Merge remote-tracking branch 'upstream/master' into tk11899

This commit is contained in:
TakayukiMatsuo
2021-04-07 12:01:39 +09:00
82 changed files with 25442 additions and 14698 deletions
+2 -2
View File
@@ -14,7 +14,7 @@ extern "C" {
#define INTIME_RTOS
#undef WOLF_EXAMPLES_STACK
#define WOLF_EXAMPLES_STACK 65536
#define WOLF_EXAMPLES_STACK (1<<17)
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
@@ -27,7 +27,7 @@ extern "C" {
/* disable directory support */
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
//#define NO_WOLFSSL_DIR
/* disable writev */
#undef NO_WRITEV
+1 -1
View File
@@ -66,7 +66,7 @@
</Link>
<ClCompile>
<ExceptionHandling>Async</ExceptionHandling>
<PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
</ItemDefinitionGroup>
+3
View File
@@ -94,6 +94,9 @@ int main(int argc, char* argv[])
if (virtual_base == (uintptr_t)MAP_FAILED) {
perror("mmap_device_io failed for base address ");
}
else {
munmap_device_io(virtual_base, 0x00010000);
}
wolfCrypt_Init();
+5
View File
@@ -122,6 +122,11 @@ extern ${variable.value} ${variable.name};
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#elif defined(STM32G071xx)
#define WOLFSSL_STM32G0
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
/* This means there is not a pre-defined platform for your board/CPU */
+5
View File
@@ -177,6 +177,11 @@
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#elif defined(STM32G071xx)
#define WOLFSSL_STM32G0
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
/* This means there is not a pre-defined platform for your board/CPU */
+5
View File
@@ -0,0 +1,5 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/WINCE/user_settings.h
+333
View File
@@ -0,0 +1,333 @@
#ifndef _WIN_USER_SETTINGS_H_
#define _WIN_USER_SETTINGS_H_
/* For FIPS Ready, uncomment the following: */
/* #define WOLFSSL_FIPS_READY */
#ifdef WOLFSSL_FIPS_READY
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 3
#endif
/* Verify this is Windows */
#ifndef _WIN32
#error This user_settings.h header is only designed for Windows
#endif
/* Configurations */
#define WOLFCRYPT_ONLY
#undef USE_FAST_MATH
#if 1
#define USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
/* Optimizations */
//#define TFM_ARM
#endif
/* Wolf Single Precision Math */
#undef WOLFSSL_SP
#if 0
#define WOLFSSL_SP
//#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
//#define WOLFSSL_SP_CACHE_RESISTANT
//#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
/* SP Assembly Speedups */
//#define WOLFSSL_SP_ASM /* required if using the ASM versions */
//#define WOLFSSL_SP_ARM32_ASM
//#define WOLFSSL_SP_ARM64_ASM
//#define WOLFSSL_SP_ARM_THUMB_ASM
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 1
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 2
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#else
#ifndef USE_WINDOWS_API
#define USE_WINDOWS_API
#endif
#endif
#undef NO_ATTRIBUTE_CONSTRUCTOR
//#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
/* FIPS */
//#define OPENSSL_EXTRA
//#define HAVE_THREAD_LS
#define WOLFSSL_KEY_GEN
#define HAVE_AESGCM
#define HAVE_HASHDRBG
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define NO_PSK
#define NO_HC128
#define NO_RC4
#define NO_RABBIT
//#define NO_DSA
#define NO_MD4
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#if 0
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 1
#define WC_RSA_PSS
#endif
#if 1
#define WC_RSA_NO_PADDING
#endif
#else
#define NO_RSA
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#undef ECC_USER_CURVES
//#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH /* Enable cofactor support */
#undef NO_STRICT_ECDSA_LEN
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
#endif
/* Compressed Key Support */
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 * 2)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
//#undef FP_MAX_BITS_ECC
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#undef TFM_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
//#define GCM_SMALL
//#define GCM_WORD32
#define GCM_TABLE
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#define HAVE_AESCCM
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 1
#else
#define NO_DES3
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 1
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 1
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 1
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 1
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
#endif
/* DH */
#undef NO_DH
#if 1
/* Use table for DH instead of -lm (math) lib dependency */
#if 0
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#else
#define NO_DH
#endif
#endif /* FIPS v2 */
//#define DEBUG_WOLFSSL
#define NO_MAIN_DRIVER
#endif /* _WIN_USER_SETTINGS_H_ */
+1
View File
@@ -37,6 +37,7 @@ include IDE/RISCV/include.am
include IDE/XilinxSDK/include.am
include IDE/VisualDSP/include.am
include IDE/QNX/include.am
include IDE/WINCE/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
EXTRA_DIST+= IDE/OPENSTM32/README.md
+2
View File
@@ -155,3 +155,5 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
[TLS 1.3](https://www.wolfssl.com/docs/tls13/)
[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
+40 -15
View File
@@ -324,6 +324,11 @@ then
AC_MSG_ERROR([cannot enable sp-math and sp-math-all simultaneously.])
fi
AC_ARG_ENABLE([sp-asm],
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
[ ENABLED_SP_ASM=$enableval ],
[ ENABLED_SP_ASM=no ],
)
# ALL FEATURES
AC_ARG_ENABLE([all],
@@ -348,6 +353,7 @@ then
test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha512" = "" && enable_sha512=yes
@@ -949,16 +955,12 @@ then
AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS"
fi
# One Error Queue per Thread
@@ -1287,6 +1289,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
fi
# AES-CBC length checks (checks that input lengths are multiples of block size)
AC_ARG_ENABLE([aescbc_length_checks],
[AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
[ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
[ ENABLED_AESCBC_LENGTH_CHECKS=no ]
)
if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
fi
# leanpsk and leantls don't need gcm
# AES-GCM
@@ -1295,6 +1309,11 @@ AC_ARG_ENABLE([aesgcm],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=yes ]
)
AC_ARG_ENABLE([aesgcm-stream],
[AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: enabled)])],
[ ENABLED_AESGCM_STREAM=$enableval ],
[ ENABLED_AESGCM_STREAM=no ]
)
# leanpsk and leantls don't need gcm
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
@@ -4269,6 +4288,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
@@ -5134,6 +5154,10 @@ do
ENABLED_SP_SMALL=yes
;;
asm)
ENABLED_SP_ASM=yes
;;
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
@@ -5194,11 +5218,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
fi
if test "$ENABLED_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
fi
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
@@ -5313,11 +5332,6 @@ if test "$ENABLED_SP_MATH_ALL" = "yes"; then
fi
AC_ARG_ENABLE([sp-asm],
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
[ ENABLED_SP_ASM=$enableval ],
[ ENABLED_SP_ASM=no ],
)
if test "$ENABLED_SP_ASM" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
@@ -5975,6 +5989,16 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi
if test "$ENABLED_AESGCM_STREAM" != "no"
then
if test "$ENABLED_AESGCM" = "no"
then
AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
fi
fi
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
@@ -6494,6 +6518,7 @@ echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-CBC: $ENABLED_AESCBC"
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR"
+20 -8
View File
@@ -66,16 +66,22 @@ WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
the resulting cipher text in the output buffer out using cipher block
chaining with AES. This function requires that the AES object has been
initialized by calling AesSetKey before a message is able to be encrypted.
This function assumes that the input message is AES block length aligned.
PKCS#7 style padding should be added beforehand. This differs from the
OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL
function and equivalent OpenSSL functions interoperate, one should specify
This function assumes that the input message is AES block length aligned,
and expects the input length to be a multiple of the block length, which
will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS
is defined in the build configuration. In order to assure block-multiple
input, PKCS#7 style padding should be added beforehand. This differs from
the OpenSSL AES-CBC methods which add the padding for you. To make the
wolfSSL and corresponding OpenSSL functions interoperate, one should specify
the -nopad option in the OpenSSL command line function so that it behaves
like the wolfSSL AesCbcEncrypt method and does not add extra padding
during encryption.
\return 0 On successfully encrypting message.
\return BAD_ALIGN_E: Returned on block align error
\return BAD_ALIGN_E: may be returned on block align error
\return BAD_LENGTH_E will be returned if the input length isn't a
multiple of the AES block length, when the library is built with
WOLFSSL_AES_CBC_LENGTH_CHECKS.
\param aes pointer to the AES object used to encrypt data
\param out pointer to the output buffer in which to store the ciphertext
@@ -110,15 +116,21 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
with AES. This function requires that the AES structure has been
initialized by calling AesSetKey before a message is able to be decrypted.
This function assumes that the original message was AES block length
aligned. This differs from the OpenSSL AES-CBC methods which do not
require alignment as it adds PKCS#7 padding automatically. To make the
aligned, and expects the input length to be a multiple of the block length,
which will optionally be checked and enforced if
WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration.
This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding
automatically, and so do not require block-multiple input. To make the
wolfSSL function and equivalent OpenSSL functions interoperate, one
should specify the -nopad option in the OpenSSL command line function
so that it behaves like the wolfSSL AesCbcEncrypt method and does not
create errors during decryption.
\return 0 On successfully decrypting message.
\return BAD_ALIGN_E Returned on block align error.
\return BAD_ALIGN_E may be returned on block align error.
\return BAD_LENGTH_E will be returned if the input length isn't a
multiple of the AES block length, when the library is built with
WOLFSSL_AES_CBC_LENGTH_CHECKS.
\param aes pointer to the AES object used to decrypt data.
