generate() implementation.
*/
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX)
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
WOLFKM_DRIVER_SUFFIX_BASE \
"-with-global-replace")
#else
#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \
WOLFKM_DRIVER_SUFFIX_BASE)
#endif
#ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL
#define LINUXKM_LKCAPI_REGISTER_SHA1
@@ -388,7 +411,7 @@
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
#error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG
#endif
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
#endif
@@ -1257,20 +1280,6 @@ static struct rng_alg wc_linuxkm_drbg = {
};
static int wc_linuxkm_drbg_loaded = 0;
#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \
(defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES))
#ifndef LINUXKM_DRBG_GET_RANDOM_BYTES
#define LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#else
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured.
#undef LINUXKM_DRBG_GET_RANDOM_BYTES
#endif
#endif
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#ifndef WOLFSSL_SMALL_STACK_CACHE
+6
View File
@@ -17,10 +17,16 @@ MAINTAINERCLEANFILES+= $(FIPS_FILES)
EXTRA_DIST += src/bio.c
EXTRA_DIST += src/conf.c
EXTRA_DIST += src/pk.c
EXTRA_DIST += src/pk_rsa.c
EXTRA_DIST += src/pk_ec.c
EXTRA_DIST += src/ssl_api_cert.c
EXTRA_DIST += src/ssl_api_crl_ocsp.c
EXTRA_DIST += src/ssl_api_pk.c
EXTRA_DIST += src/ssl_asn1.c
EXTRA_DIST += src/ssl_bn.c
EXTRA_DIST += src/ssl_certman.c
EXTRA_DIST += src/ssl_crypto.c
EXTRA_DIST += src/ssl_ech.c
EXTRA_DIST += src/ssl_load.c
EXTRA_DIST += src/ssl_misc.c
EXTRA_DIST += src/ssl_p7p12.c
+28
View File
@@ -13848,6 +13848,34 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
}
x509->authInfoSet = dCert->extAuthInfoSet;
x509->authInfoCrit = dCert->extAuthInfoCrit;
x509->authInfoListSz = dCert->extAuthInfoListSz;
x509->authInfoListOverflow = dCert->extAuthInfoListOverflow;
if (x509->authInfoListSz > WOLFSSL_MAX_AIA_ENTRIES) {
x509->authInfoListSz = WOLFSSL_MAX_AIA_ENTRIES;
x509->authInfoListOverflow = 1;
}
if (x509->authInfoListSz > 0) {
int i;
for (i = 0; i < x509->authInfoListSz; i++) {
x509->authInfoList[i].method = dCert->extAuthInfoList[i].method;
x509->authInfoList[i].uriSz = dCert->extAuthInfoList[i].uriSz;
x509->authInfoList[i].uri = NULL;
if (dCert->extAuthInfoList[i].uri != NULL &&
dCert->source != NULL && dCert->maxIdx > 0 &&
x509->derCert != NULL && x509->derCert->buffer != NULL) {
word32 offset = (word32)
(dCert->extAuthInfoList[i].uri - dCert->source);
if (offset < (word32)dCert->maxIdx) {
x509->authInfoList[i].uri =
x509->derCert->buffer + offset;
}
else {
x509->authInfoList[i].uriSz = 0;
}
}
}
}
if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
+10 -9425
View File
File diff suppressed because it is too large Load Diff
+5558
View File
File diff suppressed because it is too large Load Diff
+3943
View File
File diff suppressed because it is too large Load Diff
+13 -5846
View File
File diff suppressed because it is too large Load Diff
+1740
View File
File diff suppressed because it is too large Load Diff
+634
View File
@@ -0,0 +1,634 @@
/* ssl_api_crl_ocsp.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#if !defined(WOLFSSL_SSL_API_CRL_OCSP_INCLUDED)
#ifndef WOLFSSL_IGNORE_FILE_WARN
#warning ssl_api_crl_ocsp.c is not compiled separately from ssl.c
#endif
#else
#ifndef NO_CERTS
#ifdef HAVE_CRL
int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
long sz, int type)
{
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer");
if (ctx == NULL)
return BAD_FUNC_ARG;
return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type);
}
int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
long sz, int type)
{
WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer");
if (ssl == NULL || ssl->ctx == NULL)
return BAD_FUNC_ARG;
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type);
}
int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
{
WOLFSSL_ENTER("wolfSSL_EnableCRL");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_DisableCRL(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableCRL");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl));
}
else
return BAD_FUNC_ARG;
}
#ifndef NO_FILESYSTEM
int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
{
WOLFSSL_ENTER("wolfSSL_LoadCRL");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
{
WOLFSSL_ENTER("wolfSSL_LoadCRLFile");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type);
}
else
return BAD_FUNC_ARG;
}
#endif
int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx);
}
else
return BAD_FUNC_ARG;
}
#ifdef HAVE_CRL_IO
int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb);
}
else
return BAD_FUNC_ARG;
}
#endif
int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
{
WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
if (ctx)
return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
if (ctx)
return wolfSSL_CertManagerDisableCRL(ctx->cm);
else
return BAD_FUNC_ARG;
}
#ifndef NO_FILESYSTEM
int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
int type, int monitor)
{
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
if (ctx)
return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file,
int type)
{
WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
if (ctx)
return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type);
else
return BAD_FUNC_ARG;
}
#endif
int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
if (ctx)
return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb");
if (ctx)
return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx);
else
return BAD_FUNC_ARG;
}
#ifdef HAVE_CRL_IO
int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb");
if (ctx)
return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb);
else
return BAD_FUNC_ARG;
}
#endif
#endif /* HAVE_CRL */
#ifdef HAVE_OCSP
int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
{
WOLFSSL_ENTER("wolfSSL_EnableOCSP");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_DisableOCSP(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableOCSP");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl));
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl));
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl));
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
{
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
if (ssl) {
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
{
WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
if (ssl) {
SSL_CM_WARNING(ssl);
ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */
return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl),
ioCb, respFreeCb, NULL);
}
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
{
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
if (ctx)
return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
if (ctx)
return wolfSSL_CertManagerDisableOCSP(ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
{
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
if (ctx)
return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
CbOCSPRespFree respFreeCb, void* ioCbCtx)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
if (ctx)
return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
respFreeCb, ioCbCtx);
else
return BAD_FUNC_ARG;
}
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling");
if (ctx)
return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling");
if (ctx)
return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple");
if (ctx)
return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple");
if (ctx)
return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm);
else
return BAD_FUNC_ARG;
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \
* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* Not an OpenSSL API. */
int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response)
{
*response = ssl->ocspCsrResp[0].buffer;
return ssl->ocspCsrResp[0].length;
}
/* Not an OpenSSL API. */
char* wolfSSL_get_ocsp_url(WOLFSSL* ssl)
{
return ssl->url;
}
/* Not an OpenSSL API. */
int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
{
if (ssl == NULL)
return WOLFSSL_FAILURE;
ssl->url = url;
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if !defined(NO_ASN_TIME)
int wolfSSL_get_ocsp_producedDate(
WOLFSSL *ssl,
byte *producedDate,
size_t producedDate_space,
int *producedDateFormat)
{
if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) &&
(ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME))
return BAD_FUNC_ARG;
if ((producedDate == NULL) || (producedDateFormat == NULL))
return BAD_FUNC_ARG;
if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space)
return BUFFER_E;
XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate,
producedDate_space);
*producedDateFormat = ssl->ocspProducedDateFormat;
return 0;
}
int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) {
int idx = 0;
if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) &&
(ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME))
return BAD_FUNC_ARG;
if (produced_tm == NULL)
return BAD_FUNC_ARG;
if (ExtractDate(ssl->ocspProducedDate,
(unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx,
MAX_DATE_SZ))
return 0;
else
return ASN_PARSE_E;
}
#endif /* !NO_ASN_TIME */
#endif /* HAVE_OCSP */
#if !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
{
WOLFSSL_ENTER("wolfSSL_UseOCSPStapling");
if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
options, NULL, ssl->heap, ssl->devId);
}
int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
byte options)
{
WOLFSSL_ENTER("wolfSSL_CTX_UseOCSPStapling");
if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
options, NULL, ctx->heap, ctx->devId);
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
{
if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
options, ssl->heap, ssl->devId);
}
int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type,
byte options)
{
if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
options, ctx->heap, ctx->devId);
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#endif /* !NO_TLS && !NO_WOLFSSL_CLIENT */
#ifdef OPENSSL_EXTRA
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
{
WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type");
if (s == NULL){
return BAD_FUNC_ARG;
}
if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){
int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0,
s, s->heap, s->devId);
return (long)r;
} else {
WOLFSSL_MSG(
"SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type.");
return WOLFSSL_FAILURE;
}
}
long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
{
TLSX* extension;
if (s == NULL)
return WOLFSSL_FATAL_ERROR;
extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST);
return (extension != NULL) ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp :
WOLFSSL_FATAL_ERROR;
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb)
{
if (ctx == NULL || ctx->cm == NULL || cb == NULL)
return WOLFSSL_FAILURE;
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
if (ctx->cm->ocsp_stapling == NULL)
return WOLFSSL_FAILURE;
*cb = ctx->cm->ocsp_stapling->statusCb;
#else
(void)cb;
*cb = NULL;
#endif
return WOLFSSL_SUCCESS;
}
int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb)
{
if (ctx == NULL || ctx->cm == NULL)
return WOLFSSL_FAILURE;
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
/* Ensure stapling is on for callback to be used. */
wolfSSL_CTX_EnableOCSPStapling(ctx);
if (ctx->cm->ocsp_stapling == NULL)
return WOLFSSL_FAILURE;
ctx->cm->ocsp_stapling->statusCb = cb;
#else
(void)cb;
#endif
return WOLFSSL_SUCCESS;
}
long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
{
if (ctx == NULL || ctx->cm == NULL)
return WOLFSSL_FAILURE;
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
/* Ensure stapling is on for callback to be used. */
wolfSSL_CTX_EnableOCSPStapling(ctx);
if (ctx->cm->ocsp_stapling == NULL)
return WOLFSSL_FAILURE;
ctx->cm->ocsp_stapling->statusCbArg = arg;
#else
(void)arg;
#endif
return WOLFSSL_SUCCESS;
}
long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char **resp)
{
if (ssl == NULL || resp == NULL)
return 0;
*resp = ssl->ocspCsrResp[0].buffer;
return (long)ssl->ocspCsrResp[0].length;
}
long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char *resp,
int len)
{
return wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, resp, len, 0);
}
int wolfSSL_set_tlsext_status_ocsp_resp_multi(WOLFSSL* ssl, unsigned char *resp,
int len, word32 idx)
{
if (ssl == NULL || idx >= XELEM_CNT(ssl->ocspCsrResp) || len < 0)
return WOLFSSL_FAILURE;
if (!((resp == NULL) ^ (len > 0)))
return WOLFSSL_FAILURE;
XFREE(ssl->ocspCsrResp[idx].buffer, NULL, 0);
ssl->ocspCsrResp[idx].buffer = resp;
ssl->ocspCsrResp[idx].length = (word32)len;
return WOLFSSL_SUCCESS;
}
#ifndef NO_WOLFSSL_SERVER
void wolfSSL_CTX_set_ocsp_status_verify_cb(WOLFSSL_CTX* ctx,
ocspVerifyStatusCb cb, void* cbArg)
{
if (ctx != NULL) {
ctx->ocspStatusVerifyCb = cb;
ctx->ocspStatusVerifyCbArg = cbArg;
}
}
#endif /* NO_WOLFSSL_SERVER */
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST ||
* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#endif /* !NO_CERTS */
#endif /* !WOLFSSL_SSL_API_CRL_OCSP_INCLUDED */
+1611
View File
File diff suppressed because it is too large Load Diff
+8 -4
View File
@@ -3334,7 +3334,8 @@ const char* wolfSSL_ASN1_tag2str(int tag)
const char* str = "(unknown)";
/* Clear negative flag. */
if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) ||
(tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
tag &= ~WOLFSSL_V_ASN1_NEG;
}
/* Check for known basic types. */
@@ -4194,7 +4195,8 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
}
/* Get time as human readable string. */
if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len, t->length)) {
if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len,
t->length)) {
buf = NULL;
}
@@ -4717,9 +4719,11 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
{
if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
|| a->value.ptr != NULL))
if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN ||
a->type == WOLFSSL_V_ASN1_NULL ||
a->value.ptr != NULL)) {
return a->type;
}
return 0;
}
+818 -3
View File
@@ -25,7 +25,7 @@
#if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED)
#ifndef WOLFSSL_IGNORE_FILE_WARN
#warning ssl_certman.c does not need to be compiled separately from ssl.c
#warning ssl_certman.c not to be compiled separately from ssl.c
#endif
#else
@@ -2142,8 +2142,8 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
/* Initialize the OCSP object. */
if (InitOCSP(cm->ocsp, cm) != 0) {
WOLFSSL_MSG("Init OCSP failed");
/* Dispose of OCSP object - indicating dynamically allocated.
*/
/* Dispose of OCSP object - indicating dynamically
* allocated. */
FreeOCSP(cm->ocsp, 1);
cm->ocsp = NULL;
ret = 0;
@@ -2533,6 +2533,821 @@ int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm, CbOCSPIO ioCb,
#endif /* HAVE_OCSP */
/******************************************************************************
* Internal APIs that use WOLFSSL_CERT_MANAGER
******************************************************************************/
/* hash is the SHA digest of name, just use first 32 bits as hash */
static WC_INLINE word32 HashSigner(const byte* hash)
{
return MakeWordFromHash(hash) % CA_TABLE_SIZE;
}
/* does CA already exist on signer list */
int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
{
Signer* signers;
int ret = 0;
word32 row;
if (cm == NULL || hash == NULL) {
return ret;
}
row = HashSigner(hash);
if (wc_LockMutex(&cm->caLock) != 0) {
return ret;
}
signers = cm->caTable[row];
while (signers) {
byte* subjectHash;
#ifndef NO_SKID
subjectHash = signers->subjectKeyIdHash;
#else
subjectHash = signers->subjectNameHash;
#endif
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = 1; /* success */
break;
}
signers = signers->next;
}
wc_UnLockMutex(&cm->caLock);
return ret;
}
#ifdef WOLFSSL_TRUST_PEER_CERT
/* hash is the SHA digest of name, just use first 32 bits as hash */
static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash)
{
return MakeWordFromHash(hash) % TP_TABLE_SIZE;
}
/* does trusted peer already exist on signer list */
int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert)
{
TrustedPeerCert* tp;
int ret = 0;
word32 row = TrustedPeerHashSigner(cert->subjectHash);
if (wc_LockMutex(&cm->tpLock) != 0)
return ret;
tp = cm->tpTable[row];
while (tp) {
if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
SIGNER_DIGEST_SIZE) == 0)
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
&& (XMEMCMP(cert->issuerHash, tp->issuerHash,
SIGNER_DIGEST_SIZE) == 0)
#endif
)
ret = 1;
#ifndef NO_SKID
if (cert->extSubjKeyIdSet) {
/* Compare SKID as well if available */
if (ret == 1 && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
SIGNER_DIGEST_SIZE) != 0)
ret = 0;
}
#endif
if (ret == 1)
break;
tp = tp->next;
}
wc_UnLockMutex(&cm->tpLock);
return ret;
}
/* return Trusted Peer if found, otherwise NULL
type is what to match on
*/
TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert)
{
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
TrustedPeerCert* ret = NULL;
TrustedPeerCert* tp = NULL;
word32 row;
if (cm == NULL || cert == NULL)
return NULL;
row = TrustedPeerHashSigner(cert->subjectHash);
if (wc_LockMutex(&cm->tpLock) != 0)
return ret;
tp = cm->tpTable[row];
while (tp) {
if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
SIGNER_DIGEST_SIZE) == 0)
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
&& (XMEMCMP(cert->issuerHash, tp->issuerHash,
SIGNER_DIGEST_SIZE) == 0)
#endif
)
ret = tp;
#ifndef NO_SKID
if (cert->extSubjKeyIdSet) {
/* Compare SKID as well if available */
if (ret != NULL && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash,
SIGNER_DIGEST_SIZE) != 0)
ret = NULL;
}
#endif
if (ret != NULL)
break;
tp = tp->next;
}
wc_UnLockMutex(&cm->tpLock);
return ret;
}
int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
{
if (tp == NULL || cert == NULL)
return BAD_FUNC_ARG;
/* subject key id or subject hash has been compared when searching
tpTable for the cert from function GetTrustedPeer */
/* compare signatures */
if (tp->sigLen == cert->sigLength) {
if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
return WOLFSSL_FAILURE;
}
}
else {
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
/* return CA if found, otherwise NULL */
Signer* GetCA(void* vp, byte* hash)
{
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
Signer* ret = NULL;
Signer* signers;
word32 row = 0;
if (cm == NULL || hash == NULL)
return NULL;
row = HashSigner(hash);
if (wc_LockMutex(&cm->caLock) != 0)
return ret;
signers = cm->caTable[row];
while (signers) {
byte* subjectHash;
#ifndef NO_SKID
subjectHash = signers->subjectKeyIdHash;
#else
subjectHash = signers->subjectNameHash;
#endif
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
break;
}
signers = signers->next;
}
wc_UnLockMutex(&cm->caLock);
return ret;
}
#if defined(HAVE_OCSP)
Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
{
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
Signer* ret = NULL;
Signer* signers;
int row;
if (cm == NULL || keyHash == NULL)
return NULL;
/* try lookup using keyHash as subjKeyID first */
ret = GetCA(vp, (byte*)keyHash);
if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
return ret;
}
/* if we can't find the cert, we have to scan the full table */
if (wc_LockMutex(&cm->caLock) != 0)
return NULL;
/* Unfortunately we need to look through the entire table */
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
for (signers = cm->caTable[row]; signers != NULL;
signers = signers->next) {
if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
ret = signers;
break;
}
}
}
wc_UnLockMutex(&cm->caLock);
return ret;
}
#endif
#ifdef WOLFSSL_AKID_NAME
Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
const byte* serial, word32 serialSz)
{
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
Signer* ret = NULL;
Signer* signers;
byte nameHash[SIGNER_DIGEST_SIZE];
byte serialHash[SIGNER_DIGEST_SIZE];
word32 row;