\param out pointer to the output buffer in which to store the plain text
+79 -11
View File
@@ -949,7 +949,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
static const char* client_usage_msg[][66] = {
static const char* client_usage_msg[][67] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
@@ -1120,8 +1120,15 @@ static const char* client_usage_msg[][66] = {
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 66 */
#endif
#ifdef HAVE_CRL
"-C Disable CRL\n",
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 67 */
#endif
NULL,
},
@@ -1294,8 +1301,19 @@ static const char* client_usage_msg[][66] = {
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
#endif
"-6 WANT_WRITE エラーを全てのIO 送信でシュミレートします\n",
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 66 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 67 */
#endif
NULL,
},
@@ -1465,9 +1483,15 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgid]); /* -5 */
#endif
printf("%s", msg[++msgid]); /* -6 */
#ifdef HAVE_CURVE448
printf("%s", msg[++msgid]); /* -8 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgid]); /* -9 */
#endif
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -1601,6 +1625,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
#endif
char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -1686,7 +1715,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
"01:23:4568"
"01:23:45689"
"@#")) != -1) {
switch (ch) {
case '?' :
@@ -2162,7 +2191,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#endif
break;
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
break;
#endif
case '@' :
{
#ifdef HAVE_WC_INTROSPECTION
@@ -2622,6 +2657,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
WOLFSSL_X509_LOOKUP *lookup;
store = wolfSSL_CTX_get_cert_store(ctx);
if (store == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't get WOLFSSL_X509_STORE");
}
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't add lookup");
}
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
}
} else {
#endif
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
@@ -2669,6 +2727,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif
}
if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
myVerifyAction == VERIFY_USE_PREVERFIY) {
@@ -2692,7 +2755,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SNI
if (sniHostName) {
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("UseSNI failed");
@@ -3230,7 +3293,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
{
byte* rnd;
@@ -3266,9 +3329,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#if defined(OPENSSL_ALL) && !defined(NO_SESSION_CACHE)
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
#if !defined(NO_SESSION_CACHE) && \
(defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
!defined(NO_FILESYSTEM)
#ifndef NO_BIO
/* print out session to stdout */
{
@@ -3281,8 +3349,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
wolfSSL_BIO_free(bio);
}
#endif
#endif
#endif /* !NO_BIO */
#endif
#endif
if (doSTARTTLS && starttlsProt != NULL) {
+70 -6
View File
@@ -582,7 +582,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
static const char* server_usage_msg[][56] = {
static const char* server_usage_msg[][57] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
@@ -705,6 +705,16 @@ static const char* server_usage_msg[][56] = {
/* 55 */
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
/* 57 */
#endif
NULL,
},
@@ -838,6 +848,16 @@ static const char* server_usage_msg[][56] = {
/* 55 */
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
/* 57 */
#endif
NULL,
},
@@ -966,9 +986,15 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgId]); /* -5 */
#endif /* HAVE_TRUSTED_CA */
printf("%s", msg[++msgId]); /* -6 */
#ifdef HAVE_CURVE448
printf("%s", msg[++msgId]); /* -8 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgId]); /* -9 */
#endif
}
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
@@ -1126,6 +1152,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef HAVE_ENCRYPT_THEN_MAC
int disallowETM = 0;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
#endif
((func_args*)args)->return_code = -1; /* error state */
@@ -1191,8 +1222,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"abc:defgijk:l:mnop:q:rstuv:wxy"
"A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
"01:23:4:568"
"@#")) != -1) {
"01:23:4:5689"
"@#")) != -1) {
switch (ch) {
case '?' :
if(myoptarg!=NULL) {
@@ -1620,7 +1651,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
#endif
break;
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
break;
#endif
case '@' :
{
#ifdef HAVE_WC_INTROSPECTION
@@ -2011,7 +2048,29 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
WOLFSSL_X509_LOOKUP *lookup;
store = wolfSSL_CTX_get_cert_store(ctx);
if (store == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't get WOLFSSL_X509_STORE");
}
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't add lookup");
}
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
}
} else {
#endif
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
verify_flags) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic,
@@ -2026,6 +2085,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif
}
#endif
@@ -2584,7 +2648,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
}
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
{
byte* rnd = NULL;
byte* pt;
+86 -3
View File
@@ -107,9 +107,13 @@ run_test() {
echo ""
echo "Successful Revocation!!!!"
echo ""
exit_code=0
echo "exiting with $exit_code"
exit $exit_code
if [ $exit_hash_dir_code -ne 0 ]; then
exit_code=1
else
exit_code=0
echo "exiting with $exit_code"
exit $exit_code
fi
;;
*)
echo ""
@@ -120,9 +124,88 @@ run_test() {
esac
}
run_hashdir_test() {
echo -e "\n\nHash dir with CRL and Certificate loading"
remove_ready_file
# create hashed cert and crl
pushd ${CERT_DIR}
# ca file
ca_hash_name=`openssl x509 -in ca-cert.pem -hash -noout`
if [ -f "$ca_hash_name".0 ]; then
rm "$ca_hash_name".0
fi
ln -s ca-cert.pem "$ca_hash_name".0
# crl file
crl_hash_name=`openssl crl -in ./crl/crl.pem -hash -noout`
if [ -f "$crl_hash_name".r0 ]; then
rm "$crl_hash_name".r0
fi
ln -s ./crl/crl.pem "$crl_hash_name".r0
popd
# starts the server on crl_port, -R generates ready file to be used as a
# mutex lock, -c loads the revoked certificate. We capture the processid
# into the variable server_pid
./examples/server/server -R $ready_file -p $crl_port \
-c ${CERT_DIR}/server-revoked-cert.pem \
-k ${CERT_DIR}/server-revoked-key.pem &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
# get created port 0 ephemeral port
crl_port="$(cat $ready_file)"
# starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port -9 2>&1)
client_result=$?
wait $server_pid
server_result=$?
case "$capture_out" in
*$revocation_code*)
# only exit with zero on detection of the expected error code
echo ""
echo "Successful Revocation!!!! with hash dir"
echo ""
exit_hash_dir_code=0
;;
*)
echo ""
echo "Certificate was not revoked saw this instead: $capture_out"
echo ""
echo "configure with --enable-crl and run this script again"
echo ""
exit_hash_dir_code=1
esac
# clean up hashed cert and crl
pushd ${CERT_DIR}
rm "$ca_hash_name".0
rm "$crl_hash_name".r0
popd
}
######### begin program #########
# Check for enabling hash dir feature
./examples/client/client -? 2>&1 | grep -- 'hash dir'
if [ $? -eq 0 ]; then
hash_dir=yes
exit_hash_dir_code=1
fi
if [ "$hash_dir" = "yes" ]; then
run_hashdir_test
else
exit_hash_dir_code=0
fi
# run the test
run_test
+22 -1
View File
@@ -364,6 +364,25 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
}
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* if not find entry in the CRL list, it looks at the folder that sets */
/* by LOOKUP_ctrl because user would want to use hash_dir. */
/* Loading <issuer-hash>.rN form CRL file if find at the folder, */
/* and try again checking Cert in the CRL list. */
/* When not set the folder or not use hash_dir, do nothing. */
if (foundEntry == 0) {
if (crl->cm->x509_store_p != NULL) {
ret = LoadCertByIssuer(crl->cm->x509_store_p,
(WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL);
if (ret == WOLFSSL_SUCCESS) {
/* try again */
ret = CheckCertCRLList(crl, cert, &foundEntry);
}
}
}
#endif
if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
@@ -633,6 +652,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
current = head;
head = head->next;
FreeCRL_Entry(current, heap);
XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY);
}
return NULL;
@@ -701,7 +721,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
if (store->cm->crl == NULL) {
crl = wolfSSL_X509_crl_new(store->cm);
if (DupX509_CRL(crl, newcrl) != 0) {
FreeCRL(crl, 1);
if (crl != NULL)
FreeCRL(crl, 1);
return WOLFSSL_FAILURE;
}
store->crl = store->cm->crl = crl;
+720 -12
View File
@@ -1117,7 +1117,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver)
}
#else
if (ver > DTLS_EXPORT_VERSION_3) {
exp[idx++] = 0;
idx++;
}
#endif
#else
@@ -1809,7 +1809,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef OPENSSL_EXTRA
/* setup WOLFSSL_X509_STORE */
ctx->x509_store.cm = ctx->cm;
/* set pointer back to x509 store */
ctx->cm->x509_store_p = &ctx->x509_store;
/* WOLFSSL_X509_VERIFY_PARAM */
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
@@ -1818,6 +1820,21 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
return MEMORY_E;
}
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
/* WOLFSSL_X509_LOOKUP */
if ((ctx->x509_store.lookup.dirs =
(WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
return MEMORY_E;
}
XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
WOLFSSL_MSG("Bad mutex init");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
return BAD_MUTEX_E;
}
#endif
#endif
@@ -1969,6 +1986,17 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
if (ctx->param) {
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
}
if (ctx->x509_store.lookup.dirs) {
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ctx->x509_store.lookup.dirs->dir_entry) {
wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry);
}
#endif
wc_FreeMutex(&ctx->x509_store.lookup.dirs->lock);
XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL);
}
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH
@@ -6367,7 +6395,9 @@ void FreeSuites(WOLFSSL* ssl)
#endif
{
#ifdef OPENSSL_ALL
wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
if (ssl->suites != NULL) {
wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
}
#endif
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
}
@@ -7130,7 +7160,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
{
WOLFSSL_ENTER("DtlsMsgSet()");
if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
(fragOffset + fragSz) <= msg->sz) {
fragSz <= msg->sz && fragOffset <= msg->sz &&
(fragOffset + fragSz) <= msg->sz) {
DtlsFrag* cur = msg->fragList;
DtlsFrag* prev = cur;
DtlsFrag* newFrag;
@@ -8600,6 +8631,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return LENGTH_ERROR;
#endif
if (*size == 0 && rh->type != application_data) {
WOLFSSL_MSG("0 length, non-app data record.");
return LENGTH_ERROR;
}
/* verify record type here as well */
switch (rh->type) {
case handshake:
@@ -9829,9 +9865,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
} else {
wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm);
}
if (!(x509->key.algor->algorithm =
wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
ret = PUBLIC_KEY_E;
if (!x509->key.algor) {
ret = MEMORY_E;
} else {
if (!(x509->key.algor->algorithm =
wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
ret = PUBLIC_KEY_E;
}
}
wolfSSL_EVP_PKEY_free(x509->key.pkey);
@@ -10553,6 +10593,198 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
args->dCert = NULL;
}
}
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* load certificate file which has the form <hash>.(r)N[0..N] */
/* in the folder. */
/* (r), in the case of CRL file */
/* @param store a pointer to X509_STORE structure */
/* @param issuer a pointer to X509_NAME that presents an issuer */
/* @param type X509_LU_X509 or X509_LU_CRL */
/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */
int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
{
const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */
int ret = WOLFSSL_SUCCESS;
WOLFSSL_X509_LOOKUP* lookup;
WOLFSSL_BY_DIR_entry* entry;
WOLFSSL_BY_DIR_HASH hash_tmp;
WOLFSSL_BY_DIR_HASH* ph = NULL;
WOLFSSL_X509* x509;
unsigned long hash = 0;
char* filename = NULL;
const char* post = "";
byte* pbuf = NULL;
int len, num, i, index;
byte suffix = 0;
int retHash = NOT_COMPILED_IN;
byte dgt[WC_MAX_DIGEST_SIZE];
WOLFSSL_ENTER("LoadCertByIssuer");
/* sanity check */
if (store == NULL || issuer == NULL || (type != X509_LU_X509 && type != X509_LU_CRL)) {
return WOLFSSL_FAILURE;
}
lookup = &store->lookup;
if (lookup->dirs == NULL || lookup->type != 1) {
return WOLFSSL_FAILURE;
}
len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
if (len > 0) {
#ifndef NO_SHA
retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
#endif
if (retHash == 0) {
/* 4 bytes in little endian as unsigned long */
hash = (((unsigned long)dgt[3] << 24) |
((unsigned long)dgt[2] << 16) |
((unsigned long)dgt[1] << 8) |
((unsigned long)dgt[0]));
} else {
WOLFSSL_MSG("failed hash operation");
return WOLFSSL_FAILURE;
}
wolfSSL_OPENSSL_free(pbuf);
}
/* try to load each hashed name file in path */
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (type == X509_LU_CRL) {
post = "r";
}
num = wolfSSL_sk_BY_DIR_entry_num(lookup->dirs->dir_entry);
for (i=0; i<num; i++) {
entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i);
if (type == X509_LU_CRL && entry->hashes != NULL &&
wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) {
/* lock the list */
if (wc_LockMutex(&lookup->dirs->lock) != 0) {
WOLFSSL_MSG("wc_LockMutex cdir Lock error");
return BAD_MUTEX_E;
}
hash_tmp.hash_value = hash;
index = wolfSSL_sk_BY_DIR_HASH_find(entry->hashes, &hash_tmp);
if (index >= 0) {
WOLFSSL_MSG("find hashed CRL in list");
ph = wolfSSL_sk_BY_DIR_HASH_value(entry->hashes, index);
suffix = ph->last_suffix;
} else {
ph = NULL;
suffix = 0;
}
wc_UnLockMutex(&lookup->dirs->lock);
}
/* Additional buffer length for file name memory allocation : */
/* / <hashvalue>.(r)N\0 */
/*|1| 8 |1|1|1|1| => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (filename == NULL) {
WOLFSSL_MSG("memory allocation error");
return MEMORY_E;
}
/* set as FAILURE, if successfuly loading cert of CRL, this becomes */
/* WOLFSSL_SUCCESS */
ret = WOLFSSL_FAILURE;
for (; suffix < MAX_SUFFIX; suffix++) {
/* /folder-path/<hash>.(r)N[0..9] */
XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
hash, post, suffix);
if(wc_FileExists(filename) == 0/*0 file exists */) {
if (type == X509_LU_X509) {
x509 = wolfSSL_X509_load_certificate_file(filename,
WOLFSSL_FILETYPE_PEM);
if (x509 != NULL) {
ret = wolfSSL_X509_STORE_add_cert(store, x509);
wolfSSL_X509_free(x509);
} else {
WOLFSSL_MSG("failed to load certificate\n");
ret = WOLFSSL_FAILURE;
break;
}
}
#ifdef HAVE_CRL
else if (type == X509_LU_CRL) {
ret = wolfSSL_X509_load_crl_file(&store->lookup, filename,
WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("failed to load CRL\n");
break;
}
}
#else
else if (type == X509_LU_CRL) {
WOLFSSL_MSG("CRL is not supported");
ret = WOLFSSL_FAILURE;
break;
}
#endif
} else
break;
}
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("not found file");
ret = WOLFSSL_FAILURE;
} else {
if (type == X509_LU_CRL) {
if (wc_LockMutex(&lookup->dirs->lock) != 0) {
WOLFSSL_MSG("wc_LockMutex cdir Lock error");
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
return BAD_MUTEX_E;
}
if (ph == NULL) {
ph = wolfSSL_BY_DIR_HASH_new();
if (ph == NULL) {
WOLFSSL_MSG("failed to allocate hash stack");
ret = WOLFSSL_FAILURE;
} else {
ph->hash_value = hash;
ph->last_suffix = suffix;
ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
}
}
wc_UnLockMutex(&lookup->dirs->lock);
}
}
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
#else
(void) type;
(void) ret;
(void) x509;
(void) filename;
(void) suffix;
(void) num;
(void) i;
ret = WOLFSSL_NOT_IMPLEMENTED;
#endif
WOLFSSL_LEAVE("LoadCertByIssuer", ret);
return ret;
}
#endif
static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
int certType, int verify, byte** pSubjectHash, int* pAlreadySigner)
@@ -11080,6 +11312,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
if (ssl->ctx->x509_store_pt != NULL) {
ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
} else {
ret = LoadCertByIssuer(&ssl->ctx->x509_store,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
}
if (ret == WOLFSSL_SUCCESS) {
FreeDecodedCert(args->dCert);
args->dCertInit = 0;
/* once again */
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
} else
ret = ASN_NO_SIGNER_E;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E)
goto exit_ppc;
@@ -11273,6 +11530,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
if (ssl->ctx->x509_store_pt != NULL) {
ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
} else {
ret = LoadCertByIssuer(&ssl->ctx->x509_store,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
}
if (ret == WOLFSSL_SUCCESS) {
FreeDecodedCert(args->dCert);
args->dCertInit = 0;
/* once again */
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
} else
ret = ASN_NO_SIGNER_E;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E)
goto exit_ppc;
@@ -13784,14 +14066,34 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
#ifdef CHACHA_AEAD_TEST
int i;
#endif
Keys* keys = &ssl->keys;
XMEMSET(tag, 0, sizeof(tag));
XMEMSET(nonce, 0, sizeof(nonce));
XMEMSET(poly, 0, sizeof(poly));
XMEMSET(add, 0, sizeof(add));
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
/*
* For epochs 2+:
* * use ssl->secure_renegotiation when encrypting the current epoch as it
* has the current epoch cipher material
* * use PREV_ORDER if encrypting the epoch not in
* ssl->secure_renegotiation
*/
/* opaque SEQ number stored for AD */
WriteSEQ(ssl, CUR_ORDER, add);
if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
if (ssl->keys.dtls_epoch ==
ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
keys = &ssl->secure_renegotiation->tmp_keys;
WriteSEQ(ssl, CUR_ORDER, add);
}
else
WriteSEQ(ssl, PREV_ORDER, add);
}
else
#endif
WriteSEQ(ssl, CUR_ORDER, add);
if (ssl->options.oldPoly != 0) {
/* get nonce. SEQ should not be incremented again here */
@@ -13830,7 +14132,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
if (ssl->options.oldPoly == 0) {
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
* record sequence number XORed with client_write_IV/server_write_IV */
XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
nonce[4] ^= add[0];
nonce[5] ^= add[1];
nonce[6] ^= add[2];
@@ -13938,6 +14240,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
int ret = 0;
int msgLen = (sz - ssl->specs.aead_mac_size);
Keys* keys = &ssl->keys;
#ifdef CHACHA_AEAD_TEST
int i;
@@ -13955,6 +14258,17 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
XMEMSET(nonce, 0, sizeof(nonce));
XMEMSET(add, 0, sizeof(add));
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
/*
* For epochs 2+:
* * use ssl->secure_renegotiation when decrypting the latest epoch as it
* has the latest epoch cipher material
*/
if (ssl->options.dtls && DtlsSCRKeysSet(ssl) &&
ssl->keys.curEpoch == ssl->secure_renegotiation->tmp_keys.dtls_epoch)
keys = &ssl->secure_renegotiation->tmp_keys;
#endif
/* sequence number field is 64-bits */
WriteSEQ(ssl, PEER_ORDER, add);
@@ -13984,7 +14298,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
if (ssl->options.oldPoly == 0) {
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
* record sequence number XORed with client_write_IV/server_write_IV */
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
nonce[4] ^= add[0];
nonce[5] ^= add[1];
nonce[6] ^= add[2];
@@ -15387,7 +15701,7 @@ int ProcessReply(WOLFSSL* ssl)
used = ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx;
if (used < ssl->curSize)
if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
if ((ret = GetInputData(ssl, ssl->curSize - used)) < 0)
return ret;
#endif /* WOLFSSL_DTLS */
}
@@ -15415,6 +15729,7 @@ int ProcessReply(WOLFSSL* ssl)
ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
&ssl->buffers.inputBuffer.idx,
&ssl->curRL, &ssl->curSize);
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
WOLFSSL_MSG("Silently dropping out of order DTLS message");
@@ -15902,6 +16217,12 @@ int ProcessReply(WOLFSSL* ssl)
#endif
#ifndef WOLFSSL_NO_TLS12
if (ssl->buffers.inputBuffer.idx >=
ssl->buffers.inputBuffer.length ||
ssl->curSize < 1) {
WOLFSSL_MSG("ChangeCipher msg too short");
return LENGTH_ERROR;
}
if (ssl->buffers.inputBuffer.buffer[
ssl->buffers.inputBuffer.idx] != 1) {
WOLFSSL_MSG("ChangeCipher msg wrong value");
@@ -21537,7 +21858,7 @@ exit_dpk:
ato16(input + *inOutIdx, &len);
*inOutIdx += OPAQUE16_LEN;
if ((*inOutIdx - begin) + len > size)
if ((len > size) || ((*inOutIdx - begin) + len > size))
return BUFFER_ERROR;
if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
@@ -31333,6 +31654,393 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
return maxFragment;
}
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* create an instance of WOLFSSL_BY_DIR_HASH structure */
WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void)
{
WOLFSSL_BY_DIR_HASH* dir_hash;
WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new");
dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL,
DYNAMIC_TYPE_OPENSSL);
if (dir_hash) {
XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH));
}
return dir_hash;
}
/* release a WOLFSSL_BY_DIR_HASH resource */
void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash)
{
if (dir_hash == NULL)
return;
XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL);
}
/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */
WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void)
{
WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null");
if (sk) {
sk->type = STACK_TYPE_BY_DIR_hash;
}
return sk;
}
/* returns value less than 0 on fail to match
* On a successful match the priority level found is returned
*/
int wolfSSL_sk_BY_DIR_HASH_find(
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind)
{
WOLFSSL_STACK* next;
int i, sz;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find");
if (sk == NULL || toFind == NULL) {
return WOLFSSL_FAILURE;
}
sz = wolfSSL_sk_BY_DIR_HASH_num(sk);
next = sk;
for (i = 0; i < sz && next != NULL; i++) {
if (next->data.dir_hash->hash_value == toFind->hash_value) {
return sz - i; /* reverse because stack pushed highest on first */
}
next = next->next;
}
return -1;
}
/* return a number of WOLFSSL_BY_DIR_HASH in stack */
int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
{
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
if (sk == NULL)
return -1;
return (int)sk->num;
}
/* return WOLFSSL_BY_DIR_HASH instance at i */
WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i)
{
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value");
for (; sk != NULL && i > 0; i--)
sk = sk->next;
if (i != 0 || sk == NULL)
return NULL;
return sk->data.dir_hash;
}
/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */
WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk)
{
WOLFSSL_STACK* node;
WOLFSSL_BY_DIR_HASH* hash;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop");
if (sk == NULL) {
return NULL;
}
node = sk->next;
hash = sk->data.dir_hash;
if (node != NULL) { /* update sk and remove node from stack */
sk->data.dir_hash = node->data.dir_hash;
sk->next = node->next;
wolfSSL_sk_free_node(node);
}
else { /* last x509 in stack */
sk->data.dir_hash = NULL;
}
if (sk->num > 0) {
sk->num -= 1;
}
return hash;
}
/* release all contents in stack, and then release stack itself. */
/* Second argument is a function pointer to release resouces. */
/* It calls the function to release resouces when t is passed */
/* instead of wolfSSL_BY_DIR_HASH_free(). */
void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk,
void (*f) (WOLFSSL_BY_DIR_HASH*))
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free");
if (sk == NULL) {
return;
}
/* parse through stack freeing each node */
node = sk->next;
while (node && sk->num > 1) {
WOLFSSL_STACK* tmp = node;
node = node->next;
if (f)
f(tmp->data.dir_hash);
else
wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash);
tmp->data.dir_hash = NULL;
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
sk->num -= 1;
}
/* free head of stack */
if (sk->num == 1) {
if (f)
f(sk->data.dir_hash);
else
wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash);
sk->data.dir_hash = NULL;
}
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
}
/* release all contents in stack, and then release stack itself */
void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
{
wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL);
}
/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and
* tries to free it when the stack is free'd.