if (cm == NULL || issuer == NULL || issuerSz == 0 ||
serial == NULL || serialSz == 0)
return NULL;
if (CalcHashId(issuer, issuerSz, nameHash) != 0 ||
CalcHashId(serial, serialSz, serialHash) != 0)
return NULL;
if (wc_LockMutex(&cm->caLock) != 0)
return ret;
/* Unfortunately we need to look through the entire table */
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
for (signers = cm->caTable[row]; signers != NULL;
signers = signers->next) {
if (XMEMCMP(signers->issuerNameHash, nameHash, SIGNER_DIGEST_SIZE)
== 0 && XMEMCMP(signers->serialHash, serialHash,
SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
break;
}
}
}
wc_UnLockMutex(&cm->caLock);
return ret;
}
#endif
#ifndef NO_SKID
/* return CA if found, otherwise NULL. Walk through hash table. */
Signer* GetCAByName(void* vp, byte* hash)
{
WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
Signer* ret = NULL;
Signer* signers;
word32 row;
if (cm == NULL)
return NULL;
if (wc_LockMutex(&cm->caLock) != 0)
return ret;
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
signers = cm->caTable[row];
while (signers && ret == NULL) {
if (XMEMCMP(hash, signers->subjectNameHash,
SIGNER_DIGEST_SIZE) == 0) {
ret = signers;
}
signers = signers->next;
}
}
wc_UnLockMutex(&cm->caLock);
return ret;
}
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
/* add a trusted peer cert to linked list */
int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
{
int ret = 0;
int row = 0;
TrustedPeerCert* peerCert;
DecodedCert* cert;
DerBuffer* der = *pDer;
WOLFSSL_MSG("Adding a Trusted Peer Cert");
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
DYNAMIC_TYPE_DCERT);
if (cert == NULL) {
FreeDer(&der);
return MEMORY_E;
}
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
FreeDer(&der);
return ret;
}
WOLFSSL_MSG("\tParsed new trusted peer cert");
peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
DYNAMIC_TYPE_CERT);
if (peerCert == NULL) {
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
FreeDer(&der);
return MEMORY_E;
}
XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
#ifndef IGNORE_NAME_CONSTRAINTS
if (peerCert->permittedNames)
FreeNameSubtrees(peerCert->permittedNames, cm->heap);
if (peerCert->excludedNames)
FreeNameSubtrees(peerCert->excludedNames, cm->heap);
#endif
if (AlreadyTrustedPeer(cm, cert)) {
WOLFSSL_MSG("\tAlready have this CA, not adding again");
FreeTrustedPeer(peerCert, cm->heap);
(void)ret;
}
else {
/* add trusted peer signature */
peerCert->sigLen = cert->sigLength;
peerCert->sig = (byte *)XMALLOC(cert->sigLength, cm->heap,
DYNAMIC_TYPE_SIGNATURE);
if (peerCert->sig == NULL) {
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
FreeTrustedPeer(peerCert, cm->heap);
FreeDer(&der);
return MEMORY_E;
}
XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
/* add trusted peer name */
peerCert->nameLen = cert->subjectCNLen;
peerCert->name = cert->subjectCN;
#ifndef IGNORE_NAME_CONSTRAINTS
peerCert->permittedNames = cert->permittedNames;
peerCert->excludedNames = cert->excludedNames;
#endif
/* add SKID when available and hash of name */
#ifndef NO_SKID
XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
SIGNER_DIGEST_SIZE);
#endif
XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
SIGNER_DIGEST_SIZE);
#ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
XMEMCPY(peerCert->issuerHash, cert->issuerHash,
SIGNER_DIGEST_SIZE);
#endif
/* If Key Usage not set, all uses valid. */
peerCert->next = NULL;
cert->subjectCN = 0;
#ifndef IGNORE_NAME_CONSTRAINTS
cert->permittedNames = NULL;
cert->excludedNames = NULL;
#endif
row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash);
if (wc_LockMutex(&cm->tpLock) == 0) {
peerCert->next = cm->tpTable[row];
cm->tpTable[row] = peerCert; /* takes ownership */
wc_UnLockMutex(&cm->tpLock);
}
else {
WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed");
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
FreeTrustedPeer(peerCert, cm->heap);
FreeDer(&der);
return BAD_MUTEX_E;
}
}
WOLFSSL_MSG("\tFreeing parsed trusted peer cert");
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
WOLFSSL_MSG("\tFreeing der trusted peer cert");
FreeDer(&der);
WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert");
WOLFSSL_LEAVE("AddTrustedPeer", ret);
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s)
{
byte* subjectHash;
Signer* signers;
word32 row;
if (cm == NULL || s == NULL)
return BAD_FUNC_ARG;
#ifndef NO_SKID
subjectHash = s->subjectKeyIdHash;
#else
subjectHash = s->subjectNameHash;
#endif
if (AlreadySigner(cm, subjectHash)) {
FreeSigner(s, cm->heap);
return 0;
}
row = HashSigner(subjectHash);
if (wc_LockMutex(&cm->caLock) != 0)
return BAD_MUTEX_E;
signers = cm->caTable[row];
s->next = signers;
cm->caTable[row] = s;
wc_UnLockMutex(&cm->caLock);
return 0;
}
/* owns der, internal now uses too */
/* type flag ids from user or from chain received during verify
don't allow chain ones to be added w/o isCA extension */
int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
{
int ret;
Signer* signer = NULL;
word32 row;
byte* subjectHash;
WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
DerBuffer* der = *pDer;
WOLFSSL_MSG_CERT_LOG("Adding a CA");
if (cm == NULL) {
FreeDer(pDer);
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (cert == NULL) {
FreeDer(pDer);
return MEMORY_E;
}
#endif
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
#ifdef WC_ASN_UNKNOWN_EXT_CB
if (cm->unknownExtCallback != NULL) {
wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
}
#endif
WOLFSSL_MSG_CERT("\tParsing new CA");
ret = ParseCert(cert, CA_TYPE, verify, cm);
WOLFSSL_MSG("\tParsed new CA");
#ifdef WOLFSSL_DEBUG_CERTS
{
const char* err_msg;
if (ret == 0) {
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'",
cert->issuer);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
cert->subject);
}
else {
WOLFSSL_MSG_CERT(
WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
err_msg = wc_GetErrorString(ret);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
ret, err_msg);
}
}
#endif /* WOLFSSL_DEBUG_CERTS */
#ifndef NO_SKID
subjectHash = cert->extSubjKeyId;
#else
subjectHash = cert->subjectHash;
#endif
/* check CA key size */
if (verify && (ret == 0 )) {
switch (cert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
if (cm->minRsaKeySz < 0 ||
cert->pubKeySize < (word16)cm->minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
"minRsaKeySz = %d",
cert->pubKeySize, cm->minRsaKeySz);
}
break;
#endif /* !NO_RSA */
#ifdef HAVE_ECC
case ECDSAk:
if (cm->minEccKeySz < 0 ||
cert->pubKeySize < (word16)cm->minEccKeySz) {
ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
"minEccKeySz = %d",
cert->pubKeySize, cm->minEccKeySz);
}
break;
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
case ED25519k:
if (cm->minEccKeySz < 0 ||
ED25519_KEY_SIZE < (word16)cm->minEccKeySz) {
ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ECC key size error");
}
break;
#endif /* HAVE_ED25519 */
#ifdef HAVE_ED448
case ED448k:
if (cm->minEccKeySz < 0 ||
ED448_KEY_SIZE < (word16)cm->minEccKeySz) {
ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ECC key size error");
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (cm->minFalconKeySz < 0 ||
FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
ret = FALCON_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Falcon level 1 key size error");
}
break;
case FALCON_LEVEL5k:
if (cm->minFalconKeySz < 0 ||
FALCON_LEVEL5_KEY_SIZE < (word16)cm->minFalconKeySz) {
ret = FALCON_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Falcon level 5 key size error");
}
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
}
break;
case DILITHIUM_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
}
break;
case DILITHIUM_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
}
break;
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
case ML_DSA_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
}
break;
case ML_DSA_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
}
break;
case ML_DSA_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
}
break;
#endif /* HAVE_DILITHIUM */
default:
WOLFSSL_MSG("\tNo key size check done on CA");
break; /* no size check if key type is not in switch */
}
}
if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
type != WOLFSSL_TEMP_CA) {
WOLFSSL_MSG("\tCan't add as CA if not actually one");
ret = NOT_CA_ERROR;
}
#ifndef ALLOW_INVALID_CERTSIGN
else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
(cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
/* Intermediate CA certs are required to have the keyCertSign
* extension set. User loaded root certs are not. */
WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
ret = NOT_CA_ERROR;
}
#endif
else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
WOLFSSL_MSG("\tAlready have this CA, not adding again");
(void)ret;
}
else if (ret == 0) {
/* take over signer parts */
signer = MakeSigner(cm->heap);
if (!signer)
ret = MEMORY_ERROR;
}
if (ret == 0 && signer != NULL) {
ret = FillSigner(signer, cert, type, der);
if (ret == 0){
#ifndef NO_SKID
row = HashSigner(signer->subjectKeyIdHash);
#else
row = HashSigner(signer->subjectNameHash);
#endif
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to */
/* be able to be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */
/* Therefore, it doesn't need to call TSIP again if there is already */
/* verified CA. */
if ( ret == 0 && signer != NULL ) {
signer->cm_idx = row;
if (type == WOLFSSL_USER_CA) {
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
cert->maxIdx,
cert->sigCtx.CertAtt.pubkey_n_start,
cert->sigCtx.CertAtt.pubkey_n_len - 1,
cert->sigCtx.CertAtt.pubkey_e_start,
cert->sigCtx.CertAtt.pubkey_e_len - 1,
row/* cm index */))
< 0)
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
else
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
}
}
#endif /* TSIP or SCE */
if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
signer->next = cm->caTable[row];
cm->caTable[row] = signer; /* takes ownership */
wc_UnLockMutex(&cm->caLock);
if (cm->caCacheCallback)
cm->caCacheCallback(der->buffer, (int)der->length, type);
}
else {
WOLFSSL_MSG("\tCA Mutex Lock failed");
ret = BAD_MUTEX_E;
}
}
WOLFSSL_MSG("\tFreeing Parsed CA");
FreeDecodedCert(cert);
if (ret != 0 && signer != NULL)
FreeSigner(signer, cm->heap);
WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT);
WOLFSSL_MSG("\tFreeing der CA");
FreeDer(pDer);
WOLFSSL_MSG("\t\tOK Freeing der CA");
WOLFSSL_LEAVE("AddCA", ret);
return ret == 0 ? WOLFSSL_SUCCESS : ret;
}
/* Removes the CA with the passed in subject hash from the
cert manager's CA cert store. */
int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
{
Signer* current;
Signer** prev;
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
word32 row;
WOLFSSL_MSG("Removing a CA");
if (cm == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
row = HashSigner(hash);
if (wc_LockMutex(&cm->caLock) != 0) {
return BAD_MUTEX_E;
}
current = cm->caTable[row];
prev = &cm->caTable[row];
while (current) {
byte* subjectHash;
#ifndef NO_SKID
subjectHash = current->subjectKeyIdHash;
#else
subjectHash = current->subjectNameHash;
#endif
if ((current->type == type) &&
(XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) {
*prev = current->next;
FreeSigner(current, cm->heap);
ret = WOLFSSL_SUCCESS;
break;
}
prev = &current->next;
current = current->next;
}
wc_UnLockMutex(&cm->caLock);
WOLFSSL_LEAVE("RemoveCA", ret);
return ret;
}
/* Sets the CA with the passed in subject hash
to the provided type. */
int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
{
Signer* current;
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
word32 row;
WOLFSSL_MSG_EX("Setting CA to type %d", type);
if (cm == NULL || hash == NULL ||
type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) {
return ret;
}
row = HashSigner(hash);
if (wc_LockMutex(&cm->caLock) != 0) {
return ret;
}
current = cm->caTable[row];
while (current) {
byte* subjectHash;
#ifndef NO_SKID
subjectHash = current->subjectKeyIdHash;
#else
subjectHash = current->subjectNameHash;
#endif
if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
current->type = (byte)type;
ret = WOLFSSL_SUCCESS;
break;
}
current = current->next;
}
wc_UnLockMutex(&cm->caLock);
WOLFSSL_LEAVE("SetCAType", ret);
return ret;
}
#endif /* NO_CERTS */
#endif /* !WOLFSSL_SSL_CERTMAN_INCLUDED */
+8 -5
View File
@@ -3071,8 +3071,8 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
WOLFSSL_MSG("Null argument passed in");
}
else
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
/* Decrypt a block with wolfCrypt AES. */
if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) {
WOLFSSL_MSG("wc_AesDecryptDirect failed");
@@ -3203,7 +3203,8 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
* AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
*/
void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc)
size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num,
const int enc)
{
#ifndef WOLFSSL_AES_CFB
WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB");
@@ -3435,13 +3436,15 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
* Use 0 buffer as IV to do straight decryption.
* This places the Cn-1 block at lastBlk */
XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION);
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk,
AES_DECRYPTION);
/* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
* to create En. */
XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
/* Cn and Cn-1 can now be decrypted */
(*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv,
AES_DECRYPTION);
XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
}
+738
View File
@@ -0,0 +1,738 @@
/* ssl_ech.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#if !defined(WOLFSSL_SSL_ECH_INCLUDED)
#ifndef WOLFSSL_IGNORE_FILE_WARN
#warning ssl_ech.c does not need to be compiled separately from ssl.c
#endif
#else
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
/* create the hpke key and ech config to send to clients */
int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
word16 kemId, word16 kdfId, word16 aeadId)
{
int ret = 0;
word16 encLen = DHKEM_X25519_ENC_LEN;
WOLFSSL_EchConfig* newConfig;
WOLFSSL_EchConfig* parentConfig;
#ifdef WOLFSSL_SMALL_STACK
Hpke* hpke = NULL;
WC_RNG* rng;
#else
Hpke hpke[1];
WC_RNG rng[1];
#endif
if (ctx == NULL || publicName == NULL)
return BAD_FUNC_ARG;
WC_ALLOC_VAR_EX(rng, WC_RNG, 1, ctx->heap, DYNAMIC_TYPE_RNG,
return MEMORY_E);
ret = wc_InitRng(rng);
if (ret != 0) {
WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG);
return ret;
}
newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (newConfig == NULL)
ret = MEMORY_E;
else
XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig));
/* set random config id */
if (ret == 0)
ret = wc_RNG_GenerateByte(rng, &newConfig->configId);
/* if 0 is selected for algorithms use default, may change with draft */
if (kemId == 0)
kemId = DHKEM_X25519_HKDF_SHA256;
if (kdfId == 0)
kdfId = HKDF_SHA256;
if (aeadId == 0)
aeadId = HPKE_AES_128_GCM;
if (ret == 0) {
/* set the kem id */
newConfig->kemId = kemId;
/* set the cipher suite, only 1 for now */
newConfig->numCipherSuites = 1;
newConfig->cipherSuites =
(EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (newConfig->cipherSuites == NULL) {
ret = MEMORY_E;
}
else {
newConfig->cipherSuites[0].kdfId = kdfId;
newConfig->cipherSuites[0].aeadId = aeadId;
}
}
#ifdef WOLFSSL_SMALL_STACK
if (ret == 0) {
hpke = (Hpke*)XMALLOC(sizeof(Hpke), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (hpke == NULL)
ret = MEMORY_E;
}
#endif
if (ret == 0)
ret = wc_HpkeInit(hpke, kemId, kdfId, aeadId, ctx->heap);
/* generate the receiver private key */
if (ret == 0)
ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng);
/* done with RNG */
wc_FreeRng(rng);
/* serialize the receiver key */
if (ret == 0)
ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey,
newConfig->receiverPubkey, &encLen);
if (ret == 0) {
newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1,
ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (newConfig->publicName == NULL) {
ret = MEMORY_E;
}
else {
XMEMCPY(newConfig->publicName, publicName,
XSTRLEN(publicName) + 1);
}
}
if (ret != 0) {
if (newConfig) {
XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
else {
parentConfig = ctx->echConfigs;
if (parentConfig == NULL) {
ctx->echConfigs = newConfig;
}
else {
while (parentConfig->next != NULL) {
parentConfig = parentConfig->next;
}
parentConfig->next = newConfig;
}
}
if (ret == 0)
ret = WOLFSSL_SUCCESS;
WC_FREE_VAR_EX(hpke, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG);
return ret;
}
int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64,
word32 echConfigs64Len)
{
int ret = 0;
word32 decodedLen = echConfigs64Len * 3 / 4 + 1;
byte* decodedConfigs;
if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0)
return BAD_FUNC_ARG;
decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (decodedConfigs == NULL)
return MEMORY_E;
decodedConfigs[decodedLen - 1] = 0;
/* decode the echConfigs */
ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len,
decodedConfigs, &decodedLen);
if (ret != 0) {
XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen);
XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs,
word32 echConfigsLen)
{
int ret;
if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0)
return BAD_FUNC_ARG;
FreeEchConfigs(ctx->echConfigs, ctx->heap);
ctx->echConfigs = NULL;
ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs,
echConfigsLen);
if (ret == 0)
return WOLFSSL_SUCCESS;
return ret;
}
/* get the ech configs that the server context is using */
int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
word32* outputLen) {
if (ctx == NULL || outputLen == NULL)
return BAD_FUNC_ARG;
/* if we don't have ech configs */
if (ctx->echConfigs == NULL)
return WOLFSSL_FATAL_ERROR;
return GetEchConfigsEx(ctx->echConfigs, output, outputLen);
}
void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable)
{
if (ctx != NULL) {
ctx->disableECH = !enable;
if (ctx->disableECH) {
TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap);
FreeEchConfigs(ctx->echConfigs, ctx->heap);
ctx->echConfigs = NULL;
}
}
}
/* set the ech config from base64 for our client ssl object, base64 is the
* format ech configs are sent using dns records */
int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
word32 echConfigs64Len)
{
int ret = 0;
word32 decodedLen = echConfigs64Len * 3 / 4 + 1;
byte* decodedConfigs;
if (ssl == NULL || echConfigs64 == NULL || echConfigs64Len == 0)
return BAD_FUNC_ARG;
/* already have ech configs */
if (ssl->options.useEch == 1) {
return WOLFSSL_FATAL_ERROR;
}
decodedConfigs = (byte*)XMALLOC(decodedLen, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (decodedConfigs == NULL)
return MEMORY_E;
decodedConfigs[decodedLen - 1] = 0;
/* decode the echConfigs */
ret = Base64_Decode((byte*)echConfigs64, echConfigs64Len,
decodedConfigs, &decodedLen);
if (ret != 0) {
XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
ret = wolfSSL_SetEchConfigs(ssl, decodedConfigs, decodedLen);
XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
/* set the ech config from a raw buffer, this is the format ech configs are
* sent using retry_configs from the ech server */
int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
word32 echConfigsLen)
{
int ret;
if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0)
return BAD_FUNC_ARG;
/* already have ech configs */
if (ssl->options.useEch == 1) {
return WOLFSSL_FATAL_ERROR;
}
ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs,
echConfigsLen);
/* if we found valid configs */
if (ret == 0) {
ssl->options.useEch = 1;
return WOLFSSL_SUCCESS;
}
return ret;
}
/* get the raw ech config from our struct */
int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
{
int i;
word16 totalLen = 0;
if (config == NULL || (output == NULL && outputLen == NULL))
return BAD_FUNC_ARG;
/* 2 for version */
totalLen += 2;
/* 2 for length */
totalLen += 2;
/* 1 for configId */
totalLen += 1;
/* 2 for kemId */
totalLen += 2;