*
* return 1 on success 0 on fail
*/
int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
WOLFSSL_BY_DIR_HASH* in)
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push");
if (sk == NULL || in == NULL) {
return WOLFSSL_FAILURE;
}
/* no previous values in stack */
if (sk->data.dir_hash == NULL) {
sk->data.dir_hash = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
/* stack already has value(s) create a new node and add more */
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
DYNAMIC_TYPE_OPENSSL);
if (node == NULL) {
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
/* push new obj onto head of stack */
node->data.dir_hash = sk->data.dir_hash;
node->next = sk->next;
node->type = sk->type;
sk->next = node;
sk->data.dir_hash = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
/* create an instance of WOLFSSL_BY_DIR_entry structure */
WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void)
{
WOLFSSL_BY_DIR_entry* entry;
WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new");
entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL,
DYNAMIC_TYPE_OPENSSL);
if (entry) {
XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry));
}
return entry;
}
/* release a WOLFSSL_BY_DIR_entry resource */
void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry)
{
WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free");
if (entry == NULL)
return;
if (entry->hashes) {
wolfSSL_sk_BY_DIR_HASH_free(entry->hashes);
}
if (entry->dir_name != NULL) {
XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
}
XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL);
}
WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void)
{
WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null");
if (sk) {
sk->type = STACK_TYPE_BY_DIR_entry;
}
return sk;
}
/* return a number of WOLFSSL_BY_DIR_entry in stack */
int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
{
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
if (sk == NULL)
return -1;
return (int)sk->num;
}
/* return WOLFSSL_BY_DIR_entry instance at i */
WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i)
{
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value");
for (; sk != NULL && i > 0; i--)
sk = sk->next;
if (i != 0 || sk == NULL)
return NULL;
return sk->data.dir_entry;
}
/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */
WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk)
{
WOLFSSL_STACK* node;
WOLFSSL_BY_DIR_entry* entry;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop");
if (sk == NULL) {
return NULL;
}
node = sk->next;
entry = sk->data.dir_entry;
if (node != NULL) { /* update sk and remove node from stack */
sk->data.dir_entry = node->data.dir_entry;
sk->next = node->next;
wolfSSL_sk_free_node(node);
}
else { /* last x509 in stack */
sk->data.dir_entry = NULL;
}
if (sk->num > 0) {
sk->num -= 1;
}
return entry;
}
/* release all contents in stack, and then release stack itself. */
/* Second argument is a function pointer to release resouces. */
/* It calls the function to release resouces when t is passed */
/* instead of wolfSSL_BY_DIR_entry_free(). */
void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
void (*f) (WOLFSSL_BY_DIR_entry*))
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free");
if (sk == NULL) {
return;
}
/* parse through stack freeing each node */
node = sk->next;
while (node && sk->num > 1) {
WOLFSSL_STACK* tmp = node;
node = node->next;
if (f)
f(tmp->data.dir_entry);
else
wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry);
tmp->data.dir_entry = NULL;
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
sk->num -= 1;
}
/* free head of stack */
if (sk->num == 1) {
if (f)
f(sk->data.dir_entry);
else
wolfSSL_BY_DIR_entry_free(sk->data.dir_entry);
sk->data.dir_entry = NULL;
}
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
}
/* release all contents in stack, and then release stack itself */
void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk)
{
wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL);
}
/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and
* tries to free it when the stack is free'd.
*
* return 1 on success 0 on fail
*/
int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
WOLFSSL_BY_DIR_entry* in)
{
WOLFSSL_STACK* node;
if (sk == NULL || in == NULL) {
return WOLFSSL_FAILURE;
}
/* no previous values in stack */
if (sk->data.dir_entry == NULL) {
sk->data.dir_entry = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
/* stack already has value(s) create a new node and add more */
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
DYNAMIC_TYPE_OPENSSL);
if (node == NULL) {
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
/* push new obj onto head of stack */
node->data.dir_entry = sk->data.dir_entry;
node->next = sk->next;
node->type = sk->type;
sk->next = node;
sk->data.dir_entry = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_ALL */
#undef ERROR_OUT
+8 -8
View File
@@ -3086,10 +3086,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning ENCRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
else {
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
#endif
wc_encrypt = &ssl->encrypt;
@@ -3099,10 +3099,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning DECRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
else {
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
#endif
wc_decrypt = &ssl->decrypt;
@@ -3112,17 +3112,17 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning ENCRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
else {
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
WOLFSSL_MSG("Provisioning DECRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
else {
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
#endif
wc_encrypt = &ssl->encrypt;
+27 -21
View File
@@ -610,7 +610,11 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
/* AddCA() frees the buffer. */
XMEMCPY(derCert->buffer, issuer->derCert->buffer,
issuer->derCert->length);
AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_CertManagerFree(cm);
return NULL;
}
}
certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
@@ -624,28 +628,30 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
if (certStatus)
XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL);
return NULL;
}
XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
XMEMSET(certStatus, 0, sizeof(CertStatus));
certId->status = certStatus;
certId->ownStatus = 1;
InitDecodedCert(&cert, subject->derCert->buffer,
subject->derCert->length, NULL);
if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
else {
XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
certId->status->serialSz = cert.serialSz;
if (certId != NULL) {
XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
XMEMSET(certStatus, 0, sizeof(CertStatus));
certId->status = certStatus;
certId->ownStatus = 1;
InitDecodedCert(&cert, subject->derCert->buffer,
subject->derCert->length, NULL);
if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
else {
XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
certId->status->serialSz = cert.serialSz;
}
FreeDecodedCert(&cert);
}
FreeDecodedCert(&cert);
wolfSSL_CertManagerFree(cm);
@@ -804,8 +810,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
resp->single->ownStatus = 1;
if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL;
}
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
+848 -159
View File
File diff suppressed because it is too large Load Diff
+15 -9
View File
@@ -2024,18 +2024,24 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
#ifndef NO_WOLFSSL_SERVER
if (!extension || !extension->data) {
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
/* This will keep SNI even though TLSX_UseSNI has not been called.
* Enable it so that the received sni is available to functions
* that use a custom callback when SNI is received.
*/
/* This will keep SNI even though TLSX_UseSNI has not been called.
* Enable it so that the received sni is available to functions
* that use a custom callback when SNI is received.
*/
#ifdef WOLFSSL_ALWAYS_KEEP_SNI
cacheOnly = 1;
#endif
if (ssl->ctx->sniRecvCb) {
cacheOnly = 1;
}
if (cacheOnly) {
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
#else
}
else {
/* Skipping, SNI not enabled at server side. */
return 0;
#endif
}
}
if (OPAQUE16_LEN > length)
@@ -2096,7 +2102,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
if(!cacheOnly)
if (!cacheOnly)
TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
}
else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
+4
View File
@@ -1485,6 +1485,7 @@ end:
#else
return (word32)(ktime_get_real_ns() / (ktime_t)1000000);
#endif
}
#elif defined(WOLFSSL_QNX_CAAM)
word32 TimeNowInMilliseconds(void)
{
@@ -4211,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
if (!usingPSK) {
/* Not using PSK so don't require no KE. */
ssl->options.noPskDheKe = 0;
#ifndef NO_CERTS
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
WOLFSSL_MSG("Client did not send a KeyShare extension");
+5
View File
@@ -800,6 +800,11 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
nfds = (int)sockfd + 1;
#endif
if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
WOLFSSL_MSG("socket fd out of FDSET range");
return -1;
}
FD_ZERO(&rfds);
FD_SET(sockfd, &rfds);
wfds = rfds;
+907 -85
View File
File diff suppressed because it is too large Load Diff
+29 -4
View File
@@ -2394,10 +2394,23 @@ static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz,
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, &times, numBlocks, &pending)) {
#ifndef BENCHMARK_AESGCM_STREAM
ret = wc_AesGcmEncrypt(&enc[i], bench_cipher,
bench_plain, BENCH_SIZE,
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
bench_additional, aesAuthAddSz);
#else
ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz);
if (ret == 0) {
ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher,
bench_plain, BENCH_SIZE, bench_additional,
aesAuthAddSz);
}
if (ret == 0) {
ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag,
AES_AUTH_TAG_SZ);
}
#endif
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, &times, &pending)) {
goto exit_aes_gcm;
}
@@ -2433,10 +2446,23 @@ exit_aes_gcm:
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, &times, numBlocks, &pending)) {
#ifndef BENCHMARK_AESGCM_STREAM
ret = wc_AesGcmDecrypt(&dec[i], bench_plain,
bench_cipher, BENCH_SIZE,
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
bench_additional, aesAuthAddSz);
#else
ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz);
if (ret == 0) {
ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain,
bench_cipher, BENCH_SIZE, bench_additional,
aesAuthAddSz);
}
if (ret == 0) {
ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag,
AES_AUTH_TAG_SZ);
}
#endif
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, &times, &pending)) {
goto exit_aes_gcm_dec;
}
@@ -4651,18 +4677,17 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
#ifndef WOLFSSL_RSA_VERIFY_ONLY
DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
#endif
#if !defined(WOLFSSL_MDK5_COMPLv5)
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
byte* enc[BENCH_MAX_PENDING];
#endif
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if !defined(WOLFSSL_MDK5_COMPLv5)
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
int idxout;
byte* out[BENCH_MAX_PENDING];
#endif
#else
@@ -6890,7 +6915,7 @@ static int string_matches(const char* arg, const char* str)
}
#endif /* MAIN_NO_ARGS */
#ifdef WOLFSSL_ESPIDF
#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
int wolf_benchmark_task( )
#elif defined(MAIN_NO_ARGS)
int main()
+1673 -19
View File
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+42 -5
View File
@@ -4214,7 +4214,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
seqSz += sz;
tmpIdx = 0;
seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr);