/* 2 for hpke_len */
totalLen += 2;
/* hpke_pub_key */
switch (config->kemId) {
case DHKEM_P256_HKDF_SHA256:
totalLen += DHKEM_P256_ENC_LEN;
break;
case DHKEM_P384_HKDF_SHA384:
totalLen += DHKEM_P384_ENC_LEN;
break;
case DHKEM_P521_HKDF_SHA512:
totalLen += DHKEM_P521_ENC_LEN;
break;
case DHKEM_X25519_HKDF_SHA256:
totalLen += DHKEM_X25519_ENC_LEN;
break;
case DHKEM_X448_HKDF_SHA512:
totalLen += DHKEM_X448_ENC_LEN;
break;
}
/* cipherSuitesLen */
totalLen += 2;
/* cipherSuites */
totalLen += config->numCipherSuites * 4;
/* public name len */
totalLen += 2;
/* public name */
totalLen += XSTRLEN(config->publicName);
/* trailing zeros */
totalLen += 2;
if (output == NULL) {
*outputLen = totalLen;
return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
}
if (totalLen > *outputLen) {
*outputLen = totalLen;
return INPUT_SIZE_E;
}
/* version */
c16toa(TLSX_ECH, output);
output += 2;
/* length - 4 for version and length itself */
c16toa(totalLen - 4, output);
output += 2;
/* configId */
*output = config->configId;
output++;
/* kemId */
c16toa(config->kemId, output);
output += 2;
/* length and key itself */
switch (config->kemId) {
case DHKEM_P256_HKDF_SHA256:
c16toa(DHKEM_P256_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN);
output += DHKEM_P256_ENC_LEN;
break;
case DHKEM_P384_HKDF_SHA384:
c16toa(DHKEM_P384_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN);
output += DHKEM_P384_ENC_LEN;
break;
case DHKEM_P521_HKDF_SHA512:
c16toa(DHKEM_P521_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN);
output += DHKEM_P521_ENC_LEN;
break;
case DHKEM_X25519_HKDF_SHA256:
c16toa(DHKEM_X25519_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN);
output += DHKEM_X25519_ENC_LEN;
break;
case DHKEM_X448_HKDF_SHA512:
c16toa(DHKEM_X448_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN);
output += DHKEM_X448_ENC_LEN;
break;
}
/* cipherSuites len */
c16toa(config->numCipherSuites * 4, output);
output += 2;
/* cipherSuites */
for (i = 0; i < config->numCipherSuites; i++) {
c16toa(config->cipherSuites[i].kdfId, output);
output += 2;
c16toa(config->cipherSuites[i].aeadId, output);
output += 2;
}
/* set maximum name length to 0 */
*output = 0;
output++;
/* publicName len */
*output = XSTRLEN(config->publicName);
output++;
/* publicName */
XMEMCPY(output, config->publicName,
XSTRLEN(config->publicName));
output += XSTRLEN(config->publicName);
/* terminating zeros */
c16toa(0, output);
/* output += 2; */
*outputLen = totalLen;
return 0;
}
/* wrapper function to get ech configs from application code */
int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen)
{
if (ssl == NULL || outputLen == NULL)
return BAD_FUNC_ARG;
/* if we don't have ech configs */
if (ssl->options.useEch != 1) {
return WOLFSSL_FATAL_ERROR;
}
return GetEchConfigsEx(ssl->echConfigs, output, outputLen);
}
void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable)
{
if (ssl != NULL) {
ssl->options.disableECH = !enable;
if (ssl->options.disableECH) {
TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
FreeEchConfigs(ssl->echConfigs, ssl->heap);
ssl->echConfigs = NULL;
}
}
}
int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
const byte* echConfigs, word32 echConfigsLen)
{
int ret = 0;
int i;
int j;
word16 totalLength;
word16 version;
word16 length;
word16 hpkePubkeyLen;
word16 cipherSuitesLen;
word16 publicNameLen;
WOLFSSL_EchConfig* configList = NULL;
WOLFSSL_EchConfig* workingConfig = NULL;
WOLFSSL_EchConfig* lastConfig = NULL;
byte* echConfig = NULL;
if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen == 0)
return BAD_FUNC_ARG;
/* check that the total length is well formed */
ato16(echConfigs, &totalLength);
if (totalLength != echConfigsLen - 2) {
return WOLFSSL_FATAL_ERROR;
}
/* skip the total length uint16_t */
i = 2;
do {
echConfig = (byte*)echConfigs + i;
ato16(echConfig, &version);
ato16(echConfig + 2, &length);
/* if the version does not match */
if (version != TLSX_ECH) {
/* we hit the end of the configs */
if ( (word32)i + 2 >= echConfigsLen ) {
break;
}
/* skip this config, +4 for version and length */
i += length + 4;
continue;
}
/* check if the length will overrun the buffer */
if ((word32)i + length + 4 > echConfigsLen) {
break;
}
if (workingConfig == NULL) {
workingConfig =
(WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap,
DYNAMIC_TYPE_TMP_BUFFER);
configList = workingConfig;
if (workingConfig != NULL) {
workingConfig->next = NULL;
}
}
else {
lastConfig = workingConfig;
workingConfig->next =
(WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
heap, DYNAMIC_TYPE_TMP_BUFFER);
workingConfig = workingConfig->next;
}
if (workingConfig == NULL) {
ret = MEMORY_E;
break;
}
XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig));
/* rawLen */
workingConfig->rawLen = length + 4;
/* raw body */
workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen,
heap, DYNAMIC_TYPE_TMP_BUFFER);
if (workingConfig->raw == NULL) {
ret = MEMORY_E;
break;
}
XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen);
/* skip over version and length */
echConfig += 4;
/* configId, 1 byte */
workingConfig->configId = *(echConfig);
echConfig++;
/* kemId, 2 bytes */
ato16(echConfig, &workingConfig->kemId);
echConfig += 2;
/* hpke public_key length, 2 bytes */
ato16(echConfig, &hpkePubkeyLen);
echConfig += 2;
/* hpke public_key */
XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen);
echConfig += hpkePubkeyLen;
/* cipherSuitesLen */
ato16(echConfig, &cipherSuitesLen);
workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen,
heap, DYNAMIC_TYPE_TMP_BUFFER);
if (workingConfig->cipherSuites == NULL) {
ret = MEMORY_E;
break;
}
echConfig += 2;
workingConfig->numCipherSuites = cipherSuitesLen / 4;
/* cipherSuites */
for (j = 0; j < workingConfig->numCipherSuites; j++) {
ato16(echConfig + j * 4, &workingConfig->cipherSuites[j].kdfId);
ato16(echConfig + j * 4 + 2,
&workingConfig->cipherSuites[j].aeadId);
}
echConfig += cipherSuitesLen;
/* ignore the maximum name length */
echConfig++;
/* publicNameLen */
publicNameLen = *(echConfig);
workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1,
heap, DYNAMIC_TYPE_TMP_BUFFER);
if (workingConfig->publicName == NULL) {
ret = MEMORY_E;
break;
}
echConfig++;
/* publicName */
XMEMCPY(workingConfig->publicName, echConfig, publicNameLen);
/* null terminated */
workingConfig->publicName[publicNameLen] = 0;
/* add length to go to next config, +4 for version and length */
i += length + 4;
/* check that we support this config */
for (j = 0; j < HPKE_SUPPORTED_KEM_LEN; j++) {
if (hpkeSupportedKem[j] == workingConfig->kemId)
break;
}
/* if we don't support the kem or at least one cipher suite */
if (j >= HPKE_SUPPORTED_KEM_LEN ||
EchConfigGetSupportedCipherSuite(workingConfig) < 0)
{
XFREE(workingConfig->cipherSuites, heap,
DYNAMIC_TYPE_TMP_BUFFER);
XFREE(workingConfig->publicName, heap,
DYNAMIC_TYPE_TMP_BUFFER);
XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
workingConfig = lastConfig;
}
} while ((word32)i < echConfigsLen);
/* if we found valid configs */
if (ret == 0 && configList != NULL) {
*outputConfigs = configList;
return ret;
}
workingConfig = configList;
while (workingConfig != NULL) {
lastConfig = workingConfig;
workingConfig = workingConfig->next;
XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (ret == 0)
return WOLFSSL_FATAL_ERROR;
return ret;
}
/* get the raw ech configs from our linked list of ech config structs */
int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
{
int ret = 0;
WOLFSSL_EchConfig* workingConfig = NULL;
byte* outputStart = output;
word32 totalLen = 2;
word32 workingOutputLen = 0;
if (configs == NULL || outputLen == NULL ||
(output != NULL && *outputLen < totalLen)) {
return BAD_FUNC_ARG;
}
/* skip over total length which we fill in later */
if (output != NULL) {
workingOutputLen = *outputLen - totalLen;
output += 2;
}
else {
/* caller getting the size only, set current 2 byte length size */
*outputLen = totalLen;
}
workingConfig = configs;
while (workingConfig != NULL) {
/* get this config */
ret = GetEchConfig(workingConfig, output, &workingOutputLen);
if (output != NULL)
output += workingOutputLen;
/* add this config's length to the total length */
totalLen += workingOutputLen;
if (totalLen > *outputLen)
workingOutputLen = 0;
else
workingOutputLen = *outputLen - totalLen;
/* only error we break on, other 2 we need to keep finding length */
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return BAD_FUNC_ARG;
workingConfig = workingConfig->next;
}
if (output == NULL) {
*outputLen = totalLen;
return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
}
if (totalLen > *outputLen) {
*outputLen = totalLen;
return INPUT_SIZE_E;
}
/* total size -2 for size itself */
c16toa(totalLen - 2, outputStart);
*outputLen = totalLen;
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_TLS13 && HAVE_ECH */
#endif /* !WOLFSSL_SSL_ECH_INCLUDED */
+49 -20
View File
@@ -928,7 +928,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
if (ret == 0) {
/* Decode as a Dilithium private key. */
idx = 0;
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key,
der->length);
if (ret == 0) {
ret = dilithium_get_oid_sum(key, &keyFormatTemp);
if (ret == 0) {
@@ -1079,11 +1080,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
#ifdef WC_RSA_PSS
if((ret == 0) && (*keyFormat == RSAPSSk)) {
/*
Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
and to detect that the der is RSAPSSk (when *keyFormat == 0).
*/
/* Require logic to verify that the der is RSAPSSk
* (when *keyFormat == RSAPSSK), and to detect that the der is RSAPSSk
* (when *keyFormat == 0). */
matchAnyKey = 1;
}
#endif /* WC_RSA_PSS */
@@ -2138,7 +2137,8 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
* certificates so we can inject them at verification time */
if (ret == 1 && ctx->doAppleNativeCertValidationFlag == 1) {
WOLFSSL_MSG("ANCV Test: Appending CA to cert list");
ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf, (int)derLen);
ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf,
(int)derLen);
if (ret == WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ANCV Test: Clearing CA table");
/* Clear the CA table so we can ensure they won't be used for
@@ -2949,8 +2949,8 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
NULL, verify);
#else
/* Load the DER formatted CA file */
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0,
NULL, verify);
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL,
0, NULL, verify);
#endif
#ifndef NO_WOLFSSL_DIR
if (ret == 1) {
@@ -3234,8 +3234,8 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
GET_VERIFY_SETTING_CTX(ctx));
#else
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL,
GET_VERIFY_SETTING_CTX(ctx));
ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1,
NULL, GET_VERIFY_SETTING_CTX(ctx));
#endif
/* Return 1 on success or 0 on failure. */
@@ -4157,6 +4157,8 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
{
int ret = 1;
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id");
/* Dispose of old private key and allocate and copy in id. */
FreeDer(&ctx->privateKey);
if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE,
@@ -4182,6 +4184,7 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
#endif
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Id", ret);
return ret;
}
@@ -4198,12 +4201,17 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
long sz, int devId, long keySz)
{
int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
int ret;
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_id");
ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
if (ret == 1) {
/* Set the key size which normally is calculated during decoding. */
ctx->privateKeySz = (int)keySz;
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_id", ret);
return ret;
}
@@ -4221,6 +4229,8 @@ int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
int ret = 1;
word32 sz = (word32)XSTRLEN(label) + 1;
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Label");
/* Dispose of old private key and allocate and copy in label. */
FreeDer(&ctx->privateKey);
if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz,
@@ -4246,6 +4256,7 @@ int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
#endif
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Label", ret);
return ret;
}
@@ -4255,6 +4266,8 @@ int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
{
int ret = 1;
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id");
if ((ctx == NULL) || (id == NULL)) {
ret = 0;
}
@@ -4277,17 +4290,23 @@ int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
}
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Id", ret);
return ret;
}
int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
long sz, int devId, long keySz)
{
int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
int ret;
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_id");
ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
if (ret == 1) {
ctx->altPrivateKeySz = (word32)keySz;
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_id", ret);
return ret;
}
@@ -4297,6 +4316,8 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
int ret = 1;
word32 sz;
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Label");
if ((ctx == NULL) || (label == NULL)) {
ret = 0;
}
@@ -4320,6 +4341,7 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
}
}
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Label", ret);
return ret;
}
#endif /* WOLFSSL_DUAL_ALG_CERTS */
@@ -4871,7 +4893,8 @@ static int wolfssl_ctx_add_to_chain(WOLFSSL_CTX* ctx, const byte* der,
if (res == 1) {
/* Add chain to DER buffer. */
res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, ctx->heap);
res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz,
ctx->heap);
#ifdef WOLFSSL_TLS13
/* Update count of certificates. */
ctx->certChainCnt++;
@@ -5417,7 +5440,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
}
#else
/* OpenSSL's implementation of this API does not require loading the
system CA cert directory. Allow skipping this without erroring out. */
* system CA cert directory. Allow skipping this without erroring out.
*/
ret = 1;
#endif
}
@@ -5538,8 +5562,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
if (ret == 1) {
/* Allocate buffers for p and g to be assigned into SSL. */
pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if ((pAlloc == NULL) || (gAlloc == NULL)) {
/* Memory will be freed below in the (ret != 1) block */
ret = MEMORY_E;
@@ -5590,7 +5616,8 @@ static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
/* Initialize a DH object. */
if ((ret = wc_InitDhKey(checkKey)) == 0) {
/* Check DH parameters. */
ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng);
ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz,
NULL, 0, 0, &rng);
/* Dispose of DH object. */
wc_FreeDhKey(checkKey);
}
@@ -5686,8 +5713,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
if (ret == 1) {
/* Allocate buffers for p and g to be assigned into SSL context. */
pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if ((pAlloc == NULL) || (gAlloc == NULL)) {
ret = MEMORY_E;
}
+6 -4
View File
@@ -1029,7 +1029,8 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
XMEMSET(pem, 0, pemSz);
if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL, CERT_TYPE) < 0) {
if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL,CERT_TYPE)
< 0) {
goto error;
}
if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
@@ -1368,8 +1369,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
WOLFSSL_MSG("Error base64 decoding S/MIME message.");
goto error;
}
pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, (int)outLen,
bcontMem, (word32)bcontMemSz);
pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out,
(int)outLen, bcontMem, (word32)bcontMemSz);
wc_MIME_free_hdrs(allHdrs);
XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7);
@@ -1912,7 +1913,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
DYNAMIC_TYPE_X509);
InitX509(x509, 1, heap);
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL)
!= 0) {
WOLFSSL_MSG("Issue with parsing certificate");
FreeDecodedCert(DeCert);
wolfSSL_X509_free(x509);
+18 -12
View File
@@ -968,7 +968,8 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
}
/* start from most recently used */
count = (int)min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW);
count = (int)min((word32)ClientCache[row].totalCount,
CLIENT_SESSIONS_PER_ROW);
idx = ClientCache[row].nextIdx - 1;
if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) {
/* if back to front, the previous was end */
@@ -997,7 +998,8 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
#else
current = &sessRow->Sessions[clSess[idx].serverIdx];
#endif
if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) {
if (current && XMEMCMP(current->serverID, id,
(unsigned long)len) == 0) {
WOLFSSL_MSG("Found a serverid match for client");
if (LowResTimer() < (current->bornOn + current->timeout)) {
WOLFSSL_MSG("Session valid");
@@ -1265,8 +1267,8 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
#endif
if (output->ticketLenAlloc)
XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK);
output->ticket = tmpTicket; /* cppcheck-suppress autoVariables
*/
/* cppcheck-suppress autoVariables */
output->ticket = tmpTicket;
output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN;
output->ticketLen = 0;
tmpBufSet = 1;
@@ -1394,7 +1396,8 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output)
output->ticketLen = 0;
}
if (error == WOLFSSL_SUCCESS) {
XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */
/* cppcheck-suppress uninitvar */
XMEMCPY(output->ticket, tmpTicket, output->ticketLen);
}
}
WC_FREE_VAR_EX(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1839,8 +1842,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
#ifdef HAVE_SESSION_TICKET
XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,3)))
XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
#endif
#endif
@@ -1879,8 +1883,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
if (cacheSession == NULL) {
#ifdef HAVE_SESSION_TICKET
XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,3)))
XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
#endif
#endif
@@ -2028,8 +2033,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
#ifndef NO_CLIENT_CACHE
if (ret == 0 && clientCacheEntry != NULL) {
ClientSession* clientCache = AddSessionToClientCache(side, row, (int)idx,
addSession->serverID, addSession->idLen, id, useTicket);
ClientSession* clientCache = AddSessionToClientCache(side, row,
(int)idx, addSession->serverID, addSession->idLen, id, useTicket);
if (clientCache != NULL)
*clientCacheEntry = clientCache;
}
@@ -4088,7 +4093,8 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
ForceZero(session->sessionID, ID_LEN);
if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */
/* // NOLINTNEXTLINE(clang-analyzer-unix.Malloc) */
XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);
}
}
+44
View File
@@ -259,6 +259,50 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
return ret;
}
/* Pushes the node onto the back of the stack.
*
* If *stack is NULL, node becomes the head.
*
* @param [in, out] stack Stack of nodes.
* @param [in] node Node to append.
*
* @return WOLFSSL_SUCCESS on success
* @return WOLFSSL_FAILURE when stack or node is NULL.
*/
int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
{
int ret = WOLFSSL_SUCCESS;
/* Validate parameters. */
if (stack == NULL || node == NULL) {
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
node->next = NULL;
/* Tail node has num of 1, indicating 1 node till the end */
node->num = 1;
if (*stack == NULL) {
/* First node. */
*stack = node;
}
else {
/* Walk to the end and append. Each node's num field holds the
* count of nodes from that node to the tail (inclusive), so
* every existing node's num increases by one. */
WOLFSSL_STACK* cur = *stack;
while (cur->next != NULL) {
cur->num++;
cur = cur->next;
}
cur->num++;
cur->next = node;
}
}
return ret;
}
/* Removes the node at the index from the stack and returns data.
*
* This is an internal API.
+1 -1
View File
@@ -9894,7 +9894,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
ato16(&input[offset], &keLen);
offset += OPAQUE16_LEN;
if (keLen == 0)
return INVALID_PARAMETER;
return BUFFER_ERROR;
if (keLen > length - offset)
return BUFFER_ERROR;
+2 -2
View File
@@ -5497,8 +5497,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
suite[1] = ssl->options.cipherSuite;
if (!FindSuiteSSL(ssl, suite)) {
WOLFSSL_MSG("Cipher suite not supported on client");
WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR);
return MATCH_SUITE_ERROR;
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
return INVALID_PARAMETER;
}
#if defined(HAVE_ECH)
+93 -25
View File
@@ -14986,41 +14986,109 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
{
WOLFSSL_STACK *curr;
wolfSSL_sk_pop_free(sk, NULL);
}
while (sk != NULL) {
curr = sk;
sk = sk->next;
static int x509_aia_append_string(WOLFSSL_STACK** head,
const byte* uri, word32 uriSz)
{
WOLFSSL_STACK* node;
char* url;
XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL);
url = (char*)XMALLOC(uriSz + 1, NULL, DYNAMIC_TYPE_OPENSSL);
if (url == NULL)
return WOLFSSL_FAILURE;
XMEMCPY(url, uri, uriSz);
url[uriSz] = '\0';
node = wolfSSL_sk_new_node(*head != NULL ? (*head)->heap : NULL);
if (node == NULL) {
XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
return WOLFSSL_FAILURE;
}
node->type = STACK_TYPE_STRING;
node->data.string = url;
if (wolfSSL_sk_push_back_node(head, node) != WOLFSSL_SUCCESS) {
XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL_sk_free_node(node);
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method,
const byte* fallback, int fallbackSz)
{
WOLFSSL_STACK* head = NULL;
int i;
if (x == NULL)
return NULL;
/* Collect matching URIs from the multi-entry list into a new stack;
* fall back to the legacy single-entry field for compatibility. */
if (x->authInfoListSz > 0) {
for (i = 0; i < x->authInfoListSz; i++) {
if (x->authInfoList[i].method != method ||
x->authInfoList[i].uri == NULL ||
x->authInfoList[i].uriSz == 0) {
continue;
}
if (x509_aia_append_string(&head, x->authInfoList[i].uri,
x->authInfoList[i].uriSz) != WOLFSSL_SUCCESS) {
wolfSSL_sk_pop_free(head, NULL);
return NULL;
}
}
}
if (head == NULL && fallback != NULL && fallbackSz > 0) {
if (x509_aia_append_string(&head, fallback, (word32)fallbackSz)
!= WOLFSSL_SUCCESS) {
wolfSSL_sk_pop_free(head, NULL);
return NULL;
}
}
return head;
}
WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
{
WOLFSSL_STACK* list = NULL;
char* url;
if (x == NULL || x->authInfoSz == 0)
if (x == NULL)
return NULL;
list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1,
NULL, DYNAMIC_TYPE_OPENSSL);
if (list == NULL)
return NULL;
url = (char*)list;
url += sizeof(WOLFSSL_STACK);
XMEMCPY(url, x->authInfo, x->authInfoSz);
url[x->authInfoSz] = '\0';
list->data.string = url;
list->next = NULL;
list->num = 1;
return list;
return x509_get1_aia_by_method(x, AIA_OCSP_OID, x->authInfo, x->authInfoSz);
}
int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x)
{
int overflow = 0;
WOLFSSL_ENTER("wolfSSL_X509_get_aia_overflow");
if (x != NULL) {
overflow = x->authInfoListOverflow;
}
WOLFSSL_LEAVE("wolfSSL_X509_get_aia_overflow", overflow);
return overflow;
}
#ifdef WOLFSSL_ASN_CA_ISSUER
WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(WOLFSSL_X509 *x)
{
if (x == NULL)
return NULL;
return x509_get1_aia_by_method(x, AIA_CA_ISSUER_OID, x->authInfoCaIssuer,
x->authInfoCaIssuerSz);
}
#endif /* WOLFSSL_ASN_CA_ISSUER */
int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
{
WOLFSSL_X509_NAME *issuerName = wolfSSL_X509_get_issuer_name(subject);
+106
View File
@@ -19199,6 +19199,109 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
return EXPECT_RESULT();
}
static int test_wolfSSL_X509_get1_ca_issuers(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509* cert = NULL;
STACK_OF(WOLFSSL_STRING) *skStr = NULL;
WOLFSSL_STRING url = NULL;
const char* expected = "http://example.com/ca.pem";
ExpectNull(wolfSSL_X509_get1_ca_issuers(NULL));
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
"certs/aia/ca-issuers-cert.pem", WOLFSSL_FILETYPE_PEM));
ExpectNotNull(skStr = wolfSSL_X509_get1_ca_issuers(cert));
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(skStr), 1);
ExpectNotNull(url = wolfSSL_sk_WOLFSSL_STRING_value(skStr, 0));
ExpectIntEQ(XSTRCMP(url, expected), 0);
wolfSSL_X509_email_free(skStr);
wolfSSL_X509_free(cert);
#endif
return EXPECT_RESULT();
}
static int test_wolfSSL_X509_get1_aia_multi(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509* cert = NULL;
STACK_OF(WOLFSSL_STRING) *ocsp = NULL;
STACK_OF(WOLFSSL_STRING) *ca = NULL;
const char* ocspExp1 = "http://127.0.0.1:22221";
const char* ocspExp2 = "http://127.0.0.1:22222";
const char* caExp1 = "http://www.wolfssl.com/ca.pem";
const char* caExp2 = "https://www.wolfssl.com/ca2.pem";
int i;
int ocspFound1 = 0, ocspFound2 = 0;
int caFound1 = 0, caFound2 = 0;
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
"certs/aia/multi-aia-cert.pem", WOLFSSL_FILETYPE_PEM));
ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 0);
ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert));
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ocsp), 2);
for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ocsp); i++) {
WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ocsp, i);
if (url == NULL)
continue;
if (XSTRCMP(url, ocspExp1) == 0) ocspFound1 = 1;
if (XSTRCMP(url, ocspExp2) == 0) ocspFound2 = 1;
}
ExpectIntEQ(ocspFound1, 1);
ExpectIntEQ(ocspFound2, 1);
ExpectNotNull(ca = wolfSSL_X509_get1_ca_issuers(cert));
ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ca), 2);
for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ca); i++) {
WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ca, i);
if (url == NULL)
continue;
if (XSTRCMP(url, caExp1) == 0) caFound1 = 1;
if (XSTRCMP(url, caExp2) == 0) caFound2 = 1;
}
ExpectIntEQ(caFound1, 1);
ExpectIntEQ(caFound2, 1);
wolfSSL_X509_email_free(ocsp);
wolfSSL_X509_email_free(ca);
wolfSSL_X509_free(cert);
#endif
return EXPECT_RESULT();
}
static int test_wolfSSL_X509_get1_aia_overflow(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* cert = NULL;
STACK_OF(WOLFSSL_STRING) *ocsp = NULL;
int count;
ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
"certs/aia/overflow-aia-cert.pem", WOLFSSL_FILETYPE_PEM));
ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert));
count = wolfSSL_sk_WOLFSSL_STRING_num(ocsp);
ExpectIntEQ(count, 8);
ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 1);
wolfSSL_X509_email_free(ocsp);
wolfSSL_X509_free(cert);
#endif
return EXPECT_RESULT();
}
static int test_no_op_functions(void)
{
EXPECT_DECLS;
@@ -31666,6 +31769,9 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_OCSP_resp_get0),
TEST_DECL(test_wolfSSL_OCSP_parse_url),
TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
TEST_DECL(test_wolfSSL_X509_get1_ca_issuers),
TEST_DECL(test_wolfSSL_X509_get1_aia_multi),
TEST_DECL(test_wolfSSL_X509_get1_aia_overflow),
TEST_DECL(test_wolfSSL_PEM_read),
+739
View File
@@ -5222,3 +5222,742 @@ int test_wc_AesEaxDecryptAuth(void)
* (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
*/
/*----------------------------------------------------------------------------*
| CryptoCB AES SetKey Test
*----------------------------------------------------------------------------*/
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
!defined(NO_AES) && defined(HAVE_AESGCM)
#include <wolfssl/wolfcrypt/cryptocb.h>
#define TEST_CRYPTOCB_AES_DEVID 7
/* Test state tracking */
static int cryptoCbAesSetKeyCalled = 0;
static int cryptoCbAesFreeCalled = 0;
/* Simulated SE key storage - in real SE this would be in secure hardware */
typedef struct {
byte key[AES_256_KEY_SIZE];
word32 keySz;
int valid;
} MockSeKeySlot;
static MockSeKeySlot mockSeKey = {0};
/* Mock handle pointing to our key slot */
static void* cryptoCbAesMockHandle = (void*)&mockSeKey;
/* Test CryptoCB callback for AES key import operations
* This emulates a Secure Element by:
* - Storing the key on SetKey (simulating SE key import)
* - Using stored key for encrypt/decrypt (simulating SE crypto)
* - Clearing key on Free (simulating SE key deletion)
*/
static int test_CryptoCb_Aes_Cb(int devId, wc_CryptoInfo* info, void* ctx)
{
(void)ctx;
if (devId != TEST_CRYPTOCB_AES_DEVID)
return CRYPTOCB_UNAVAILABLE;
/* AES SetKey operation - simulate SE key import */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES &&
info->cipher.aessetkey.aes != NULL) {
Aes* aes = info->cipher.aessetkey.aes;
const byte* key = info->cipher.aessetkey.key;
word32 keySz = info->cipher.aessetkey.keySz;
/* Validate key */
if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) {
return BAD_FUNC_ARG;
}
/* "Import" key to simulated SE storage */
XMEMCPY(mockSeKey.key, key, keySz);
mockSeKey.keySz = keySz;
mockSeKey.valid = 1;
/* Store handle in aes->devCtx - this is what wolfSSL will use */
aes->devCtx = cryptoCbAesMockHandle;
cryptoCbAesSetKeyCalled++;
return 0;
}
/* AES-GCM Encrypt - simulate SE encryption using stored key */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES_GCM &&
info->cipher.enc) {
Aes* aes = info->cipher.aesgcm_enc.aes;
MockSeKeySlot* slot;
Aes tempAes;
int ret;
/* Verify handle points to our key slot */
if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) {
return BAD_FUNC_ARG;
}
slot = (MockSeKeySlot*)aes->devCtx;
if (!slot->valid) {
return BAD_STATE_E;
}
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
XMEMSET(&tempAes, 0, sizeof(tempAes));
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */
if (ret != 0) return ret;
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
if (ret != 0) {
wc_AesFree(&tempAes);
return ret;
}
/* Perform the actual encryption */
ret = wc_AesGcmEncrypt(&tempAes,
info->cipher.aesgcm_enc.out,
info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz);
wc_AesFree(&tempAes);
return ret;
}
/* AES-GCM Decrypt - simulate SE decryption using stored key */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES_GCM &&
!info->cipher.enc) {
Aes* aes = info->cipher.aesgcm_dec.aes;
MockSeKeySlot* slot;
Aes tempAes;
int ret;
/* Verify handle points to our key slot */
if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) {
return BAD_FUNC_ARG;
}
slot = (MockSeKeySlot*)aes->devCtx;
if (!slot->valid) {
return BAD_STATE_E;
}
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
XMEMSET(&tempAes, 0, sizeof(tempAes));
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID);
if (ret != 0) return ret;
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
if (ret != 0) {
wc_AesFree(&tempAes);
return ret;
}
/* Perform the actual decryption */
ret = wc_AesGcmDecrypt(&tempAes,
info->cipher.aesgcm_dec.out,
info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz);
wc_AesFree(&tempAes);
return ret;
}
#ifdef WOLF_CRYPTO_CB_FREE
/* Free operation - simulate SE key deletion */
if (info->algo_type == WC_ALGO_TYPE_FREE &&
info->free.algo == WC_ALGO_TYPE_CIPHER &&
info->free.type == WC_CIPHER_AES) {
Aes* aes = (Aes*)info->free.obj;
if (aes != NULL && aes->devCtx == cryptoCbAesMockHandle) {
/* "Delete" key from simulated SE */
ForceZero(&mockSeKey, sizeof(mockSeKey));
cryptoCbAesFreeCalled++;
}
return 0;
}
#endif
return CRYPTOCB_UNAVAILABLE;
}
/*
* Test: CryptoCB AES SetKey hook for key import / secure element support
*/
int test_wc_CryptoCb_AesSetKey(void)
{
EXPECT_DECLS;
#ifdef WOLFSSL_SMALL_STACK
Aes* aes = NULL;
byte* key = NULL;
byte* iv = NULL;
byte* plain = NULL;
byte* cipher = NULL;
byte* decrypted = NULL;
byte* authTag = NULL;
#else
Aes aes[1];
byte key[AES_128_KEY_SIZE];
byte iv[GCM_NONCE_MID_SZ];
byte plain[16];
byte cipher[16];
byte decrypted[16];
byte authTag[AES_BLOCK_SIZE];
#endif
int ret;
#ifdef WOLFSSL_SMALL_STACK
aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
plain = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
cipher = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
decrypted = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (aes == NULL || key == NULL || iv == NULL || plain == NULL ||
cipher == NULL || decrypted == NULL || authTag == NULL) {
ret = MEMORY_E;
goto out;
}
#endif
/* Initialize key, iv, plain arrays */
{
static const byte keyData[AES_128_KEY_SIZE] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const byte plainData[16] = {
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77,
0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00
};
XMEMCPY(key, keyData, AES_128_KEY_SIZE);
XMEMSET(iv, 0, GCM_NONCE_MID_SZ);
XMEMCPY(plain, plainData, 16);
}
XMEMSET(aes, 0, sizeof(Aes));
XMEMSET(&mockSeKey, 0, sizeof(mockSeKey));
/* Reset test state */
cryptoCbAesSetKeyCalled = 0;
cryptoCbAesFreeCalled = 0;
/* Register test callback */
ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AES_DEVID,
test_CryptoCb_Aes_Cb, NULL);
ExpectIntEQ(ret, 0);
/* Initialize Aes with device ID */
ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AES_DEVID);
ExpectIntEQ(ret, 0);
ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AES_DEVID);
/* Set key - should trigger CryptoCB and "import" to mock SE */
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
ExpectIntEQ(ret, 0);
/* Verify callback was invoked */
ExpectIntEQ(cryptoCbAesSetKeyCalled, 1);
/* Verify handle stored in devCtx */
ExpectPtrEq(aes->devCtx, cryptoCbAesMockHandle);
/* Verify key was "imported" to mock SE */
ExpectIntEQ(mockSeKey.valid, 1);
ExpectIntEQ(mockSeKey.keySz, (int)sizeof(key));
/* Verify keylen metadata stored in Aes struct */
ExpectIntEQ(aes->keylen, (int)sizeof(key));
/* After SetKey succeeds via CryptoCB, verify key NOT in devKey */
{
byte zeroKey[AES_128_KEY_SIZE] = {0};
/* Key should NOT be copied to devKey - SE owns it */
ExpectIntEQ(XMEMCMP(aes->devKey, zeroKey, sizeof(key)), 0);
}
/* Test encrypt - callback performs crypto using stored key */
ret = wc_AesGcmEncrypt(aes, cipher, plain, sizeof(plain),
iv, sizeof(iv), authTag, sizeof(authTag),
NULL, 0);
ExpectIntEQ(ret, 0);
/* Test decrypt - callback performs crypto using stored key */
ret = wc_AesGcmDecrypt(aes, decrypted, cipher, sizeof(cipher),
iv, sizeof(iv), authTag, sizeof(authTag),
NULL, 0);
ExpectIntEQ(ret, 0);
/* Verify round-trip */
ExpectIntEQ(XMEMCMP(plain, decrypted, sizeof(plain)), 0);
#ifdef WOLF_CRYPTO_CB_FREE
/* Free should trigger callback and "delete" key from mock SE */
cryptoCbAesFreeCalled = 0;
wc_AesFree(aes);
/* Verify free callback invoked */
ExpectIntEQ(cryptoCbAesFreeCalled, 1);
/* Verify devCtx cleared */
ExpectPtrEq(aes->devCtx, NULL);
/* Verify key was "deleted" from mock SE */
ExpectIntEQ(mockSeKey.valid, 0);
#else
wc_AesFree(aes);
#endif
/* Cleanup */
wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AES_DEVID);
/* Test software path (no devId) still works */
XMEMSET(aes, 0, sizeof(Aes));
cryptoCbAesSetKeyCalled = 0;
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
ExpectIntEQ(ret, 0);
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
ExpectIntEQ(ret, 0);
/* Callback should NOT have been invoked */
ExpectIntEQ(cryptoCbAesSetKeyCalled, 0);
/* devCtx should be NULL */
ExpectPtrEq(aes->devCtx, NULL);
wc_AesFree(aes);
#ifdef WOLFSSL_SMALL_STACK
out:
XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return EXPECT_RESULT();
}
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */
/*----------------------------------------------------------------------------*
| CryptoCB AES-GCM End-to-End Offload Test
*----------------------------------------------------------------------------*/
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
!defined(NO_AES) && defined(HAVE_AESGCM)
#define TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID 8
/* Test state tracking for end-to-end offload test */
static int cryptoCbAesGcmSetKeyCalled = 0;
static int cryptoCbAesGcmEncryptCalled = 0;
static int cryptoCbAesGcmDecryptCalled = 0;
static int cryptoCbAesGcmFreeCalled = 0;
/* Mock SE key storage for offload test */
typedef struct {
byte key[AES_256_KEY_SIZE];
word32 keySz;
int valid;
} MockSeKeySlotOffload;
static MockSeKeySlotOffload mockSeKeyOffload = {0};
/* Mock handle pointing to our key slot */
static void* cryptoCbAesGcmMockHandle = (void*)&mockSeKeyOffload;
/* Mock CryptoCB callback for end-to-end AES-GCM offload test
* This emulates a Secure Element that:
* - Stores the key on SetKey (simulating SE key import)
* - Performs encryption/decryption using stored key (simulating SE crypto)
* - Tracks all callback invocations to verify offload is working
* - Uses software AES internally (simulating SE internal operation)
*/
static int test_CryptoCb_AesGcm_Offload_Cb(int devId, wc_CryptoInfo* info, void* ctx)
{
(void)ctx;
if (devId != TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID)
return CRYPTOCB_UNAVAILABLE;
/* AES SetKey operation - simulate SE key import */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES &&
info->cipher.aessetkey.aes != NULL) {
Aes* aes = info->cipher.aessetkey.aes;
const byte* key = info->cipher.aessetkey.key;
word32 keySz = info->cipher.aessetkey.keySz;
/* Validate key */
if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) {
return BAD_FUNC_ARG;
}
/* "Import" key to simulated SE storage */
XMEMCPY(mockSeKeyOffload.key, key, keySz);
mockSeKeyOffload.keySz = keySz;
mockSeKeyOffload.valid = 1;
/* Store handle in aes->devCtx - this is what wolfSSL will use */
aes->devCtx = cryptoCbAesGcmMockHandle;
cryptoCbAesGcmSetKeyCalled++;
return 0;
}
/* AES-GCM Encrypt - simulate SE encryption using stored key */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES_GCM &&
info->cipher.enc) {
Aes* aes = info->cipher.aesgcm_enc.aes;
MockSeKeySlotOffload* slot;
Aes tempAes;
int ret;
/* Verify handle points to our key slot */
if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) {
return BAD_FUNC_ARG;
}
slot = (MockSeKeySlotOffload*)aes->devCtx;
if (!slot->valid) {
return BAD_STATE_E;
}
/* Track that encrypt callback was invoked */
cryptoCbAesGcmEncryptCalled++;
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
XMEMSET(&tempAes, 0, sizeof(tempAes));
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */
if (ret != 0) return ret;
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
if (ret != 0) {
wc_AesFree(&tempAes);
return ret;
}
/* Perform the actual encryption using software AES (simulating SE internal operation) */
ret = wc_AesGcmEncrypt(&tempAes,
info->cipher.aesgcm_enc.out,
info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz);
wc_AesFree(&tempAes);
return ret;
}
/* AES-GCM Decrypt - simulate SE decryption using stored key */
if (info->algo_type == WC_ALGO_TYPE_CIPHER &&
info->cipher.type == WC_CIPHER_AES_GCM &&
!info->cipher.enc) {
Aes* aes = info->cipher.aesgcm_dec.aes;
MockSeKeySlotOffload* slot;
Aes tempAes;
int ret;
/* Verify handle points to our key slot */
if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) {
return BAD_FUNC_ARG;
}
slot = (MockSeKeySlotOffload*)aes->devCtx;
if (!slot->valid) {
return BAD_STATE_E;
}
/* Track that decrypt callback was invoked */
cryptoCbAesGcmDecryptCalled++;
/* Initialize a temporary Aes for software crypto (simulating SE internal operation) */
XMEMSET(&tempAes, 0, sizeof(tempAes));
ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID);
if (ret != 0) return ret;
ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz);
if (ret != 0) {
wc_AesFree(&tempAes);
return ret;
}
/* Perform the actual decryption using software AES (simulating SE internal operation) */
ret = wc_AesGcmDecrypt(&tempAes,
info->cipher.aesgcm_dec.out,
info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz);
wc_AesFree(&tempAes);
return ret;
}
#ifdef WOLF_CRYPTO_CB_FREE
/* Free operation - simulate SE key deletion */
if (info->algo_type == WC_ALGO_TYPE_FREE &&
info->free.algo == WC_ALGO_TYPE_CIPHER &&
info->free.type == WC_CIPHER_AES) {
Aes* aes = (Aes*)info->free.obj;
if (aes != NULL && aes->devCtx == cryptoCbAesGcmMockHandle) {
/* "Delete" key from simulated SE */
ForceZero(&mockSeKeyOffload, sizeof(mockSeKeyOffload));
cryptoCbAesGcmFreeCalled++;
}
return 0;
}
#endif
return CRYPTOCB_UNAVAILABLE;
}
/*
* Test: End-to-End AES-GCM Offload via CryptoCB
* This test verifies that:
* - AES-GCM encryption/decryption operations are routed through CryptoCb
* - Software AES is bypassed when offload is enabled
* - Encrypted output and auth tag are correct
* - Decryption via CryptoCb restores the original plaintext
*/
int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void)
{
EXPECT_DECLS;
#ifdef WOLFSSL_SMALL_STACK
Aes* aes = NULL;
byte* key = NULL;
byte* iv = NULL;
byte* aad = NULL;
byte* plaintext = NULL;
byte* ciphertext = NULL;
byte* decrypted = NULL;
byte* authTag = NULL;
#else
Aes aes[1];
byte key[AES_128_KEY_SIZE];
byte iv[GCM_NONCE_MID_SZ];
byte aad[16];
byte plaintext[32];
byte ciphertext[32];
byte decrypted[32];
byte authTag[AES_BLOCK_SIZE];
#endif
int ret;
int i;
int hasNonZero = 0;
#ifdef WOLFSSL_SMALL_STACK
aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
aad = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
plaintext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ciphertext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
decrypted = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (aes == NULL || key == NULL || iv == NULL || aad == NULL ||
plaintext == NULL || ciphertext == NULL || decrypted == NULL ||
authTag == NULL) {
ret = MEMORY_E;
goto out;
}
#endif
/* Initialize key, iv, aad, plaintext arrays */
{
static const byte keyData[AES_128_KEY_SIZE] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const byte ivData[GCM_NONCE_MID_SZ] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b
};
static const byte aadData[16] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
static const byte plaintextData[32] = {
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77,
0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00,
0x54, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73,
0x73, 0x61, 0x67, 0x65, 0x20, 0x32, 0x21, 0x00
};
XMEMCPY(key, keyData, AES_128_KEY_SIZE);
XMEMCPY(iv, ivData, GCM_NONCE_MID_SZ);
XMEMCPY(aad, aadData, 16);
XMEMCPY(plaintext, plaintextData, 32);
}
XMEMSET(aes, 0, sizeof(Aes));
XMEMSET(&mockSeKeyOffload, 0, sizeof(mockSeKeyOffload));
XMEMSET(ciphertext, 0, 32);
XMEMSET(decrypted, 0, 32);
XMEMSET(authTag, 0, AES_BLOCK_SIZE);
/* Reset test state */
cryptoCbAesGcmSetKeyCalled = 0;
cryptoCbAesGcmEncryptCalled = 0;
cryptoCbAesGcmDecryptCalled = 0;
cryptoCbAesGcmFreeCalled = 0;
/* Register test callback */
ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID,
test_CryptoCb_AesGcm_Offload_Cb, NULL);
ExpectIntEQ(ret, 0);
/* Initialize Aes with device ID */
ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
ExpectIntEQ(ret, 0);
ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
/* Set key - should trigger CryptoCB and "import" to mock SE */
ret = wc_AesGcmSetKey(aes, key, sizeof(key));
ExpectIntEQ(ret, 0);
/* Verify SetKey callback was invoked */
ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1);
/* Verify handle stored in devCtx */
ExpectPtrEq(aes->devCtx, cryptoCbAesGcmMockHandle);
/* Verify key was "imported" to mock SE */
ExpectIntEQ(mockSeKeyOffload.valid, 1);
ExpectIntEQ(mockSeKeyOffload.keySz, (int)sizeof(key));
/* Verify keylen metadata stored in Aes struct */
ExpectIntEQ(aes->keylen, (int)sizeof(key));
/* Encrypt via wolfCrypt API - should route through CryptoCb */
ret = wc_AesGcmEncrypt(aes, ciphertext, plaintext, 32,
iv, sizeof(iv), authTag, sizeof(authTag),
aad, 16);
ExpectIntEQ(ret, 0);
/* Assert: Encrypt callback was invoked */
ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1);
/* Assert: Ciphertext is different from plaintext */
ExpectIntNE(XMEMCMP(plaintext, ciphertext, 32), 0);
/* Assert: Auth tag is non-zero */
hasNonZero = 0;
for (i = 0; i < (int)sizeof(authTag); i++) {
if (authTag[i] != 0) {
hasNonZero = 1;
break;
}
}
ExpectIntEQ(hasNonZero, 1);
/* Decrypt via wolfCrypt API - should route through CryptoCb */
ret = wc_AesGcmDecrypt(aes, decrypted, ciphertext, 32,
iv, sizeof(iv), authTag, sizeof(authTag),
aad, 16);
ExpectIntEQ(ret, 0);
/* Assert: Decrypt callback was invoked */
ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1);
/* Assert: Decrypted plaintext matches original */
ExpectIntEQ(XMEMCMP(plaintext, decrypted, 32), 0);
#ifdef WOLF_CRYPTO_CB_FREE
/* Free should trigger callback and "delete" key from mock SE */
cryptoCbAesGcmFreeCalled = 0;
wc_AesFree(aes);
/* Verify free callback invoked */
ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1);
/* Verify devCtx cleared */
ExpectPtrEq(aes->devCtx, NULL);
/* Verify key was "deleted" from mock SE */
ExpectIntEQ(mockSeKeyOffload.valid, 0);
#else
wc_AesFree(aes);
#endif
/* Cleanup */
wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID);
/* Verify lifecycle: SetKey -> Encrypt -> Decrypt -> Free */
ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1);
ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1);
ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1);
#ifdef WOLF_CRYPTO_CB_FREE
ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1);
#endif
#ifdef WOLFSSL_SMALL_STACK
out:
XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(aad, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plaintext, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ciphertext, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return EXPECT_RESULT();
}
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */
+15 -1
View File
@@ -53,6 +53,19 @@ int test_wc_AesEaxDecryptAuth(void);
int test_wc_GmacSetKey(void);
int test_wc_GmacUpdate(void);
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
!defined(NO_AES) && defined(HAVE_AESGCM)
int test_wc_CryptoCb_AesSetKey(void);
int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void);
#endif
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
!defined(NO_AES) && defined(HAVE_AESGCM)
#define TEST_CRYPTOCB_AES_SETKEY_DECL , TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesSetKey), \
TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesGcm_EncryptDecrypt)
#else
#define TEST_CRYPTOCB_AES_SETKEY_DECL
#endif
#define TEST_AES_DECLS \
TEST_DECL_GROUP("aes", test_wc_AesSetKey), \
@@ -74,7 +87,8 @@ int test_wc_GmacUpdate(void);
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt)
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) \
TEST_CRYPTOCB_AES_SETKEY_DECL
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+3 -5
View File
@@ -36,9 +36,8 @@
#include <tests/api/api.h>
#include <tests/api/test_ossl_x509_str.h>
#if defined(OPENSSL_ALL) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM)
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN_TIME)
static int last_errcodes[10];
static int last_errdepths[10];
static int err_index = 0;
@@ -187,8 +186,7 @@ int test_wolfSSL_X509_STORE_check_time(void)
wolfSSL_X509_free(cert);
cert = NULL;
#if defined(OPENSSL_ALL) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM)
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
err_index = 0;
+175 -5
View File
@@ -388,12 +388,15 @@ int test_wc_PKCS7_EncodeData(void)
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
!defined(NO_RSA) && !defined(NO_SHA256)
/* RSA sign raw digest callback */
/* RSA sign raw digest callback
* This callback demonstrates HSM/secure element use case where the private
* key is not passed through PKCS7 structure but obtained independently.
*/
static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
byte* out, word32 outSz, byte* privateKey,
word32 privateKeySz, int devid, int hashOID)
{
/* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
/* specific DigestInfo ASN.1 encoding prefix for a SHA256 digest */
byte digInfoEncoding[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
@@ -407,6 +410,11 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
word32 idx = 0;
RsaKey rsa;
/* privateKey may be NULL in HSM/secure element use case - we load it
* independently in this callback to simulate that scenario */
(void)privateKey;
(void)privateKeySz;
/* SHA-256 required only for this example callback due to above
* digInfoEncoding[] */
if (pkcs7 == NULL || digest == NULL || out == NULL ||
@@ -427,7 +435,33 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
return ret;
}
ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
/* Load key from test buffer - simulates HSM/secure element access */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_RsaPrivateKeyDecode(client_key_der_2048, &idx, &rsa,
sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_RsaPrivateKeyDecode(client_key_der_1024, &idx, &rsa,
sizeof_client_key_der_1024);
#else
{
XFILE fp;
byte keyBuf[ONEK_BUF];
int keySz;
fp = XFOPEN("./certs/client-key.der", "rb");
if (fp == XBADFILE) {
wc_FreeRsaKey(&rsa);
return -1;
}
keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
XFCLOSE(fp);
if (keySz <= 0) {
wc_FreeRsaKey(&rsa);
return -1;
}
ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &rsa, (word32)keySz);
}
#endif
/* sign DigestInfo */
if (ret == 0) {
@@ -451,6 +485,102 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
}
#endif
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
defined(HAVE_ECC) && !defined(NO_SHA256)
/* ECC sign raw digest callback
* This callback demonstrates HSM/secure element use case where the private
* key is not passed through PKCS7 structure but obtained independently.
* Note: This example callback is hash-agnostic and will work with any
* hash algorithm. The hashOID parameter can be used to validate or select
* different signing behavior if needed.
*/
static int eccSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
byte* out, word32 outSz, byte* privateKey,
word32 privateKeySz, int devid, int hashOID)
{
int ret;
word32 idx = 0;
word32 sigSz = outSz;
#ifdef WOLFSSL_SMALL_STACK
ecc_key* ecc = NULL;
#else
ecc_key ecc[1];
#endif
/* privateKey may be NULL in HSM/secure element use case - we load it
* independently in this callback to simulate that scenario */
(void)privateKey;
(void)privateKeySz;
(void)hashOID;
if (pkcs7 == NULL || digest == NULL || out == NULL) {
return -1;
}
#ifdef WOLFSSL_SMALL_STACK
ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, DYNAMIC_TYPE_ECC);
if (ecc == NULL) {
return MEMORY_E;
}
#endif
/* set up ECC key */
ret = wc_ecc_init_ex(ecc, pkcs7->heap, devid);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
#endif
return ret;
}
/* Load key from test buffer - simulates HSM/secure element access */
#if defined(USE_CERT_BUFFERS_256)
ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, ecc,
sizeof_ecc_clikey_der_256);
#else
{
XFILE fp;
byte keyBuf[ONEK_BUF];
int keySz;
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
if (fp == XBADFILE) {
wc_ecc_free(ecc);
#ifdef WOLFSSL_SMALL_STACK
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
#endif
return -1;
}
keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp);
XFCLOSE(fp);
if (keySz <= 0) {
wc_ecc_free(ecc);
#ifdef WOLFSSL_SMALL_STACK
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
#endif
return -1;
}
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, ecc, (word32)keySz);
}
#endif
/* sign digest */
if (ret == 0) {
ret = wc_ecc_sign_hash(digest, digestSz, out, &sigSz, pkcs7->rng, ecc);
if (ret == 0) {
ret = (int)sigSz;
}
}
wc_ecc_free(ecc);
#ifdef WOLFSSL_SMALL_STACK
XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC);
#endif
return ret;
}
#endif
#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
typedef struct encodeSignedDataStream {
byte out[FOURK_BUF*3];
@@ -757,8 +887,7 @@ int test_wc_PKCS7_EncodeSignedData(void)
if (pkcs7 != NULL) {
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
/* privateKey not set - callback simulates HSM/secure element access */
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
@@ -769,6 +898,47 @@ int test_wc_PKCS7_EncodeSignedData(void)
ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
#endif
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \
defined(HAVE_ECC) && !defined(NO_SHA256)
/* test ECC sign raw digest callback, if using ECC and compiled in.
* Example callback assumes SHA-256, so only run test if compiled in. */
{
#if defined(USE_CERT_BUFFERS_256)
byte eccCert[sizeof(cliecc_cert_der_256)];
word32 eccCertSz = (word32)sizeof(eccCert);
XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
#else
byte eccCert[ONEK_BUF];
int eccCertSz;
XFILE eccFp = XBADFILE;
ExpectTrue((eccFp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
XBADFILE);
ExpectIntGT(eccCertSz = (int)XFREAD(eccCert, 1, ONEK_BUF, eccFp), 0);
if (eccFp != XBADFILE)
XFCLOSE(eccFp);
#endif
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, (word32)eccCertSz), 0);
if (pkcs7 != NULL) {
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
/* privateKey not set - callback simulates HSM/secure element access */
pkcs7->encryptOID = ECDSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
}
ExpectIntEQ(wc_PKCS7_SetEccSignRawDigestCb(pkcs7, eccSignRawDigestCb), 0);
ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
}
#endif
wc_PKCS7_Free(pkcs7);
DoExpectIntEQ(wc_FreeRng(&rng), 0);
+18 -4
View File
@@ -2683,9 +2683,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
#endif
}
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
#define bench_stats_start(count, start) do { \
SAVE_VECTOR_REGISTERS(pr_err( \
SAVE_VECTOR_REGISTERS(WOLFSSL_DEBUG_PRINTF( \
"ERROR: SAVE_VECTOR_REGISTERS failed for benchmark run."); \
return; ); \
bench_stats_start(count, start); \
@@ -3161,7 +3161,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
(void)useDeviceID;
(void)ret;
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
RESTORE_VECTOR_REGISTERS();
#elif defined(WOLFSSL_LINUXKM)
kernel_fpu_end();
@@ -3559,7 +3559,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
(void)useDeviceID;
(void)ret;
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
RESTORE_VECTOR_REGISTERS();
#elif defined(WOLFSSL_LINUXKM)
kernel_fpu_end();
@@ -16024,6 +16024,20 @@ void bench_sphincsKeySign(byte level, byte optim)
return (double)ns / 1000000000.0;
}
#elif defined(WOLFSSL_BSDKM)
#include <sys/timex.h>
double current_time(int reset)
{
(void)reset;
struct timespec ts;
int64_t result = 0;
getnanouptime(&ts);
result = (int64_t) ts.tv_sec + (int64_t) ts.tv_nsec / NANOSECOND;
return (double)result;
}
#elif defined(WOLFSSL_GAISLER_BCC)
#include <bcc/bcc.h>
+82 -25
View File
@@ -4365,6 +4365,24 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
#ifdef WOLF_CRYPTO_CB
if (aes->devId != INVALID_DEVID) {
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
return 0;
}
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
aes->devCtx = NULL;
return ret;
}
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
#endif
/* Standard CryptoCB path - copy key to devKey for encrypt/decrypt offload */
if (keylen > sizeof(aes->devKey)) {
return BAD_FUNC_ARG;
}
@@ -4791,6 +4809,33 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (aes->devId != INVALID_DEVID) {
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen);
if (ret == 0) {
/* Callback succeeded - SE owns the key */
aes->keylen = (int)keylen;
if (iv != NULL)
XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
else
XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
return 0;
}
else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
aes->devCtx = NULL;
return ret;
}
/* CRYPTOCB_UNAVAILABLE: continue to software setup */
#endif
/* Standard CryptoCB path - copy key to devKey */
if (keylen > sizeof(aes->devKey)) {
return BAD_FUNC_ARG;
}
XMEMCPY(aes->devKey, userKey, keylen);
}
#endif
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if (wc_MAXQ10XX_AesSetKey(aes, userKey, keylen) != 0) {
return WC_HW_E;
@@ -7454,46 +7499,55 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
}
#else
#if !defined(FREESCALE_LTC_AES_GCM) && !defined(WOLFSSL_PSOC6_CRYPTO)
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
if ((ret == 0) && (aes->devId != INVALID_DEVID && aes->devCtx != NULL)) {
/* SE owns key - skip H and M table generation */
}
else
#endif
if (ret == 0) {
VECTOR_REGISTERS_PUSH;
/* AES-NI code generates its own H value, but generate it here too, to
* assure pure-C fallback is always usable.
*/
/* Generate H = AES_Encrypt(key, 0^128) */
ret = wc_AesEncrypt(aes, iv, aes->gcm.H);
if (ret == 0) {
#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT)
if (aes->use_aesni) {
#if defined(WC_C_DYNAMIC_FALLBACK)
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_AVX2(intel_flags)) {
GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0);
GCM_generate_m0_avx2(aes->gcm.H,
(byte*)aes->gcm.M0);
}
else
#endif
#if defined(HAVE_INTEL_AVX1)
if (IS_INTEL_AVX1(intel_flags)) {
GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0);
GCM_generate_m0_avx1(aes->gcm.H,
(byte*)aes->gcm.M0);
}
else
#endif
{
GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0);
GCM_generate_m0_aesni(aes->gcm.H,
(byte*)aes->gcm.M0);
}
#endif
#endif /* WC_C_DYNAMIC_FALLBACK */
}
else
#endif
#endif /* AESNI */
{
GenerateM0(&aes->gcm);
}
#endif /* GCM_TABLE || GCM_TABLE_4BIT */
#endif /* GCM_TABLE || GCM_TABLE_4BIT */
}
VECTOR_REGISTERS_POP;
}
#endif /* !FREESCALE_LTC_AES_GCM && !WOLFSSL_PSOC6_CRYPTO */
#endif
@@ -7503,7 +7557,15 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
#ifdef WOLF_CRYPTO_CB
if (aes->devId != INVALID_DEVID) {
XMEMCPY(aes->devKey, key, len);
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
if (aes->devCtx != NULL) {
/* SE owns key - don't copy to devKey */
}
else
#endif
{
XMEMCPY(aes->devKey, key, len);
}
}
#endif
@@ -13302,6 +13364,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
aes->devId = devId;
aes->devCtx = NULL;
#else
(void)devId;
#endif
@@ -13383,10 +13446,6 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
/* Free Aes resources */
void wc_AesFree(Aes* aes)
{
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
int ret = 0;
#endif
if (aes == NULL) {
return;
}
@@ -13396,19 +13455,17 @@ void wc_AesFree(Aes* aes)
if (aes->devId != INVALID_DEVID)
#endif
{
ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
WC_CIPHER_AES, (void*)aes);
/* If they want the standard free, they can call it themselves */
/* via their callback setting devId to INVALID_DEVID */
/* otherwise assume the callback handled it */
int ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
WC_CIPHER_AES, aes);
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
aes->devCtx = NULL; /* Clear device context handle */
#endif
/* If callback wants standard free, it can set devId to INVALID_DEVID.