ret = SetShortInt(shr, &tmpIdx, itt, maxShr);
if (ret >= 0) {
seqSz += ret;
}
else {
return ret;
}
innerSz += seqSz + SetSequence(seqSz, seq);
totalSz += innerSz + SetSequence(innerSz, seq);
@@ -13048,11 +13054,11 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
* nameStr value to be encoded
* nameType type of encoding i.e CTC_UTF8
* type id of attribute i.e ASN_COMMON_NAME
*
* emailType type of email i.e CTC_UTF8
* returns length on success
*/
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
byte type)
static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameType,
byte type, byte emailType)
{
word32 idx = 0;
/* bottom up */
@@ -13127,11 +13133,12 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
case ASN_EMAIL_NAME:
{
const byte EMAIL_OID[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01
};
/* email joint id */
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
idx += (int)sizeof(EMAIL_OID);
name->encoded[idx++] = emailType;
break;
}
@@ -13172,6 +13179,36 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
return idx;
}
/* canonical encoding one attribute of the name (issuer/subject)
* call wc_EncodeName_ex with CTC_UTF8 for email type
*
* name structure to hold result of encoding
* nameStr value to be encoded
* nameType type of encoding i.e CTC_UTF8
* type id of attribute i.e ASN_COMMON_NAME
*
* returns length on success
*/
int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType,
byte type)
{
return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */);
}
/* Encodes one attribute of the name (issuer/subject)
* call we_EncodeName_ex with 0x16, IA5String for email type
* name structure to hold result of encoding
* nameStr value to be encoded
* nameType type of encoding i.e CTC_UTF8
* type id of attribute i.e ASN_COMMON_NAME
*
* returns length on success
*/
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
byte type)
{
return wc_EncodeName_ex(name, nameStr, nameType, type, ASN_IA5_STRING);
}
/* encode CertName into output, return total bytes written */
int SetName(byte* output, word32 outputSz, CertName* name)
{
+4 -2
View File
@@ -95,16 +95,18 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
XMEMSET(cmac, 0, sizeof(Cmac));
#ifdef WOLF_CRYPTO_CB
#ifdef WOLF_CRYPTO_CB
if (devId != INVALID_DEVID) {
cmac->devId = devId;
cmac->devCtx = NULL;
ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL,
type, unused);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
#endif
#endif
if (key == NULL)
return BAD_FUNC_ARG;
+4 -8
View File
@@ -2126,7 +2126,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz)
{
byte havePriv, havePub;
mp_int *keyPriv = NULL, *keyPub = NULL;
if (key == NULL) {
return BAD_FUNC_ARG;
@@ -2154,7 +2153,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
mp_clear(&key->priv);
havePriv = 0;
} else {
keyPriv = &key->priv;
WOLFSSL_MSG("DH Private Key Set");
}
}
@@ -2172,16 +2170,14 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) {
mp_clear(&key->pub);
havePub = 0;
if (havePriv) {
mp_clear(&key->priv);
havePriv = 0; /* set to 0 to error out with failed read pub */
}
} else {
keyPub = &key->pub;
WOLFSSL_MSG("DH Public Key Set");
}
}
/* Free Memory if error occurred */
if (havePriv == 0 && keyPriv != NULL)
mp_clear(keyPriv);
if (havePub == 0 && keyPub != NULL)
mp_clear(keyPub);
if (havePriv == 0 && havePub == 0) {
return MEMORY_E;
+9
View File
@@ -521,6 +521,15 @@ const char* wc_GetErrorString(int error)
case SAKKE_VERIFY_FAIL_E:
return "SAKKE derivation verification error";
case MISSING_IV:
return "Required IV not set";
case MISSING_KEY:
return "Required key not set";
case BAD_LENGTH_E:
return "Value of length parameter is invalid.";
default:
return "unknown error number";
+185 -22
View File
@@ -553,6 +553,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
#if defined(HAVE_AESGCM)
#ifndef WOLFSSL_AESGCM_STREAM
static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
const unsigned char *in, int inl) {
if (in && inl > 0) {
@@ -570,11 +571,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
return 0;
}
#endif /* WOLFSSL_AESGCM_STREAM */
static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
#ifndef WOLFSSL_AESGCM_STREAM
int ret = 0;
*outl = inl;
@@ -606,8 +609,42 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
return WOLFSSL_SUCCESS;
#else
int ret;
/* When out is NULL then this is AAD. */
if (out == NULL) {
if (ctx->enc) {
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
inl);
}
else {
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
inl);
}
}
/* When out is not NULL then this is plaintext/cipher text. */
else {
if (ctx->enc) {
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
0);
}
else {
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
0);
}
}
*outl = inl;
if (ret == 0) {
ret = WOLFSSL_SUCCESS;
}
else {
ret = WOLFSSL_FAILURE;
}
return ret;
#endif /* WOLFSSL_AESGCM_STREAM */
}
#endif
#endif /* HAVE_AESGCM */
/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
@@ -626,16 +663,16 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
*outl = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
switch (ctx->cipherType) {
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE:
/* if out == NULL, in/inl contains the additional authenticated data for GCM */
return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
default:
/* fall-through */
break;
}
switch (ctx->cipherType) {
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE:
/* if out == NULL, in/inl contains the additional authenticated data * for GCM */
return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
default:
/* fall-through */
break;
}
#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
if (out == NULL) {
@@ -770,6 +807,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE:
#ifndef WOLFSSL_AESGCM_STREAM
if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0)
|| (ctx->gcmBufferLen == 0)) {
if (ctx->enc)
@@ -799,6 +837,24 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
else {
*outl = 0;
}
#else
/* No data to return - all handled in Update. */
*outl = 0;
if (ctx->enc) {
ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag,
ctx->authTagSz);
}
else {
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
ctx->authTagSz);
}
if (ret == 0) {
ret = WOLFSSL_SUCCESS;
}
else {
ret = WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_AESGCM_STREAM */
/* Clear IV, since IV reuse is not recommended for AES GCM. */
XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
break;
@@ -2172,7 +2228,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
int nid;
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
if (ctxmd == NULL) break;
nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, pkey->rsa);
@@ -2248,7 +2307,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
int nid;
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
if (ctxmd == NULL) break;
nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break;
return wolfSSL_RSA_verify(nid, md, mdsize, sig,
(unsigned int)siglen, pkey->rsa);
@@ -2624,7 +2686,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
unsigned int sigSz;
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
int nid;
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
if (md == NULL)
break;
nid = wolfSSL_EVP_MD_type(md);
if (nid < 0)
break;
ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
@@ -2717,7 +2783,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (ctx->pctx->pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
int nid;
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
if (md == NULL)
return WOLFSSL_FAILURE;
nid = wolfSSL_EVP_MD_type(md);
if (nid < 0)
return WOLFSSL_FAILURE;
return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,
@@ -4089,10 +4159,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
WOLFSSL_MSG("Key or IV not set");
break;
}
if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) {
if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv,
ctx->ivSz)) != 0) {
WOLFSSL_MSG("wc_AesGcmSetIV failed");
ret = WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_AESGCM_STREAM
/* Initialize using IV cached in Aes object. */
if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, NULL, 0) != 0) {
WOLFSSL_MSG("wc_AesGcmInit failed");
ret = WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_AESGCM_STREAM */
/* OpenSSL increments the IV. Not sure why */
IncCtr(ctx->iv, ctx->ivSz);
break;
@@ -4389,14 +4467,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_AESGCM_STREAM
/* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes, key,
(key == NULL) ? 0 : ctx->keyLen, iv,
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4414,14 +4503,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_AESGCM_STREAM
/* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes, key,
(key == NULL) ? 0 : ctx->keyLen, iv,
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4439,14 +4539,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_AESGCM_STREAM
/* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes,
key, (key == NULL) ? 0 : ctx->keyLen,
iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4498,7 +4609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION, 1);
if (ret != 0)
return WOLFSSL_FAILURE;
@@ -4526,7 +4637,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION, 1);
if (ret != 0)
return WOLFSSL_FAILURE;
@@ -4552,7 +4663,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
}
if (ret != 0)
@@ -5278,6 +5389,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
case AES_192_GCM_TYPE :
case AES_256_GCM_TYPE :
WOLFSSL_MSG("AES GCM");
#ifndef WOLFSSL_AESGCM_STREAM
if (!dst) {
ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
}
@@ -5291,6 +5403,50 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz);
}
#else
/* Do one shot operation with streaming API as other
* initialization set up for streaming. */
ret = wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, ctx->iv,
ctx->ivSz);
/* No destination means only AAD. */
if ((ret == 0) && (dst == NULL)) {
if (ctx->enc) {
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL,
NULL, 0, src, len);
}
else {
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL,
NULL, 0, src, len);
}
}
/* Only plaintext/cipher text. */
else if (ret == 0) {
if (ctx->enc) {
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src,
len, NULL, 0);
}
else {
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src,
len, NULL, 0);
if (ret == 0) {
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
ctx->authTag, ctx->authTagSz);
}
}
}
if (ret == 0) {
if (ctx->enc) {
/* Calculate authentication tag. */
ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes,
ctx->authTag, ctx->authTagSz);
}
else {
/* Calculate authentication tag and compare. */
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
ctx->authTag, ctx->authTagSz);
}
}
#endif /* WOLFSSL_AESGCM_STREAM */
if (ret == 0)
ret = len;
break;
@@ -6726,17 +6882,24 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
pkey->heap = heap;
pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
/* init of mutex needs to come before wolfSSL_EVP_PKEY_free */
ret = wc_InitMutex(&pkey->refMutex);
if (ret != 0){
XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
WOLFSSL_MSG("Issue initializing mutex");
return NULL;
}
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID);
#else
ret = wc_InitRng(&pkey->rng);
#endif
pkey->references = 1;
wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before
* wolfSSL_EVP_PKEY_free */
if (ret != 0){
wolfSSL_EVP_PKEY_free(pkey);
WOLFSSL_MSG("memory failure");
WOLFSSL_MSG("Issue initializing RNG");
return NULL;
}
}
+15 -11
View File
@@ -200,62 +200,66 @@ int wc_HmacSizeByType(int type)
int _InitHmac(Hmac* hmac, int type, void* heap)
{
int ret = 0;
#ifdef WOLF_CRYPTO_CB
int devId = hmac->devId;
#else
int devId = INVALID_DEVID;