* Otherwise assume the callback handled cleanup. */
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return;
/* fall-through when unavailable */
}
/* silence compiler warning */
(void)ret;
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_FREE */
#ifdef WC_DEBUG_CIPHER_LIFECYCLE
+65 -23
View File
@@ -13839,7 +13839,18 @@ static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx,
ret = ASN_PARSE_E;
#endif
}
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
cert->sigCtx.CertAtt.pubkey_n_start =
cert->sigCtx.CertAtt.pubkey_e_start =
GetASNItem_DataIdx(
dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source) + 1;
cert->sigCtx.CertAtt.pubkey_n_len =
((dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.length - 1) >> 1);
cert->sigCtx.CertAtt.pubkey_e_start +=
cert->sigCtx.CertAtt.pubkey_n_len;
cert->sigCtx.CertAtt.pubkey_e_len =
cert->sigCtx.CertAtt.pubkey_n_len;
#endif
#ifdef WOLFSSL_MAXQ10XX_TLS
cert->publicKeyIndex =
GetASNItem_DataIdx(dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source)
@@ -21195,6 +21206,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
int length = 0;
byte b = 0;
word32 oid;
int aiaIdx;
WOLFSSL_ENTER("DecodeAuthInfo");
@@ -21219,14 +21231,29 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
if (GetLength(input, &idx, &length, sz) < 0)
return ASN_PARSE_E;
/* Set ocsp entry */
if (b == GENERALNAME_URI) {
/* Add to AIA list if space. */
aiaIdx = cert->extAuthInfoListSz;
if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) {
cert->extAuthInfoList[aiaIdx].method = oid;
cert->extAuthInfoList[aiaIdx].uri = input + idx;
cert->extAuthInfoList[aiaIdx].uriSz = (word32)length;
cert->extAuthInfoListSz++;
}
else {
cert->extAuthInfoListOverflow = 1;
WOLFSSL_MSG("AIA list overflow");
}
}
/* Set first ocsp entry */
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
cert->extAuthInfo == NULL) {
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
}
#ifdef WOLFSSL_ASN_CA_ISSUER
/* Set CaIssuers entry */
/* Set first CaIssuers entry */
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
cert->extAuthInfoCaIssuer == NULL)
{
@@ -21242,6 +21269,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
word32 idx = 0;
int length = 0;
int ret = 0;
int aiaIdx;
WOLFSSL_ENTER("DecodeAuthInfo");
@@ -21263,27 +21291,41 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
if (ret == 0) {
word32 sz32;
/* Check we have OCSP and URI. */
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfo == NULL)) {
/* Store URI for OCSP lookup. */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfo, &sz32);
cert->extAuthInfoSz = (int)sz32;
if (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) {
const byte* uri = NULL;
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &uri, &sz32);
/* Add to AIA list if space. */
aiaIdx = cert->extAuthInfoListSz;
if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) {
cert->extAuthInfoList[aiaIdx].method =
dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum;
cert->extAuthInfoList[aiaIdx].uri = uri;
cert->extAuthInfoList[aiaIdx].uriSz = sz32;
cert->extAuthInfoListSz++;
}
else {
cert->extAuthInfoListOverflow = 1;
WOLFSSL_MSG("AIA list overflow");
}
/* Set first OCSP entry. */
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
AIA_OCSP_OID) && (cert->extAuthInfo == NULL)) {
cert->extAuthInfo = uri;
cert->extAuthInfoSz = (int)sz32;
}
#ifdef WOLFSSL_ASN_CA_ISSUER
/* Set first CA Issuer entry. */
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
AIA_CA_ISSUER_OID) &&
(cert->extAuthInfoCaIssuer == NULL)) {
cert->extAuthInfoCaIssuer = uri;
cert->extAuthInfoCaIssuerSz = (int)sz32;
}
#endif
}
#ifdef WOLFSSL_ASN_CA_ISSUER
/* Check we have CA Issuer and URI. */
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
AIA_CA_ISSUER_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfoCaIssuer == NULL)) {
/* Set CaIssuers entry */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfoCaIssuer, &sz32);
cert->extAuthInfoCaIssuerSz = (int)sz32;
}
#endif
/* Otherwise skip. */
}
}
+4
View File
@@ -113,7 +113,11 @@
static WC_INLINE void cpuid_set_flags(void)
{
#ifdef WOLFSSL_BSDKM
if (WOLFSSL_ATOMIC_LOAD_UINT(cpuid_flags) == WC_CPUID_INITIALIZER) {
#else
if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
#endif
cpuid_flags_t new_cpuid_flags = 0,
old_cpuid_flags = WC_CPUID_INITIALIZER;
if (cpuid_flag(1, 0, ECX, 28)) { new_cpuid_flags |= CPUID_AVX1 ; }
+30
View File
@@ -1537,6 +1537,36 @@ int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_AES_ECB */
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz)
{
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
CryptoCb* dev;
if (aes == NULL || key == NULL)
return BAD_FUNC_ARG;
if (aes->devId == INVALID_DEVID)
return CRYPTOCB_UNAVAILABLE;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER);
if (dev && dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER;
cryptoInfo.cipher.type = WC_CIPHER_AES;
cryptoInfo.cipher.aessetkey.aes = aes;
cryptoInfo.cipher.aessetkey.key = key;
cryptoInfo.cipher.aessetkey.keySz = keySz;
ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
}
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* WOLF_CRYPTO_CB_AES_SETKEY */
#endif /* !NO_AES */
#ifndef NO_DES3
+4 -4
View File
@@ -13214,7 +13214,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
err = add_entry(idx1, A);
}
}
if (err == MP_OKAY && idx1 != -1) {
if (err == MP_OKAY && idx1 != -1 && fp_cache[idx1].lru_count < (INT_MAX-1)) {
/* increment LRU */
++(fp_cache[idx1].lru_count);
}
@@ -13231,7 +13231,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
}
}
if (err == MP_OKAY && idx2 != -1) {
if (err == MP_OKAY && idx2 != -1 && fp_cache[idx2].lru_count < (INT_MAX-1)) {
/* increment LRU */
++(fp_cache[idx2].lru_count);
}
@@ -13368,7 +13368,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
if (idx >= 0)
err = add_entry(idx, G);
}
if (err == MP_OKAY && idx >= 0) {
if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) {
/* increment LRU */
++(fp_cache[idx].lru_count);
}
@@ -13539,7 +13539,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
if (idx >= 0)
err = add_entry(idx, G);
}
if (err == MP_OKAY && idx >= 0) {
if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) {
/* increment LRU */
++(fp_cache[idx].lru_count);
}
File diff suppressed because it is too large Load Diff
+1
View File
@@ -12,6 +12,7 @@ MAINTAINERCLEANFILES+= $(ASYNC_FILES)
EXTRA_DIST += wolfcrypt/src/misc.c
EXTRA_DIST += wolfcrypt/src/evp.c
EXTRA_DIST += wolfcrypt/src/evp_pk.c
EXTRA_DIST += wolfcrypt/src/asm.c
EXTRA_DIST += wolfcrypt/src/aes_asm.asm
EXTRA_DIST += wolfcrypt/src/aes_gcm_asm.asm
+3 -2
View File
@@ -896,8 +896,7 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
block[i] = 0;
}
XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz);
block[WC_SRTP_MAX_SALT] = 0;
/* block[15] is counter. */
/* block[14-15] are counter. */
/* When kdrIdx is -1, don't XOR in index. */
if (kdrIdx >= 0) {
@@ -947,6 +946,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label;
for (i = 0; (ret == 0) && (i < blocks); i++) {
/* Set counter. */
block[14] = (byte)(i >> 8);
block[15] = (byte)i;
/* Encrypt block into key buffer. */
ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE);
@@ -959,6 +959,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label,
if ((ret == 0) && (keySz > 0)) {
byte enc[WC_AES_BLOCK_SIZE];
/* Set counter. */
block[14] = (byte)(i >> 8);
block[15] = (byte)i;
/* Encrypt block into temporary. */
ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE);
+66
View File
@@ -1794,6 +1794,16 @@ static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey)
}
#endif
}
#ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
else if (pkcs7->rsaSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) {
/* When using raw sign callback (e.g., HSM/secure element), private
* key may not be available. Use public key from signer certificate
* for signature size calculation. */
idx = 0;
ret = wc_RsaPublicKeyDecode(pkcs7->publicKey, &idx, privKey,
pkcs7->publicKeySz);
}
#endif
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
@@ -1874,6 +1884,16 @@ static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey)
}
#endif
}
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
else if (pkcs7->eccSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) {
/* When using raw sign callback (e.g., HSM/secure element), private
* key may not be available. Use public key from signer certificate
* for signature size calculation. */
idx = 0;
ret = wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, privKey,
pkcs7->publicKeySz);
}
#endif
else if (pkcs7->devId == INVALID_DEVID) {
ret = BAD_FUNC_ARG;
}
@@ -2398,6 +2418,28 @@ static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7,
#ifdef HAVE_ECC
case ECDSAk:
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
if (pkcs7->eccSignRawDigestCb != NULL) {
/* get hash OID */
int eccHashOID = wc_HashGetOID(esd->hashType);
if (eccHashOID < 0) {
ret = eccHashOID;
break;
}
/* user signing plain digest */
ret = pkcs7->eccSignRawDigestCb(pkcs7,
esd->contentAttribsDigest, hashSz,
esd->encContentDigest, sizeof(esd->encContentDigest),
pkcs7->privateKey, pkcs7->privateKeySz, pkcs7->devId,
eccHashOID);
/* validate return value doesn't exceed buffer size */
if (ret > 0 && (word32)ret > sizeof(esd->encContentDigest)) {
ret = BUFFER_E;
}
break;
}
#endif
/* CMS with ECDSA does not sign DigestInfo structure
* like PKCS#7 with RSA does */
ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest,
@@ -3986,6 +4028,30 @@ int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
}
#endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK
/* register raw ECC sign digest callback */
int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7, CallbackEccSignRawDigest cb)
{
if (pkcs7 == NULL || cb == NULL) {
return BAD_FUNC_ARG;
}
pkcs7->eccSignRawDigestCb = cb;
return 0;
}
#endif
#endif /* HAVE_ECC */
#ifndef NO_RSA
/* returns size of signature put into out, negative on error */
static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
byte* hash, word32 hashSz)
+1 -1
View File
@@ -1147,7 +1147,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
rng->drbg_scratch = NULL;
#endif
}
/* else swc_RNG_HealthTestLocal was successful */
/* else wc_RNG_HealthTestLocal was successful */
if (ret == DRBG_SUCCESS) {
#ifdef WOLFSSL_CHECK_MEM_ZERO
+434 -136
View File
@@ -68,10 +68,6 @@
#endif
/* Maximum length of the EC parameter string. */
#define MAX_EC_PARAM_LEN 16
#if defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH)
/* Pointer to false required for templates. */
static CK_BBOOL ckFalse = CK_FALSE;
@@ -110,7 +106,9 @@ typedef struct CK_AES_CTR_PARAMS {
} CK_AES_CTR_PARAMS;
#endif
#if !defined(NO_CERTS)
static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
#endif
#ifdef WOLFSSL_DEBUG_PKCS11
/* Enable logging of PKCS#11 calls and return value. */
@@ -120,6 +118,9 @@ static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
/* Enable logging of PKCS#11 template. */
#define PKCS11_DUMP_TEMPLATE(name, templ, cnt) \
pkcs11_dump_template(name, templ, cnt)
/* Enable logging of PKCS#11 mechanism info. */
#define PKCS11_DUMP_MECHANSIM(name, mechanism) \
pkcs11_dump_mechanism(name, mechanism)
/* Formats of template items - used to instruct how to log information. */
enum PKCS11_TYPE_FORMATS {
@@ -141,7 +142,7 @@ static struct PKCS11_TYPE_STR {
int format;
} typeStr[] = {
{ CKA_CLASS, "CKA_CLASS", PKCS11_FMT_CLASS },
{ CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_POINTER },
{ CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_BOOLEAN },
{ CKA_PRIVATE, "CKA_PRIVATE", PKCS11_FMT_BOOLEAN },
{ CKA_LABEL, "CKA_LABEL", PKCS11_FMT_STRING },
{ CKA_VALUE, "CKA_VALUE", PKCS11_FMT_DATA },
@@ -327,6 +328,11 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
WOLFSSL_MSG(line);
break;
case PKCS11_FMT_DATA:
if (templ[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
XSNPRINTF(line, sizeof(line), "%25s: unavailable", type);
WOLFSSL_MSG(line);
break;
}
XSNPRINTF(line, sizeof(line), "%25s: %ld", type,
templ[i].ulValueLen);
WOLFSSL_MSG(line);
@@ -340,7 +346,7 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
char hex[6];
XSNPRINTF(hex, sizeof(hex), "0x%02x,",
((byte*)templ[i].pValue)[j]);
XSTRNCAT(line, hex, 5);
XSTRNCAT(line, hex, sizeof(line) - XSTRLEN(line) - 1);
if ((j % 8) == 7) {
WOLFSSL_MSG(line);
XSNPRINTF(line, sizeof(line), "%27s", "");
@@ -365,6 +371,64 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
}
}
/* Information for logging a mechanism */
static struct PKCS11_MECHANISM_STR {
/** Mechanism. */
CK_MECHANISM_TYPE mech;
/** String to log corresponding mechanism. */
const char* str;
} mechStr[] = {
{ CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN" },
{ CKM_RSA_X_509, "CKM_RSA_X_509" },
{ CKM_DH_PKCS_KEY_PAIR_GEN, "CKM_DH_PKCS_KEY_PAIR_GEN" },
{ CKM_DH_PKCS_DERIVE, "CKM_DH_PKCS_DERIVE" },
{ CKM_MD5_HMAC, "CKM_MD5_HMAC" },
{ CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC" },
{ CKM_SHA256_HMAC, "CKM_SHA256_HMAC" },
{ CKM_SHA224_HMAC, "CKM_SHA224_HMAC" },
{ CKM_SHA384_HMAC, "CKM_SHA384_HMAC" },
{ CKM_SHA512_HMAC, "CKM_SHA512_HMAC" },
{ CKM_GENERIC_SECRET_KEY_GEN, "CKM_GENERIC_SECRET_KEY_GEN" },
{ CKM_EC_KEY_PAIR_GEN, "CKM_EC_KEY_PAIR_GEN" },
{ CKM_ECDSA, "CKM_ECDSA" },
{ CKM_ECDH1_DERIVE, "CKM_ECDH1_DERIVE" },
{ CKM_ECDH1_COFACTOR_DERIVE, "CKM_ECDH1_COFACTOR_DERIVE" },
{ CKM_AES_KEY_GEN, "CKM_AES_KEY_GEN" },
{ CKM_AES_CBC, "CKM_AES_CBC" },
{ CKM_AES_GCM, "CKM_AES_GCM" },
};
/* Count of known mechanism for logging. */
#define PKCS11_MECH_STR_CNT ((int)(sizeof(mechStr) / sizeof(*mechStr)))
/*
* Dump/log the PKCS #11 mechanism.
*
* This is only for debugging purposes. Only the values needed are recognised.
*
* @param [in] op PKCS #11 operation that was attempted.
* @param [in] mech PKCS #11 mechanism to dump.
*/
static void pkcs11_dump_mechanism(const char* op, CK_MECHANISM_TYPE mech)
{
char line[80];
const char *mechName = NULL;
int i;
for (i = 0; i < PKCS11_MECH_STR_CNT; i++) {
if (mech == mechStr[i].mech) {
mechName = mechStr[i].str;
break;
}
}
if (i == PKCS11_TYPE_STR_CNT) {
mechName = "UNKNOWN";
}
XSNPRINTF(line, 80, "%s: %s", op, mechName);
WOLFSSL_MSG(line);
}
/*
* Log a PKCS #11 return value with the name of function called.
*
@@ -416,6 +480,8 @@ static void pkcs11_val(const char* op, CK_ULONG val)
#define PKCS11_VAL(op, val) WC_DO_NOTHING
/* Disable logging of PKCS#11 template. */
#define PKCS11_DUMP_TEMPLATE(name, templ, cnt) WC_DO_NOTHING
/* Disable logging of PKCS#11 mechanism info. */
#define PKCS11_DUMP_MECHANSIM(name, mechanism) WC_DO_NOTHING
#endif
/**
@@ -432,7 +498,7 @@ static void pkcs11_val(const char* op, CK_ULONG val)
*/
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
{
return wc_Pkcs11_Initialize_ex(dev, library, heap, NULL);
return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, NULL);
}
/**
@@ -451,52 +517,270 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
*/
int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap,
CK_RV* rvp)
{
return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, rvp);
}
/**
* Load library, get function list and initialize PKCS#11.
*
* @param [in] dev Device object.
* @param [in] library Library name including path.
* @param [in] heap Heap hint.
* @param [in,out] version On in, desired version of interface.
* On out, actual obtained version of interface.
* @param [in] interfaceName Name of the interface to use.
* @param [out] rvp PKCS#11 return value. Last return value seen.
* May be NULL.
* @return BAD_FUNC_ARG when dev or library are NULL pointers.
* @return BAD_PATH_ERROR when dynamic library cannot be opened.
* @return WC_INIT_E when the initialization PKCS#11 fails.
* @return WC_HW_E when unable to get PKCS#11 function list.
* @return 0 on success.
*/
int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library,
void* heap, int* version, const char* interfaceName, CK_RV* rvp)
{
int ret = 0;
CK_RV rv = CKR_OK;
#ifndef HAVE_PKCS11_STATIC
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
void* func;
#endif
CK_C_INITIALIZE_ARGS args;
CK_VERSION_PTR version_ptr = NULL;
if (dev == NULL || library == NULL)
if (dev == NULL)
ret = BAD_FUNC_ARG;
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
if (library == NULL)
ret = BAD_FUNC_ARG;
#endif
if (ret == 0) {
dev->heap = heap;
#ifndef HAVE_PKCS11_STATIC
#if defined(HAVE_PKCS11_V3_STATIC)
CK_INTERFACE_PTR interface = NULL;
CK_VERSION pkcs11_version = {0, 0};
if (version != NULL) {
if (*version == WC_PCKS11VERSION_2_20) {
pkcs11_version.major = 2;
pkcs11_version.minor = 20;
}
else if (*version == WC_PCKS11VERSION_2_20) {
pkcs11_version.major = 2;
pkcs11_version.minor = 40;
}
else if (*version == WC_PCKS11VERSION_3_0) {
pkcs11_version.major = 3;
pkcs11_version.minor = 0;
}
else if (*version == WC_PCKS11VERSION_3_1) {
pkcs11_version.major = 3;
pkcs11_version.minor = 1;
}
else if (*version == WC_PCKS11VERSION_3_2) {
pkcs11_version.major = 3;
pkcs11_version.minor = 2;
}
version_ptr = &pkcs11_version;
}
else {
version_ptr = NULL;
}
rv = C_GetInterface((CK_UTF8CHAR_PTR) interfaceName, version_ptr,
&interface, 0);
if (rv == CKR_OK) {
dev->func = interface->pFunctionList;
version_ptr = (CK_VERSION_PTR) interface->pFunctionList;
if (version_ptr->major == 2 && version_ptr->minor == 20) {
dev->version = WC_PCKS11VERSION_2_20;
}
else if (version_ptr->major == 2 &&
version_ptr->minor == 40) {
dev->version = WC_PCKS11VERSION_2_40;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 0) {
dev->version = WC_PCKS11VERSION_3_0;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 1) {
dev->version = WC_PCKS11VERSION_3_1;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 2) {
dev->version = WC_PCKS11VERSION_3_2;
}
else {
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
version_ptr->major, version_ptr->minor);
ret = WC_HW_E;
}
}
else {
PKCS11_RV("CK_C_GetInterface", rv);
ret = WC_HW_E;
}
#elif defined(HAVE_PKCS11_STATIC)
rv = C_GetFunctionList(&dev->func);
if (rv == CKR_OK) {
version_ptr = (CK_VERSION_PTR) dev->func;
if (version_ptr->major == 2 &&
version_ptr->minor == 20) {
dev->version = WC_PCKS11VERSION_2_20;
}
else if (version_ptr->major == 2 &&
version_ptr->minor == 40) {
dev->version = WC_PCKS11VERSION_2_40;
}
else {
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
version_ptr->major,
version_ptr->minor);
ret = WC_HW_E;
}
}
else {
PKCS11_RV("CK_C_GetFunctionList", rv);
ret = WC_HW_E;
}
#else
/* Load dynamic library */
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dev->dlHandle == NULL) {
WOLFSSL_MSG(dlerror());
ret = BAD_PATH_ERROR;
}
if (ret == 0) {
/* Check if the library supports PKCS#11 version 3.0 (or above) by
* looking for the C_GetInterface method (only present for >= V3.0).