#endif
switch (type) {
#ifndef NO_MD5
case WC_MD5:
ret = wc_InitMd5(&hmac->hash.md5);
ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
ret = wc_InitSha(&hmac->hash.sha);
ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
ret = wc_InitSha224(&hmac->hash.sha224);
ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224:
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case WC_SHA3_256:
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case WC_SHA3_384:
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case WC_SHA3_512:
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId);
break;
#endif
#endif
+7 -10
View File
@@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL;
}
if (mp_isone(P)) {
mp_set(Y, 0);
return MP_OKAY;
return mp_set(Y, 0);
}
if (mp_iszero(X)) {
mp_set(Y, 1);
return MP_OKAY;
return mp_set(Y, 1);
}
if (mp_iszero(G)) {
mp_set(Y, 0);
return MP_OKAY;
return mp_set(Y, 0);
}
/* if exponent X is negative we have to recurse */
@@ -1449,10 +1446,10 @@ int mp_set (mp_int * a, mp_digit b)
/* check if a bit is set */
int mp_is_bit_set (mp_int *a, mp_digit b)
{
int i = (int)(b / DIGIT_BIT); /* word index */
int s = b % DIGIT_BIT; /* bit index */
mp_digit i = b / DIGIT_BIT; /* word index */
mp_digit s = b % DIGIT_BIT; /* bit index */
if (a->used <= i) {
if ((mp_digit)a->used <= i) {
/* no words avaialable at that bit count */
return 0;
}
@@ -2415,7 +2412,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
}
/* swap res with Y */
mp_copy(res, Y);
err = mp_copy(res, Y);
LBL_RES:mp_clear (res);
LBL_M:
+10 -1
View File
@@ -755,7 +755,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
outerSz += mac->saltSz;
/* MAC iterations */
outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
if (ret >= 0) {
outerSz += ret;
ret = 0;
}
else {
return ret;
}
/* sequence of inner data */
outerSz += SetSequence(innerSz, seq);
@@ -1817,6 +1824,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx);
if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){
WOLFSSL_MSG("Buffer not large enough for DATA OID");
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
@@ -1824,6 +1832,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
/* copy over encrypted data */
if (idx + encSz > *outSz){
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
XMEMCPY(out + idx, tmp, encSz);
+11 -1
View File
@@ -5077,6 +5077,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg;
/* check if using internal stream buffer and should adjust sz */
if (pkiMsg != in && pkcs7->stream->length > 0) {
pkiMsg2Sz = pkcs7->stream->length;
}
}
/* restore content type */
@@ -5136,7 +5141,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
}
}
else {
/* last state expect the reset of the buffer */
/* last state expect the rest of the buffer */
pkcs7->stream->expected = (pkcs7->stream->maxLen -
pkcs7->stream->totalRd) + pkcs7->stream->length;
}
@@ -5155,6 +5160,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg;
/* check if using internal stream buffer and should adjust sz */
if (pkiMsg != in && pkcs7->stream->length > 0) {
pkiMsg2Sz = pkcs7->stream->length;
}
}
/* restore content */
+2 -2
View File
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifndef __aarch64__
.text
.align 2
@@ -6008,7 +6008,7 @@ fe_ge_sub:
pop {r4, r5, r6, r7, r8, r9, r10, r11, pc}
.size fe_ge_sub,.-fe_ge_sub
#endif /* !__aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
+2 -2
View File
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifndef __aarch64__
#include <stdint.h>
#ifdef HAVE_CONFIG_H
@@ -5573,4 +5573,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
}
#endif /* !__aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
+2 -2
View File
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifndef __aarch64__
#ifdef WOLFSSL_ARMASM_NO_NEON
.text
@@ -5331,7 +5331,7 @@ L_sha512_len_neon_start:
.size Transform_Sha512_Len,.-Transform_Sha512_Len
#endif /* !WOLFSSL_ARMASM_NO_NEON */
#endif /* !__aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
+2 -2
View File
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifndef __aarch64__
#include <stdint.h>
#ifdef HAVE_CONFIG_H
@@ -4776,4 +4776,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
#endif /* !WOLFSSL_ARMASM_NO_NEON */
#endif /* !__aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
+2 -2
View File
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifdef __aarch64__
#ifndef __APPLE__
.text
@@ -7472,7 +7472,7 @@ _fe_ge_sub:
.size fe_ge_sub,.-fe_ge_sub
#endif /* __APPLE__ */
#endif /* __aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
+2 -2
View File
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifdef __aarch64__
#include <wolfssl/wolfcrypt/fe_operations.h>
@@ -7217,4 +7217,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
}
#endif /* __aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
+396 -364
View File
@@ -96,6 +96,188 @@ static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
#ifdef __aarch64__
/* First block is in sha256->buffer and rest in data. */
static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
word32 numBlocks)
{
word32* k = (word32*)K;
__asm__ volatile (
"#load leftover data\n"
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
"#load current digest\n"
"LD1 {v12.2d-v13.2d}, %[digest] \n"
"MOV w8, %w[blocks] \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"#load K values in \n"
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
"MOV v15.16b, v13.16b \n"
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
/* beginning of SHA256 block operation */
"1:\n"
/* Round 1 */
"MOV v4.16b, v0.16b \n"
"ADD v0.4s, v0.4s, v16.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 2 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v17.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 3 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v18.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 4 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v19.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 5 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v20.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 6 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v21.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 7 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v22.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 8 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v23.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 9 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v24.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 10 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v25.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 11 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v26.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 12 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v27.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 13 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v28.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 14 */
"ADD v0.4s, v1.4s, v29.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 15 */
"ADD v0.4s, v2.4s, v30.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 16 */
"ADD v0.4s, v3.4s, v31.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"#Add working vars back into digest state \n"
"SUB w8, w8, #1 \n"
"ADD v12.4s, v12.4s, v14.4s \n"
"ADD v13.4s, v13.4s, v15.4s \n"
"#check if more blocks should be done\n"
"CBZ w8, 2f \n"
"#load in message and schedule updates \n"
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
"MOV v14.16b, v12.16b \n"
"MOV v15.16b, v13.16b \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"B 1b \n" /* do another block */
"2:\n"
"STP q12, q13, %[out] \n"
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
"=r" (data), "=r" (k)
: [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
[blocks] "2" (numBlocks), [dataIn] "3" (data)
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
"v15", "v16", "v17", "v18", "v19", "v20", "v21",
"v22", "v23", "v24", "v25", "v26", "v27", "v28",
"v29", "v30", "v31", "w8"
);
}
/* ARMv8 hardware acceleration */
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
{
@@ -115,184 +297,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
if (numBlocks > 0) {
word32* k = (word32*)K;
/* get leftover amount after blocks */
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
__asm__ volatile (
"#load leftover data\n"
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
"#load current digest\n"
"LD1 {v12.2d-v13.2d}, %[digest] \n"
"MOV w8, %w[blocks] \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"#load K values in \n"
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
"MOV v15.16b, v13.16b \n"
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
/* beginning of SHA256 block operation */
"1:\n"
/* Round 1 */
"MOV v4.16b, v0.16b \n"
"ADD v0.4s, v0.4s, v16.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 2 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v17.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 3 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v18.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 4 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v19.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 5 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v20.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 6 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v21.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 7 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v22.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 8 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v23.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 9 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v24.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 10 */
"SHA256SU0 v4.4s, v1.4s \n"
"ADD v0.4s, v1.4s, v25.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 11 */
"SHA256SU0 v1.4s, v2.4s \n"
"ADD v0.4s, v2.4s, v26.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 12 */
"SHA256SU0 v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v27.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 13 */
"SHA256SU0 v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v28.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 14 */
"ADD v0.4s, v1.4s, v29.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 15 */
"ADD v0.4s, v2.4s, v30.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Round 16 */
"ADD v0.4s, v3.4s, v31.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"#Add working vars back into digest state \n"
"SUB w8, w8, #1 \n"
"ADD v12.4s, v12.4s, v14.4s \n"
"ADD v13.4s, v13.4s, v15.4s \n"
"#check if more blocks should be done\n"
"CBZ w8, 2f \n"
"#load in message and schedule updates \n"
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
"MOV v14.16b, v12.16b \n"
"MOV v15.16b, v13.16b \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"B 1b \n" /* do another block */
"2:\n"
"STP q12, q13, %[out] \n"
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
"=r" (data), "=r" (k)
: [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
[blocks] "2" (numBlocks), [dataIn] "3" (data)
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
"v15", "v16", "v17", "v18", "v19", "v20", "v21",
"v22", "v23", "v24", "v25", "v26", "v27", "v28",
"v29", "v30", "v31", "w8"
);
Sha256Transform(sha256, data, numBlocks);
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
@@ -658,6 +666,202 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
#else /* not using 64 bit */
static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
word32 numBlocks)
{
word32* bufPt = sha256->buffer;
word32* digPt = sha256->digest;
__asm__ volatile (
"#load leftover data\n"
"VLDM %[buffer]!, {q0-q3} \n"
"#load current digest\n"
"VLDM %[digest], {q12-q13} \n"
"MOV r8, %[blocks] \n"
"VREV32.8 q0, q0 \n"
"VREV32.8 q1, q1 \n"
"VREV32.8 q2, q2 \n"
"VREV32.8 q3, q3 \n"
"VLDM %[k]! ,{q5-q8} \n"
"VLDM %[k]! ,{q9}\n"
"VMOV.32 q14, q12 \n" /* store digest for add at the end */
"VMOV.32 q15, q13 \n"
/* beginning of SHA256 block operation */
"1:\n"
/* Round 1 */
"VMOV.32 q4, q0 \n"
"VADD.i32 q0, q0, q5 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 2 */
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q6 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 3 */
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q7 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 4 */
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q8 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 5 */
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q9 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 6 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 7 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 8 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 9 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 10 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 11 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 12 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 13 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 14 */
"VLD1.32 {q10}, [%[k]]! \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 15 */
"VLD1.32 {q10}, [%[k]]! \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 16 */
"VLD1.32 {q10}, [%[k]] \n"
"SUB r8, r8, #1 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
"#Add working vars back into digest state \n"
"VADD.i32 q12, q12, q14 \n"
"VADD.i32 q13, q13, q15 \n"
"#check if more blocks should be done\n"
"CMP r8, #0 \n"
"BEQ 2f \n"
"#load in message and schedule updates \n"
"VLD1.32 {q0}, [%[dataIn]]! \n"
"VLD1.32 {q1}, [%[dataIn]]! \n"
"VLD1.32 {q2}, [%[dataIn]]! \n"
"VLD1.32 {q3}, [%[dataIn]]! \n"
/* reset K pointer */
"SUB %[k], %[k], #160 \n"
"VREV32.8 q0, q0 \n"
"VREV32.8 q1, q1 \n"
"VREV32.8 q2, q2 \n"
"VREV32.8 q3, q3 \n"
"VMOV.32 q14, q12 \n"
"VMOV.32 q15, q13 \n"
"B 1b \n" /* do another block */
"2:\n"
"VST1.32 {q12, q13}, [%[out]] \n"
: [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
"=r" (data)
: [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
[blocks] "2" (numBlocks), [dataIn] "3" (data)
: "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
"q8", "q9", "q10", "q11", "q12", "q13", "q14",
"q15", "r8"
);
}
/* ARMv8 hardware acceleration Aarch32 */
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
{
@@ -677,198 +881,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
if (numBlocks > 0) {
word32* bufPt = sha256->buffer;
word32* digPt = sha256->digest;
/* get leftover amount after blocks */
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
__asm__ volatile (
"#load leftover data\n"
"VLDM %[buffer]!, {q0-q3} \n"
"#load current digest\n"
"VLDM %[digest], {q12-q13} \n"
"MOV r8, %[blocks] \n"
"VREV32.8 q0, q0 \n"
"VREV32.8 q1, q1 \n"
"VREV32.8 q2, q2 \n"
"VREV32.8 q3, q3 \n"
"VLDM %[k]! ,{q5-q8} \n"
"VLDM %[k]! ,{q9}\n"
"VMOV.32 q14, q12 \n" /* store digest for add at the end */
"VMOV.32 q15, q13 \n"
/* beginning of SHA256 block operation */
"1:\n"
/* Round 1 */
"VMOV.32 q4, q0 \n"
"VADD.i32 q0, q0, q5 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 2 */
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q6 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 3 */
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q7 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 4 */
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q8 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 5 */
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q9 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 6 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 7 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 8 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 9 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 10 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q4, q1 \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q4, q2, q3 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 11 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q1, q2 \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q1, q3, q4 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 12 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q2, q3 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q2, q4, q1 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 13 */
"VLD1.32 {q10}, [%[k]]! \n"
"SHA256SU0.32 q3, q4 \n"
"VADD.i32 q0, q4, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256SU1.32 q3, q1, q2 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 14 */
"VLD1.32 {q10}, [%[k]]! \n"
"VADD.i32 q0, q1, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 15 */
"VLD1.32 {q10}, [%[k]]! \n"
"VADD.i32 q0, q2, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
/* Round 16 */
"VLD1.32 {q10}, [%[k]] \n"
"SUB r8, r8, #1 \n"
"VADD.i32 q0, q3, q10 \n"
"VMOV.32 q11, q12 \n"
"SHA256H.32 q12, q13, q0 \n"
"SHA256H2.32 q13, q11, q0 \n"
"#Add working vars back into digest state \n"
"VADD.i32 q12, q12, q14 \n"
"VADD.i32 q13, q13, q15 \n"
"#check if more blocks should be done\n"
"CMP r8, #0 \n"
"BEQ 2f \n"
"#load in message and schedule updates \n"
"VLD1.32 {q0}, [%[dataIn]]! \n"
"VLD1.32 {q1}, [%[dataIn]]! \n"
"VLD1.32 {q2}, [%[dataIn]]! \n"
"VLD1.32 {q3}, [%[dataIn]]! \n"
/* reset K pointer */
"SUB %[k], %[k], #160 \n"
"VREV32.8 q0, q0 \n"
"VREV32.8 q1, q1 \n"
"VREV32.8 q2, q2 \n"
"VREV32.8 q3, q3 \n"
"VMOV.32 q14, q12 \n"
"VMOV.32 q15, q13 \n"
"B 1b \n" /* do another block */
"2:\n"
"VST1.32 {q12, q13}, [%[out]] \n"
: [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
"=r" (data)
: [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
[blocks] "2" (numBlocks), [dataIn] "3" (data)
: "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
"q8", "q9", "q10", "q11", "q12", "q13", "q14",
"q15", "r8"
);
Sha256Transform(sha256, data, numBlocks);
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
@@ -1401,6 +1417,22 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
return ret;
}
#ifdef OPENSSL_EXTRA
int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
{
if (sha256 == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE);
#else
XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
#endif
Sha256Transform(sha256, data, 1);
return 0;
}
#endif
#endif /* !NO_SHA256 */
+2 -2
View File
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifdef __aarch64__
#ifndef __APPLE__
.text
@@ -1093,7 +1093,7 @@ L_sha512_len_neon_start:
.size Transform_Sha512_Len,.-Transform_Sha512_Len
#endif /* __APPLE__ */
#endif /* __aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
+2 -2
View File
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c
*/
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifdef __aarch64__
#include <wolfssl/wolfcrypt/sha512.h>
@@ -1050,4 +1050,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
}
#endif /* __aarch64__ */
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
+11
View File
@@ -483,6 +483,17 @@ void wc_Sha512Free(wc_Sha512* sha512)
#endif
}
#ifdef OPENSSL_EXTRA
int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
{
if (sha512 == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
Transform_Sha512_Len(sha512, data, WC_SHA512_BLOCK_SIZE);
return 0;
}
#endif
#endif /* WOLFSSL_SHA512 */
/* -------------------------------------------------------------------------- */
+24 -29
View File
@@ -335,13 +335,10 @@ static Error caamCreatePartition(unsigned int page, unsigned int par,
}
/* return a mapped address to the partition on success, returns 0 on fail */
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
unsigned int flag)
/* return a partitions physical address on success, returns 0 on fail */
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag)
{
int err;
CAAM_ADDRESS vaddr;
unsigned int local;
(void)flag; /* flag is for future changes to flag passed when creating */
@@ -353,13 +350,7 @@ CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
return 0;
}
/* map secure partition to virtual address */
local = (CAAM_PAGE + (part << 12));
vaddr = CAAM_ADR_TO_VIRTUAL(local, partSz);
if (phys != NULL) {
*phys = local;
}
return vaddr;
return (CAAM_ADDRESS)(CAAM_PAGE + (part << 12));
}
@@ -839,11 +830,19 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
}
#endif
CAAM_ADR_UNMAP(vaddr[0], desc->buf[1].data, desc->buf[1].dataSz, 1);
CAAM_ADR_UNMAP(vaddr[1], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
for (vidx = 2, i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0);
vidx = 0;
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[1].data, desc->buf[1].dataSz, 1);
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
if (sz == 2) {
CAAM_ADR_UNMAP(vaddr[vidx], 0, 0, 0);
}
else {
for (i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data,
desc->buf[i].dataSz, 0);
}
}
return err;
}
@@ -888,8 +887,7 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4])
/* map secure partition to virtual address */
phys = (CAAM_PAGE + (part << 12));
buf[0].TheAddress = CAAM_ADR_TO_VIRTUAL(phys,
buf[0].Length + buf[1].Length + BLACK_KEY_MAC_SZ);
buf[0].TheAddress = phys;
desc->desc[desc->idx++] = phys;
/* public x,y out */
@@ -979,8 +977,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz,
vidx = vidx + 1;
}
else {
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
desc->buf[i].dataSz);
desc->desc[desc->idx++] = desc->buf[i].data;
}
i = i + 1;
@@ -1089,8 +1086,7 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
desc->buf[i].dataSz);
desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1162,9 +1158,9 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
void* vaddr[sz];
if (args != NULL) {
isBlackKey = args[0];
isBlackKey = args[0];
peerBlackKey = args[1];
pdECDSEL = args[2];
pdECDSEL = args[2];
}
if (pdECDSEL == 0) {
@@ -1193,8 +1189,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
desc->buf[i].dataSz);
desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1216,8 +1211,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
desc->buf[i].dataSz);
desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1507,9 +1501,10 @@ int InitCAAM(void)
}
int caamJobRingFree()
int CleanupCAAM()
{
CAAM_FREE_MUTEX(&caam.ring.jr_lock);
CAAM_UNSET_BASEADDR();
caamFreeAllPart();
return 0;
}
+36 -12
View File
@@ -85,6 +85,11 @@ int CAAM_SET_BASEADDR()
}
/* cleans up having set the base address */
void CAAM_UNSET_BASEADDR()
{
munmap_device_io(virtual_base, 0x00010000);
}
/* convert a virtual address to a physical address
* returns the physical address on success
@@ -105,7 +110,7 @@ CAAM_ADDRESS CAAM_ADR_TO_PHYSICAL(void* in, int inSz)
if (ret != 0) {
WOLFSSL_MSG("posix offset failed");
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
perror("");
perror("posix offset failed : ");
#endif
}
msync(in, inSz, MS_INVALIDATE);
@@ -146,7 +151,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy)
if (vaddr == MAP_FAILED) {
WOLFSSL_MSG("Failed to map memory");
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
perror("");
perror("Failed to map memory : ");
#endif
}
else {
@@ -229,10 +234,8 @@ int CAAM_ADR_SYNC(void* vaddr, int sz)
*/
static int sanityCheckPartitionAddress(CAAM_ADDRESS partAddr, int partSz)
{
unsigned int phys;
phys = CAAM_ADR_TO_PHYSICAL((void*)partAddr, partSz);
if (phys < CAAM_PAGE || (phys + partSz) > CAAM_PAGE*7) {
if (partAddr < CAAM_PAGE || partAddr > CAAM_PAGE * MAX_PART ||
partSz > 4096) {
WOLFSSL_MSG("error in physical address range");
return -1;
}
@@ -924,7 +927,11 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg,
partNumber = args[0];
partSz = args[1];