*/
func = dlsym(dev->dlHandle, "C_GetInterface");
if (func != NULL) {
/* Function is present, use it */
CK_INTERFACE_PTR interface = NULL;
CK_VERSION pkcs11_version = {0, 0};
if (version != NULL) {
if (*version == WC_PCKS11VERSION_2_20) {
pkcs11_version.major = 2;
pkcs11_version.minor = 20;
}
else if (*version == WC_PCKS11VERSION_2_40) {
pkcs11_version.major = 2;
pkcs11_version.minor = 40;
}
else if (*version == WC_PCKS11VERSION_3_0) {
pkcs11_version.major = 3;
pkcs11_version.minor = 0;
}
else if (*version == WC_PCKS11VERSION_3_1) {
pkcs11_version.major = 3;
pkcs11_version.minor = 1;
}
else if (*version == WC_PCKS11VERSION_3_2) {
pkcs11_version.major = 3;
pkcs11_version.minor = 2;
}
version_ptr = &pkcs11_version;
}
else {
version_ptr = NULL;
}
rv = ((CK_C_GetInterface)func)((CK_UTF8CHAR_PTR) interfaceName,
version_ptr, &interface, 0);
if (rv == CKR_OK) {
dev->func = interface->pFunctionList;
version_ptr = (CK_VERSION_PTR) interface->pFunctionList;
if (version_ptr->major == 2 && version_ptr->minor == 20) {
dev->version = WC_PCKS11VERSION_2_20;
}
else if (version_ptr->major == 2 &&
version_ptr->minor == 40) {
dev->version = WC_PCKS11VERSION_2_40;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 0) {
dev->version = WC_PCKS11VERSION_3_0;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 1) {
dev->version = WC_PCKS11VERSION_3_1;
}
else if (version_ptr->major == 3 &&
version_ptr->minor == 2) {
dev->version = WC_PCKS11VERSION_3_2;
}
else {
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
version_ptr->major, version_ptr->minor);
ret = WC_HW_E;
}
}
else {
PKCS11_RV("CK_C_GetInterface", rv);
ret = WC_HW_E;
}
}
else {
/* Function not present, try a 2.x library by looking for
* C_GetFunctionList. */
func = dlsym(dev->dlHandle, "C_GetFunctionList");
if (func == NULL) {
#if defined(_WIN32)
WOLFSSL_MSG_EX("GetProcAddress(): %d", GetLastError());
#else
WOLFSSL_MSG(dlerror());
#endif
ret = WC_HW_E;
}
if (ret == 0) {
rv = ((CK_C_GetFunctionList)func)(&dev->func);
if (rv == CKR_OK) {
version_ptr = (CK_VERSION_PTR) dev->func;
if (version_ptr->major == 2 &&
version_ptr->minor == 20) {
dev->version = WC_PCKS11VERSION_2_20;
}
else if (version_ptr->major == 2 &&
version_ptr->minor == 40) {
dev->version = WC_PCKS11VERSION_2_40;
}
else {
WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d",
version_ptr->major,
version_ptr->minor);
ret = WC_HW_E;
}
}
else {
PKCS11_RV("CK_C_GetFunctionList", rv);
ret = WC_HW_E;
}
}
}
}
#endif
}
if (ret == 0) {
dev->func = NULL;
func = dlsym(dev->dlHandle, "C_GetFunctionList");
if (func == NULL) {
WOLFSSL_MSG(dlerror());
ret = WC_HW_E;
}
}
if (ret == 0) {
rv = ((CK_C_GetFunctionList)func)(&dev->func);
#else
rv = C_GetFunctionList(&dev->func);
#endif
if (rv != CKR_OK) {
PKCS11_RV("CK_C_GetFunctionList", ret);
ret = WC_HW_E;
}
}
if (ret == 0 && version != NULL)
*version = dev->version;
if (ret == 0) {
XMEMSET(&args, 0x00, sizeof(args));
args.flags = CKF_OS_LOCKING_OK;
rv = dev->func->C_Initialize(&args);
if (rv != CKR_OK) {
PKCS11_RV("C_Initialize", ret);
if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
WOLFSSL_MSG("PKCS#11 already initialized");
rv = CKR_OK;
}
else if (rv != CKR_OK) {
PKCS11_RV("C_Initialize", rv);
ret = WC_INIT_E;
}
}
@@ -520,7 +804,7 @@ int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap,
void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
{
if (dev != NULL
#ifndef HAVE_PKCS11_STATIC
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
&& dev->dlHandle != NULL
#endif
) {
@@ -528,7 +812,7 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
dev->func->C_Finalize(NULL);
dev->func = NULL;
}
#ifndef HAVE_PKCS11_STATIC
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
dlclose(dev->dlHandle);
dev->dlHandle = NULL;
#endif
@@ -633,6 +917,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
token->userPin = NULL_PTR;
token->userPinSz = 0;
token->userPinLogin = 0;
token->version = dev->version;
}
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -809,6 +1094,7 @@ static int Pkcs11OpenSession(Pkcs11Token* token, Pkcs11Session* session,
if (ret == 0) {
session->func = token->func;
session->slotId = token->slotId;
session->version = token->version;
}
return ret;
@@ -1060,13 +1346,24 @@ static int Pkcs11EccSetParams(ecc_key* key, CK_ATTRIBUTE* tmpl, int idx)
{
int ret = 0;
if (key->dp != NULL && key->dp->oid != NULL) {
if (key != NULL && key->dp != NULL && key->dp->oid != NULL) {
unsigned char* derParams = tmpl[idx].pValue;
#if defined(HAVE_OID_ENCODING)
word32 oidSz = ECC_MAX_OID_LEN - 2;
ret = wc_EncodeObjectId(key->dp->oid, key->dp->oidSz, derParams+2, &oidSz);
if (ret != 0) {
return ret;
}
tmpl[idx].ulValueLen = oidSz + 2;
derParams[0] = ASN_OBJECT_ID;
derParams[1] = oidSz;
#else
/* ASN.1 encoding: OBJ + ecc parameters OID */
tmpl[idx].ulValueLen = key->dp->oidSz + 2;
derParams[0] = ASN_OBJECT_ID;
derParams[1] = key->dp->oidSz;
XMEMCPY(derParams + 2, key->dp->oid, key->dp->oidSz);
#endif
}
else
ret = NOT_COMPILED_IN;
@@ -1096,7 +1393,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey,
unsigned char* ecPoint = NULL;
word32 len;
CK_RV rv;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
@@ -1180,7 +1477,7 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
{
int ret = 0;
CK_RV rv;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
@@ -1209,16 +1506,30 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
ret = Pkcs11EccSetParams(private_key, keyTemplate, 3);
if (ret == 0) {
keyTemplate[4].pValue = wc_ecc_key_get_priv(private_key)->raw.buf;
keyTemplate[4].ulValueLen = wc_ecc_key_get_priv(private_key)->raw.len;
PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt);
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, privateKey);
PKCS11_RV("C_CreateObject", rv);
if (rv != CKR_OK) {
ret = WC_HW_E;
word32 privLen = private_key->dp->size;
byte* priv = (byte*)XMALLOC(privLen, private_key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
ret = MEMORY_E;
}
if (ret == 0) {
PRIVATE_KEY_LOCK();
ret = wc_ecc_export_private_only(private_key, priv, &privLen);
PRIVATE_KEY_UNLOCK();
}
if (ret == 0) {
keyTemplate[4].pValue = priv;
keyTemplate[4].ulValueLen = privLen;
PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt);
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, privateKey);
PKCS11_RV("C_CreateObject", rv);
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
XFREE(priv, private_key->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
@@ -1230,22 +1541,28 @@ static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
/**
* Check if mechanism is available in session on token.
*
* @param [in] session Session object.
* @param [in] mech Mechanism to look for.
* @param [in] session Session object.
* @param [in] mech Mechanism to look for.
* @param [out] mechInfoPtr Mechanism info return data (optional).
* @return NOT_COMPILED_IN when mechanism not available.
* @return 0 when mechanism is available.
*/
static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech)
static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech,
CK_MECHANISM_INFO_PTR mechInfoPtr)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM_INFO mechInfo;
PKCS11_DUMP_MECHANSIM("PKCS#11: Check if mechanism is available", mech);
rv = session->func->C_GetMechanismInfo(session->slotId, mech, &mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK) {
ret = NOT_COMPILED_IN;
}
if (mechInfoPtr != NULL) {
*mechInfoPtr = mechInfo;
}
return ret;
}
@@ -1335,7 +1652,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
case PKCS11_KEY_TYPE_AES_GCM: {
Aes* aes = (Aes*)key;
ret = Pkcs11MechAvail(&session, CKM_AES_GCM);
ret = Pkcs11MechAvail(&session, CKM_AES_GCM, NULL);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
(unsigned char*)aes->devKey,
@@ -1353,7 +1670,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
case PKCS11_KEY_TYPE_AES_CBC: {
Aes* aes = (Aes*)key;
ret = Pkcs11MechAvail(&session, CKM_AES_CBC);
ret = Pkcs11MechAvail(&session, CKM_AES_CBC, NULL);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
(unsigned char*)aes->devKey,
@@ -1378,7 +1695,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
break;
if (ret == 0)
ret = Pkcs11MechAvail(&session, mechType);
ret = Pkcs11MechAvail(&session, mechType, NULL);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, keyType,
(unsigned char*)hmac->keyRaw,
@@ -1403,7 +1720,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
case PKCS11_KEY_TYPE_RSA: {
RsaKey* rsaKey = (RsaKey*)key;
ret = Pkcs11MechAvail(&session, CKM_RSA_X_509);
ret = Pkcs11MechAvail(&session, CKM_RSA_X_509, NULL);
if (ret == 0)
ret = Pkcs11CreateRsaPrivateKey(&privKey, &session, rsaKey,
1);
@@ -1426,7 +1743,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
#ifndef NO_PKCS11_ECDH
if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
/* Try ECDH mechanism first. */
ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE);
ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE, NULL);
if (ret == 0) {
ret = Pkcs11CreateEccPrivateKey(&privKey, &session,
eccKey, CKA_DERIVE);
@@ -1435,7 +1752,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
#endif
if (ret == 0 || ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
/* Try ECDSA mechanism next. */
ret2 = Pkcs11MechAvail(&session, CKM_ECDSA);
ret2 = Pkcs11MechAvail(&session, CKM_ECDSA, NULL);
if (ret2 == 0) {
ret2 = Pkcs11CreateEccPrivateKey(&privKey, &session,
eccKey, CKA_SIGN);
@@ -2188,7 +2505,6 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM_INFO mechInfo;
CK_MECHANISM_TYPE mechanism = 0x0UL;
int sessionKey = 0;
@@ -2214,12 +2530,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
}
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, mechanism,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK) {
ret = NOT_COMPILED_IN;
}
ret = Pkcs11MechAvail(session, mechanism, &mechInfo);
if (ret == 0) {
if ((type == RSA_PUBLIC_ENCRYPT) || (type == RSA_PUBLIC_DECRYPT)) {
@@ -2318,7 +2629,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
int privTmplCnt = 2;
int i;
ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN);
ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: RSA Key Generation Operation");
@@ -2394,9 +2705,8 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
int i;
unsigned char* ecPoint = NULL;
word32 len = 0;
CK_RV rv;
CK_ULONG count;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) },
@@ -2433,26 +2743,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
attrCnt++;
}
if (ret == 0) {
PKCS11_DUMP_TEMPLATE("Find Ec Key", keyTemplate, attrCnt);
rv = session->func->C_FindObjectsInit(session->handle, keyTemplate,
attrCnt);
PKCS11_RV("C_FindObjectsInit", rv);
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
rv = session->func->C_FindObjects(session->handle, key, 1, &count);
PKCS11_RV("C_FindObjects", rv);
PKCS11_VAL("C_FindObjects Count", count);
if (rv != CKR_OK) {
ret = WC_HW_E;
}
rv = session->func->C_FindObjectsFinal(session->handle);
PKCS11_RV("C_FindObjectsFinal", rv);
if (rv != CKR_OK) {
ret = WC_HW_E;
}
ret = Pkcs11FindKeyByTemplate(key, session, keyTemplate, attrCnt, &count);
}
XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
@@ -2560,7 +2851,7 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
CK_RV rv;
CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR;
CK_MECHANISM mech;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_UTF8CHAR params[ECC_MAX_OID_LEN];
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_EC_PARAMS, params, 0 },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
@@ -2584,7 +2875,7 @@ static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
/* Mandatory entries + 2 optional. */
int privTmplCnt = 1;
ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN);
ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN, NULL);
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Key Generation Operation");
@@ -2670,7 +2961,9 @@ static int Pkcs11ExtractSecret(Pkcs11Session* session, CK_OBJECT_HANDLE secret,
}
PKCS11_DUMP_TEMPLATE("Secret Length", tmpl, tmplCnt);
if (ret == 0) {
if (tmpl[0].ulValueLen > *outLen)
if (tmpl[0].ulValueLen == CK_UNAVAILABLE_INFORMATION)
ret = WC_HW_E;
else if (tmpl[0].ulValueLen > *outLen)
ret = BUFFER_E;
}
if (ret == 0) {
@@ -2720,7 +3013,7 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
};
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE);
ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE, NULL);
if (ret == 0 && info->pk.ecdh.outlen == NULL) {
ret = BAD_FUNC_ARG;
}
@@ -3008,12 +3301,10 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
CK_OBJECT_HANDLE privateKey = NULL_PTR;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0 && info->pk.eccsign.outlen == NULL) {
ret = BAD_FUNC_ARG;
}
@@ -3105,20 +3396,20 @@ static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
int sessionKey = 0;
CK_RV rv;
CK_MECHANISM mech;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE publicKey = NULL_PTR;
unsigned char* sig = NULL;
word32 sz = info->pk.eccverify.key->dp->size;
ecc_key* key = info->pk.eccverify.key;
word32 sz = key->dp->size;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_VERIFY) == 0)
ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_VERIFY) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0 && info->pk.eccverify.res == NULL) {
ret = BAD_FUNC_ARG;
}
@@ -3126,12 +3417,32 @@ static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Verification Operation");
ret = Pkcs11CreateEccPublicKey(&publicKey, session,
info->pk.eccverify.key, CKA_VERIFY);
if (key->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&publicKey, CKO_PUBLIC_KEY, CKK_EC,
session, key->label, key->labelLen);
if (ret == 0 && key->dp == NULL) {
ret = Pkcs11GetEccParams(session, publicKey, key);
}
}
else if (key->idLen > 0) {
ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_EC,
session, key->id, key->idLen);
if (ret == 0 && key->dp == NULL) {
ret = Pkcs11GetEccParams(session, publicKey, key);
}
}
else if (!mp_iszero(key->pubkey.x)) {
ret = Pkcs11CreateEccPublicKey(&publicKey, session, key,
CKA_VERIFY);
sessionKey = 1;
}
else
ret = Pkcs11FindEccKey(&publicKey, CKO_PUBLIC_KEY, session,
info->pk.eccsign.key, CKA_VERIFY);
}
if (ret == 0) {
sig = (unsigned char *)XMALLOC(sz * 2, info->pk.eccverify.key->heap,
sig = (unsigned char *)XMALLOC(sz * 2, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL)
ret = MEMORY_E;
@@ -3168,7 +3479,7 @@ static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
*info->pk.eccverify.res = 1;
}
if (publicKey != NULL_PTR)
if (sessionKey && publicKey != NULL_PTR)
session->func->C_DestroyObject(session->handle, publicKey);
if (sig != NULL)
@@ -3429,12 +3740,10 @@ static int Pkcs11AesGcmEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-GCM Encryption Operation");
@@ -3524,12 +3833,10 @@ static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
word32 len;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-GCM Decryption Operation");
@@ -3633,12 +3940,10 @@ static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CBC Encryption Operation");
@@ -3709,12 +4014,10 @@ static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CBC Decryption Operation");
@@ -3789,12 +4092,10 @@ static int Pkcs11AesCtrEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CTR Encryption Operation");
@@ -3870,12 +4171,10 @@ static int Pkcs11AesCtrDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CTR Decryption Operation");
@@ -3960,11 +4259,10 @@ static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
ret = Pkcs11HmacTypes(info->hmac.macType, &mechType, &keyType);
if (ret == 0) {
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, mechType,
&mechInfo);
PKCS11_RV("C_GetMechanismInfo", rv);
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
ret = Pkcs11MechAvail(session, mechType, &mechInfo);
if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) {
ret = NOT_COMPILED_IN;
}
}
/* Check whether key been used to initialized. */
+38
View File
@@ -31783,6 +31783,8 @@ typedef struct Srtp_Kdf_Tv {
word32 ksSz;
} Srtp_Kdf_Tv;
#define SRTP_KDF_LONG_KEY 5000
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
{
wc_test_ret_t ret = 0;
@@ -32034,6 +32036,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
unsigned char keyE[32];
unsigned char keyA[20];
unsigned char keyS[14];
#ifndef BENCH_EMBEDDED
WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
#ifndef BENCH_EMBEDDED
WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
WOLFSSL_ENTER("srtpkdf_test");
for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
@@ -32284,6 +32298,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
return WC_TEST_RET_ENC_NC;
}
#ifndef BENCH_EMBEDDED
/* Check that long messages can be created. */
ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz,
tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong,
SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Check that two bytes of counter are being used. */
if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
return WC_TEST_RET_ENC_NC;
}
WC_FREE_VAR(keyELong, HEAP_HINT);
WC_FREE_VAR(keyALong, HEAP_HINT);
WC_FREE_VAR(keySLong, HEAP_HINT);
#endif
return 0;
}
#endif
+16
View File
@@ -5335,6 +5335,19 @@ struct WOLFSSL_X509_NAME {
#endif
#endif
#ifndef WOLFSSL_AIA_ENTRY_DEFINED
#ifndef WOLFSSL_MAX_AIA_ENTRIES
#define WOLFSSL_MAX_AIA_ENTRIES 8
#endif
#define WOLFSSL_AIA_ENTRY_DEFINED
typedef struct WOLFSSL_AIA_ENTRY {
word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */
const byte* uri; /* Pointer into cert DER for the URI. */
word32 uriSz; /* Length of URI data. */
} WOLFSSL_AIA_ENTRY;
#endif /* WOLFSSL_AIA_ENTRY_DEFINED */
struct WOLFSSL_X509 {
int version;
int serialSz;
@@ -5405,6 +5418,9 @@ struct WOLFSSL_X509 {
byte* authInfoCaIssuer;
int authInfoCaIssuerSz;
#endif
WOLFSSL_AIA_ENTRY authInfoList[WOLFSSL_MAX_AIA_ENTRIES];
byte authInfoListSz:7;
byte authInfoListOverflow:1;
word32 pathLength;
word16 keyUsage;
int rawCRLInfoSz;
+7
View File
@@ -1917,6 +1917,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
WOLFSSL_API int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack,
WOLFSSL_STACK* in);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);
@@ -5796,6 +5798,11 @@ WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x);
#ifdef WOLFSSL_ASN_CA_ISSUER
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(
WOLFSSL_X509 *x);
#endif /* WOLFSSL_ASN_CA_ISSUER */
WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_X509 *subject);
+1 -1
View File
@@ -334,7 +334,7 @@ struct Aes {
#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
int devId;
void* devCtx;
void* devCtx; /* Opaque handle for CryptoCB device */
#endif
#ifdef WOLF_PRIVATE_KEY_ID
byte id[AES_MAX_ID_LEN];
+21 -2
View File
@@ -1702,6 +1702,19 @@ typedef struct TrustedPeerCert TrustedPeerCert;
#endif /* WOLFSSL_TRUST_PEER_CERT */
typedef struct SignatureCtx SignatureCtx;
#ifndef WOLFSSL_AIA_ENTRY_DEFINED
#ifndef WOLFSSL_MAX_AIA_ENTRIES
#define WOLFSSL_MAX_AIA_ENTRIES 8
#endif
#define WOLFSSL_AIA_ENTRY_DEFINED
typedef struct WOLFSSL_AIA_ENTRY {
word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */
const byte* uri; /* Pointer into cert DER for the URI. */
word32 uriSz; /* Length of URI data. */
} WOLFSSL_AIA_ENTRY;
#endif /* WOLFSSL_AIA_ENTRY_DEFINED */
#ifdef WC_ASN_UNKNOWN_EXT_CB
typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,
const unsigned char* der, word32 derSz);
@@ -2060,6 +2073,10 @@ struct DecodedCert {
WC_BITFIELD extAltSigAlgCrit:1;
WC_BITFIELD extAltSigValCrit:1;
#endif /* WOLFSSL_DUAL_ALG_CERTS */
WOLFSSL_AIA_ENTRY extAuthInfoList[WOLFSSL_MAX_AIA_ENTRIES];
WC_BITFIELD extAuthInfoListSz:7;
WC_BITFIELD extAuthInfoListOverflow:1;
};
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -2209,6 +2226,8 @@ typedef enum MimeStatus
#define GetShortInt wc_GetShortInt
#define SetShortInt wc_SetShortInt
#define GetLength wc_GetLength
#define SetLength wc_SetLength
#define SetSequence wc_SetSequence
#define GetASNInt wc_GetASNInt
#define GetASNTag wc_GetASNTag
#define SetAlgoID wc_SetAlgoID
@@ -2468,11 +2487,11 @@ WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len,
WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_ASN_API word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output,
byte isIndef);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_ASN_API word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
+4
View File
@@ -122,7 +122,11 @@ typedef word32 cpuid_flags_t;
* accurate.
*/
static WC_INLINE int cpuid_get_flags_atomic(cpuid_flags_atomic_t *flags) {
#ifdef WOLFSSL_BSDKM
if (WOLFSSL_ATOMIC_LOAD_UINT(*flags) == WC_CPUID_INITIALIZER) {
#else
if (WOLFSSL_ATOMIC_LOAD(*flags) == WC_CPUID_INITIALIZER) {
#endif /* WOLFSSL_BSDKM */
cpuid_flags_t old_cpuid_flags = WC_CPUID_INITIALIZER;
return wolfSSL_Atomic_Uint_CompareExchange
(flags, &old_cpuid_flags, cpuid_get_flags());
+10
View File
@@ -376,6 +376,13 @@ typedef struct wc_CryptoInfo {
const byte* in;
word32 sz;
} des3;
#endif
#if !defined(NO_AES) && defined(WOLF_CRYPTO_CB_AES_SETKEY)
struct {
Aes* aes;
const byte* key;
word32 keySz;
} aessetkey;
#endif
void* ctx;
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
@@ -678,6 +685,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesEcbEncrypt(Aes* aes, byte* out,
WOLFSSL_LOCAL int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out,
const byte* in, word32 sz);
#endif /* HAVE_AES_ECB */
#ifdef WOLF_CRYPTO_CB_AES_SETKEY
WOLFSSL_API int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz);
#endif /* WOLF_CRYPTO_CB_AES_SETKEY */
#endif /* !NO_AES */
#ifndef NO_DES3
+562 -1
View File
@@ -34,6 +34,7 @@ extern "C" {
#define CK_INVALID_HANDLE 0UL
#define CK_UNAVAILABLE_INFORMATION (~0UL)
#define CKN_SURRENDER 0UL
@@ -184,6 +185,7 @@ extern "C" {
#define CKR_OK 0x00000000UL
#define CKR_MECHANISM_INVALID 0x00000070UL
#define CKR_SIGNATURE_INVALID 0x000000C0UL
#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL
#define CKD_NULL 0x00000001UL
#define CKZ_DATA_SPECIFIED 0x00000001UL
@@ -384,15 +386,47 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS {
} CK_RSA_PKCS_OAEP_PARAMS;
typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR;
typedef struct CK_ASYNC_DATA {
CK_ULONG ulVersion;
CK_BYTE_PTR pValue;
CK_ULONG ulValueLen;
CK_OBJECT_HANDLE hObject;
CK_OBJECT_HANDLE hAdditionalObject;
} CK_ASYNC_DATA;
typedef CK_ASYNC_DATA* CK_ASYNC_DATA_PTR;
/* Function list types. */
typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0;
typedef struct CK_FUNCTION_LIST_3_2 CK_FUNCTION_LIST_3_2;
typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR;
typedef CK_FUNCTION_LIST_3_0* CK_FUNCTION_LIST_3_0_PTR;
typedef CK_FUNCTION_LIST_3_2* CK_FUNCTION_LIST_3_2_PTR;
typedef CK_FUNCTION_LIST_PTR* CK_FUNCTION_LIST_PTR_PTR;
typedef CK_FUNCTION_LIST_3_0_PTR* CK_FUNCTION_LIST_3_0_PTR_PTR;
typedef CK_FUNCTION_LIST_3_2_PTR* CK_FUNCTION_LIST_3_2_PTR_PTR;
typedef CK_RV (*CK_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
#ifdef HAVE_PKCS11_STATIC
typedef struct CK_INTERFACE {
CK_UTF8CHAR_PTR pInterfaceName;
CK_VOID_PTR pFunctionList;
CK_FLAGS flags;
} CK_INTERFACE;
typedef CK_INTERFACE* CK_INTERFACE_PTR;
typedef CK_INTERFACE_PTR* CK_INTERFACE_PTR_PTR;
typedef CK_RV (*CK_C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
CK_VERSION_PTR pVersion, CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags);
#if defined(HAVE_PKCS11_STATIC)
CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
#elif defined(HAVE_PKCS11_V3_STATIC)
CK_RV C_GetInterface(CK_UTF8CHAR_PTR pInterfaceName, CK_VERSION_PTR pVersion,
CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags);
#endif
struct CK_FUNCTION_LIST {
@@ -578,6 +612,533 @@ struct CK_FUNCTION_LIST {
};
struct CK_FUNCTION_LIST_3_0 {
CK_VERSION version;
CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs);
CK_RV (*C_Finalize)(CK_VOID_PTR pReserved);
CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo);
CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo);
CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin,
CK_ULONG ulPinLen);
CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin,
CK_ULONG ulNewLen);
CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags,
CK_VOID_PTR pApplication, CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession);
CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID);
CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo);
CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen);
CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey);
CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject);
CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject);
CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject);
CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize);
CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount);
CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen);
CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen);
CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen);
CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen);
CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen);
CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism);
CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen);
CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen);
CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey);
CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen);
CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen);
CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession);
CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pReserved);
/* PKCS#11 V 3.0 functions */
CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
CK_VERSION_PTR pVersion,
CK_INTERFACE_PTR_PTR ppInterface,
CK_FLAGS flags);
CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen);
CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags);
CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext,
CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext,
CK_ULONG_PTR pulCiphertextLen);
CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen);
CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart,
CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart,
CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags);
CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext,
CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext,
CK_ULONG_PTR pulPlaintextLen);
CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen);
CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart,
CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart,
CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags);
CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen);
CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen);
CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession);
};
struct CK_FUNCTION_LIST_3_2 {
CK_VERSION version;
CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs);
CK_RV (*C_Finalize)(CK_VOID_PTR pReserved);
CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo);
CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo);
CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin,
CK_ULONG ulPinLen);
CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin,
CK_ULONG ulNewLen);
CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags,
CK_VOID_PTR pApplication, CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession);
CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID);
CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo);
CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen);
CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey);
CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject);
CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject);
CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject);
CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize);
CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount);
CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen);
CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen);
CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen);
CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen);
CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen);
CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism);
CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen);
CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen);
CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen);
CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey);
CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen);
CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen);
CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession);
CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession);
CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pReserved);
/* PKCS#11 V 3.0 functions */
CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList,
CK_ULONG_PTR pulCount);
CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName,
CK_VERSION_PTR pVersion,
CK_INTERFACE_PTR_PTR ppInterface,
CK_FLAGS flags);
CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen);
CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags);
CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext,
CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext,
CK_ULONG_PTR pulCiphertextLen);
CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen);
CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart,
CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart,
CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags);
CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext,
CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext,
CK_ULONG_PTR pulPlaintextLen);
CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData,
CK_ULONG ulAssociatedDataLen);
CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart,
CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart,
CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags);
CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen);
CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen);
CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey);
CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen);
CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter,
CK_ULONG ulParameterLen, CK_BYTE_PTR pData,
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession);
/* PKCS#11 V 3.2 functions */
CK_RV (*C_EncapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hPublicKey, CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey,
CK_BYTE_PTR pCiphertext, CK_ULONG_PTR pulCiphertextLen);
CK_RV (*C_DecapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hPrivateKey, CK_BYTE_PTR pCiphertext,
CK_ULONG ulCiphertextLen, CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
CK_RV (*C_VerifySignatureInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen);
CK_RV (*C_VerifySignature)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG ulDataLen);
CK_RV (*C_VerifySignatureUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen);
CK_RV (*C_VerifySignatureFinal)(CK_SESSION_HANDLE hSession);
CK_RV (*C_GetSessionValidationFlags)(CK_SESSION_HANDLE hSession, CK_ULONG type,
CK_FLAGS * pFlags);
CK_RV (*C_AsyncComplete)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
CK_ASYNC_DATA_PTR pResult);
CK_RV (*C_AsyncGetID)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
CK_ULONG_PTR pulID);
CK_RV (*C_AsyncJoin)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName,
CK_ULONG ulID, CK_BYTE_PTR pData, CK_ULONG ulData);
};
#ifdef __cplusplus
}
#endif
+17
View File
@@ -229,6 +229,14 @@ typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
int devId, int hashOID);
#endif
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
/* ECC sign raw digest callback, user signs hash directly */
typedef int (*CallbackEccSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
word32 digestSz, byte* out, word32 outSz,
byte* privateKey, word32 privateKeySz,
int devId, int hashOID);
#endif
/* Public Structure Warning:
* Existing members must not be changed to maintain backwards compatibility!
@@ -376,6 +384,10 @@ struct wc_PKCS7 {
CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb;
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
CallbackEccSignRawDigest eccSignRawDigestCb;
#endif
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
};
@@ -511,6 +523,11 @@ WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
CallbackRsaSignRawDigest cb);
#endif
#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC)
WOLFSSL_API int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7,
CallbackEccSignRawDigest cb);
#endif
/* CMS/PKCS#7 EnvelopedData */
WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
byte* output, word32 outputSz);
+4
View File
@@ -4990,6 +4990,10 @@ extern void uITRON4_free(void *p) ;
#error "If TLS is enabled please make sure either client or server is enabled."
#endif
#if defined(WC_RNG_BANK_SUPPORT) && defined(NO_ASN_TIME)
#undef WC_RNG_BANK_SUPPORT
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
+13 -1
View File
@@ -37,13 +37,21 @@
extern "C" {
#endif
enum Pkcs11InterfaceVersionType {
WC_PCKS11VERSION_2_20,
WC_PCKS11VERSION_2_40,
WC_PCKS11VERSION_3_0,
WC_PCKS11VERSION_3_1,
WC_PCKS11VERSION_3_2,
};
typedef struct Pkcs11Dev {
#ifndef HAVE_PKCS11_STATIC
#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC)
void* dlHandle; /* Handle to library */
#endif
CK_FUNCTION_LIST* func; /* Array of functions */
void* heap;
int version; /* Pkcs11InterfaceVersionType */
} Pkcs11Dev;
typedef struct Pkcs11Token {
@@ -53,12 +61,14 @@ typedef struct Pkcs11Token {
CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
CK_ULONG userPinSz; /* Size of user's PIN in bytes */
byte userPinLogin:1; /* Login with User's PIN */
int version; /* Pkcs11InterfaceVersionType */
} Pkcs11Token;
typedef struct Pkcs11Session {
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; /* Handle to active session */
int version; /* Pkcs11InterfaceVersionType */
} Pkcs11Session;
/* Types of keys that can be stored. */
@@ -74,6 +84,8 @@ WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
void* heap);
WOLFSSL_API int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library,
void* heap, CK_RV* rvp);
WOLFSSL_API int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library,
void* heap, int* version, const char* interfaceName, CK_RV* rvp);
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,
+4
View File
@@ -6,6 +6,10 @@ all:
test:
+$(MAKE) -C wolfssl-wolfcrypt test
.PHONY: testfips
testfips:
+$(MAKE) -C wolfssl-wolfcrypt testfips
.PHONY: clean
clean:
+$(MAKE) -C wolfssl-wolfcrypt clean
+5 -1
View File
@@ -6,7 +6,11 @@ all:
.PHONY: test
test:
cargo test
cargo test -- --test-threads=1
.PHONY: testfips
testfips:
cargo test --lib --bins --tests -- --test-threads=1
.PHONY: clean
clean:
+80 -1
View File
@@ -19,6 +19,7 @@ fn main() {
/// Returns `Ok(())` if successful, or an error if any step fails.
fn run_build() -> Result<()> {
generate_bindings()?;
generate_fips_aliases()?;
setup_wolfssl_link()?;
scan_cfg()?;
Ok(())
@@ -64,6 +65,79 @@ fn generate_bindings() -> Result<()> {
})
}
/// Generate FIPS symbol aliases.
///
/// Since Rust can't use fips.h's #defines which map the "regular" wc function
/// name to the _fips variant, and since bindgen has only seen the _fips
/// variant, we will generate aliases that allow the non-_fips variant function
/// name to be called without the _fips prefix by Rust sources in a manner
/// similar to which C sources would be able to call the non-_fips variant
/// function name.
///
/// Returns `Ok(())` if successful, or an error if generation fails.
fn generate_fips_aliases() -> Result<()> {
let binding = read_file(bindings_path())?;
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
let aliases_path = out_dir.join("fips_aliases.rs");
let mut aliases = String::new();
// Find all _fips symbol names
let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap();
for cap in fips_sym_re.captures_iter(&binding) {
let mut base_name = &cap[1];
let fips_name = format!("{}_fips", base_name);
// Exception mappings: (standard_name, fips_name)
// For cases where FIPS name doesn't follow the simple <name>_fips pattern
let exceptions: &[(&str, &str)] = &[
// _ex suffix changed to Ex before _fips
("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"),
("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"),
("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"),
("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"),
("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"),
("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"),
("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"),
("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"),
("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"),
("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"),
("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"),
// Name change
("wc_PRF_TLS", "wc_PRF_TLSv12_fips"),
];
// Handle exceptions
for (exc_base_name, exc_fips_name) in exceptions {
if fips_name == *exc_fips_name {
base_name = exc_base_name;
break;
}
}
// Check if the non-_fips version exists in bindings
let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name));
let non_fips_re = Regex::new(&non_fips_pattern).unwrap();
if non_fips_re.is_match(&binding) {
// Add any new known names defined with both a _fips suffix and not
// here. Warn if any new ones are discovered.
if base_name != "wc_AesGcmEncrypt" {
println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name);
}
} else {
// Only alias if the base name doesn't already exist
aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name));
}
}
fs::write(&aliases_path, aliases)?;
Ok(())
}
/// Instruct cargo to link against wolfssl C library
///
/// Returns `Ok(())` if successful, or an error if any step fails.
@@ -93,7 +167,7 @@ fn read_file(path: String) -> Result<String> {
}
fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) {
let pattern = format!(r"\b{}\b", function_name);
let pattern = format!(r"\b{}(_fips)?\b", function_name);
let re = match Regex::new(&pattern) {
Ok(r) => r,
Err(e) => {
@@ -181,6 +255,9 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
/* fips */
check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips");
/* hkdf */
check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
@@ -213,6 +290,8 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_InitSha256", "sha256");
check_cfg(&binding, "wc_InitSha384", "sha384");
check_cfg(&binding, "wc_InitSha512", "sha512");
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224");
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256");
check_cfg(&binding, "wc_InitSha3_224", "sha3");
check_cfg(&binding, "wc_InitShake128", "shake128");
check_cfg(&binding, "wc_InitShake256", "shake256");
+2 -2
View File
@@ -711,7 +711,7 @@ impl ECC {
}
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
let priv_size = priv_buf.len() as u32;
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_size = pub_buf.len() as u32;
let rc = unsafe {
sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size,
@@ -785,7 +785,7 @@ impl ECC {
}
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
let priv_size = priv_buf.len() as u32;
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_size = pub_buf.len() as u32;
let rc = unsafe {
sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size,
@@ -0,0 +1,34 @@
#![cfg(fips)]
use crate::sys;
/// Enables or disables the ability to read private key data in FIPS mode.
///
/// In FIPS mode, private keys are protected and cannot be read by default.
/// This function allows temporarily enabling private key reads for operations
/// that require access to the raw key material, such as key export or backup.
///
/// # Arguments
///
/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable.
///
/// # Returns
///
/// * `Ok(())` - The operation succeeded.
/// * `Err(i32)` - The operation failed, returning the wolfSSL error code.
///
/// # Note
///
/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key
/// reading should be disabled again after the required operation is complete
/// to maintain FIPS compliance.
pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> {
let rc = unsafe {
sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL)
};
if rc != 0 {
Err(rc)
} else {
Ok(())
}
}

Some files were not shown because too many files have changed in this diff Show More