partAddr = caamGetPartition(partNumber, partSz, NULL, 0);
partAddr = caamGetPartition(partNumber, partSz, 0);
if (partAddr == 0) {
return EBADMSG;
}
SETIOV(&out_iov, &partAddr, sizeof(CAAM_ADDRESS));
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
@@ -943,6 +950,7 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
{
int partSz, ret;
CAAM_ADDRESS partAddr;
CAAM_ADDRESS vaddr;
unsigned char *buf;
iov_t in_iov;
@@ -968,7 +976,14 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
return EBADMSG;
}
CAAM_ADR_UNMAP(buf, partAddr, partSz, 1);
vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
if (vaddr == 0) {
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
return ECANCELED;
}
CAAM_ADR_UNMAP(buf, vaddr, partSz, 1);
CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
return EOK;
}
@@ -981,6 +996,7 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
{
int partSz;
CAAM_ADDRESS partAddr;
CAAM_ADDRESS vaddr;
unsigned char *buf;
iov_t out_iov;
@@ -1002,10 +1018,18 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
if (buf == NULL) {
return ECANCELED;
}
memcpy(buf, (unsigned int*)partAddr, partSz);
vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
if (vaddr == 0) {
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
return ECANCELED;
}
memcpy(buf, (unsigned char*)vaddr, partSz);
SETIOV(&out_iov, buf, partSz);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
return EOK;
}
@@ -1249,14 +1273,14 @@ int main(int argc, char *argv[])
while (1) {
ctp = dispatch_block(ctp);
if (ctp == NULL) {
caamJobRingFree();
CleanupCAAM();
exit (1);
}
dispatch_handler (ctp);
}
pthread_mutex_destroy(&sm_mutex);
caamJobRingFree();
CleanupCAAM();
return 0;
}
+23 -19
View File
@@ -97,7 +97,6 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
word32 ecdsel = 0;
byte r[MAX_ECC_BYTES] = {0};
byte s[MAX_ECC_BYTES] = {0};
word32 outSz;
word32 idx = 0;
byte pk[MAX_ECC_BYTES] = {0};
@@ -127,16 +126,16 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
/* private key */
if (key->blackKey > 0) {
buf[idx].TheAddress = (CAAM_ADDRESS)key->blackKey;
buf[idx].Length = keySz;
args[0] = 1; /* is a black key */
}
else {
outSz = mp_unsigned_bin_size(&key->k);
mp_to_unsigned_bin(&key->k, pk);
if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) {
return MP_TO_E;
}
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
buf[idx].Length = outSz;
args[0] = 0; /* non black key */
}
buf[idx].Length = keySz;
idx++;
/* hash to sign */
@@ -195,7 +194,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
word32 args[4] = {0};
CAAM_BUFFER buf[9] = {0};
int ret;
int rSz, sSz;
int keySz;
word32 idx = 0;
word32 ecdsel = 0;
@@ -230,9 +229,8 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
}
/* Wx,y public key */
keySz = wc_ecc_size(key);
if (key->securePubKey > 0) {
int keySz = wc_ecc_size(key);
buf[idx].TheAddress = (CAAM_ADDRESS)key->securePubKey;
buf[idx].Length = keySz * 2;
args[0] = 1; /* using public key in secure memory */
@@ -251,18 +249,20 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
buf[idx].Length = hashlen;
idx++;
rSz = mp_unsigned_bin_size(r);
mp_to_unsigned_bin(r, rbuf);
if (mp_to_unsigned_bin_len(r, rbuf, keySz) != MP_OKAY) {
return MP_TO_E;
}
buf[idx].TheAddress = (CAAM_ADDRESS)rbuf;
buf[idx].Length = rSz;
buf[idx].Length = keySz;
idx++;
sSz = mp_unsigned_bin_size(s);
mp_to_unsigned_bin(s, sbuf);
if (mp_to_unsigned_bin_len(s, sbuf, keySz) != MP_OKAY) {
return MP_TO_E;
}
buf[idx].TheAddress = (CAAM_ADDRESS)sbuf;
buf[idx].Length = sSz;
buf[idx].Length = keySz;
idx++;
/* temporary scratch buffer, the manual calls for it and HW expects it */
@@ -313,7 +313,6 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
CAAM_BUFFER buf[9] = {0};
int ret, keySz;
word32 ecdsel = 0; /* ecc parameters in hardware */
word32 outSz;
word32 idx = 0;
byte pk[MAX_ECC_BYTES] = {0};
@@ -365,16 +364,21 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
/* private key */
if (private_key->blackKey > 0) {
buf[idx].TheAddress = (CAAM_ADDRESS)private_key->blackKey;
buf[idx].Length = keySz;
args[0] = 1; /* is a black key */
}
else {
outSz = mp_unsigned_bin_size(&private_key->k);
mp_to_unsigned_bin(&private_key->k, pk);
if (keySz > MAX_ECC_BYTES) {
return BUFFER_E;
}
if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) {
return MP_TO_E;
}
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
buf[idx].Length = outSz;
args[0] = 0; /* non black key */
}
buf[idx].Length = keySz;
idx++;
/* output shared secret */
+1
View File
@@ -495,6 +495,7 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
sha->heap = heap;
#ifdef WOLF_CRYPTO_CB
sha->devId = devId;
sha->devCtx = NULL;
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
+1
View File
@@ -399,6 +399,7 @@ static int InitSha256(wc_Sha256* sha256)
sha256->heap = heap;
#ifdef WOLF_CRYPTO_CB
sha256->devId = devId;
sha256->devCtx = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
+25 -17
View File
@@ -636,30 +636,38 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
* len Number of bytes in output.
* returns 0 on success.
*/
static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l)
static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
{
word32 rate = p * 8;
word32 j;
byte i;
byte *state = (byte *)sha3->s;
sha3->t[p * 8 - 1] = 0x00;
sha3->t[rate - 1] = 0x00;
#ifdef WOLFSSL_HASH_FLAGS
if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) {
if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256)
padChar = 0x01;
}
#endif
sha3->t[ sha3->i] = padChar;
sha3->t[p * 8 - 1] |= 0x80;
for (i=sha3->i + 1; i < p * 8 - 1; i++)
sha3->t[sha3->i ] = padChar;
sha3->t[rate - 1] |= 0x80;
for (i=sha3->i + 1; i < rate - 1; i++)
sha3->t[i] = 0;
for (i = 0; i < p; i++)
sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
BlockSha3(sha3->s);
#if defined(BIG_ENDIAN_ORDER)
ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8);
#endif
for (i = 0; i < l; i++)
hash[i] = state[i];
for (j = 0; l - j >= rate; j += rate) {
BlockSha3(sha3->s);
#if defined(BIG_ENDIAN_ORDER)
ByteReverseWords64((word64*)(hash + j), sha3->s, rate);
#else
XMEMCPY(hash + j, sha3->s, rate);
#endif
}
if (j != l) {
BlockSha3(sha3->s);
#if defined(BIG_ENDIAN_ORDER)
ByteReverseWords64(sha3->s, sha3->s, rate);
#endif
XMEMCPY(hash + j, sha3->s, l - j);
}
return 0;
}
@@ -763,7 +771,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
}
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = Sha3Final(sha3, 0x06, hash, p, len);
ret = Sha3Final(sha3, 0x06, hash, p, (word32)len);
if (ret != 0)
return ret;
@@ -1193,7 +1201,7 @@ int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
return BAD_FUNC_ARG;
}
ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, (byte)hashLen);
ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
if (ret != 0)
return ret;
+1508 -1760
View File
File diff suppressed because it is too large Load Diff
+1448 -1734
View File
File diff suppressed because it is too large Load Diff
+1508 -1760
View File
File diff suppressed because it is too large Load Diff
+2231 -2420
View File
File diff suppressed because it is too large Load Diff
+2228 -2411
View File
File diff suppressed because it is too large Load Diff
+1508 -1760
View File
File diff suppressed because it is too large Load Diff
+30 -9
View File
@@ -77,8 +77,11 @@ This library provides single precision (SP) integer math functions.
* called again until complete.
* WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular
* exponentation implementation.
* WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used.
* WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit
* pointer is not allowed.
* WOLFSSL_SP_NO_DYN_STACK Disable use of dynamic stack items.
* Used with small code size and not small stack.
*/
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
@@ -93,7 +96,7 @@ This library provides single precision (SP) integer math functions.
sp_int* n = NULL
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL)
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Declare a variable on the stack with the required data size. */
#define DECL_SP_INT(n, s) \
byte n##d[MP_INT_SIZEOF(s)]; \
@@ -163,7 +166,7 @@ This library provides single precision (SP) integer math functions.
sp_int* n[c] = { NULL, }
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL)
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Declare a variable on the stack with the required data size. */
#define DECL_SP_INT_ARRAY(n, s, c) \
byte n##d[MP_INT_SIZEOF(s) * (c)]; \
@@ -204,7 +207,7 @@ This library provides single precision (SP) integer math functions.
while (0)
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL)
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Data declared on stack that supports multiple sp_ints of the
* required size. Use pointers into data to make up array and set sizes.
*/
@@ -3107,25 +3110,33 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
{
int err = MP_OKAY;
/* Check validity of parameters. */
if ((a == NULL) || (r == NULL)) {
err = MP_VAL;
}
else
{
#ifndef WOLFSSL_SP_INT_NEGATIVE
/* Positive only so just use internal function. */
err = _sp_add_d(a, d, r);
#else
if (a->sign == MP_ZPOS) {
/* Positive so use interal function. */
r->sign = MP_ZPOS;
err = _sp_add_d(a, d, r);
}
else if ((a->used > 1) || (a->dp[0] > d)) {
/* Negative value bigger than digit so subtract digit. */
r->sign = MP_NEG;
_sp_sub_d(a, d, r);
}
else {
/* Negative value smaller or equal to digit. */
r->sign = MP_ZPOS;
/* Subtract negative value from digit. */
r->dp[0] = d - a->dp[0];
/* Result is a digit equal to or greater than zero. */
r->used = ((r->dp[0] == 0) ? 0 : 1);
}
#endif
}
@@ -3149,25 +3160,32 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
{
int err = MP_OKAY;
/* Check validity of parameters. */
if ((a == NULL) || (r == NULL)) {
err = MP_VAL;
}
else {
#ifndef WOLFSSL_SP_INT_NEGATIVE
/* Positive only so just use internal function. */
_sp_sub_d(a, d, r);
#else
if (a->sign == MP_NEG) {
/* Subtracting from negative use interal add. */
r->sign = MP_NEG;
err = _sp_add_d(a, d, r);
}
else if ((a->used > 1) || (a->dp[0] >= d)) {
/* Positive number greater than digit so add digit. */
r->sign = MP_ZPOS;
_sp_sub_d(a, d, r);
}
else {
/* Negative value smaller than digit. */
r->sign = MP_NEG;
/* Subtract positive value from digit. */
r->dp[0] = d - a->dp[0];
r->used = r->dp[0] > 0;
/* Result is a digit equal to or greater than zero. */
r->used = 1;
}
#endif
}
@@ -4752,7 +4770,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -4828,7 +4847,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used + b->used];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -4905,7 +4925,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used + b->used];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -9284,7 +9305,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL)
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -9393,7 +9414,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
defined(WOLFSSL_SP_SMALL)
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
+1546 -1806
View File
File diff suppressed because it is too large Load Diff
+8 -8
View File
@@ -40479,7 +40479,7 @@ L_256_mod_inv_4_uv_u:
shrd r10, r11, 1
shrd r11, r12, 1
shr r12, 1
test r8b, 1
test r9b, 1
jnz L_256_mod_inv_4_usubv_even_end
L_256_mod_inv_4_usubv_even_start:
shrd r9, r10, 1
@@ -40488,7 +40488,7 @@ L_256_mod_inv_4_usubv_even_start:
shr r12, 1
mov BYTE PTR [rsp+rsi], 0
inc rsi
test r8b, 1
test r9b, 1
jz L_256_mod_inv_4_usubv_even_start
L_256_mod_inv_4_usubv_even_end:
cmp r9, 1
@@ -40561,7 +40561,7 @@ L_256_mod_inv_4_op_b_sub_d:
adc r11, QWORD PTR [r8+16]
adc r12, QWORD PTR [r8+24]
L_256_mod_inv_4_op_div2_b:
test r8b, 1
test r9b, 1
mov rdx, 0
jz L_256_mod_inv_4_op_div2_b_mod
add r9, QWORD PTR [r8]
@@ -40896,19 +40896,19 @@ L_256_mod_inv_avx2_4_vsubu_sub_shr1:
vpextrd edi, xmm2, 0
vpextrd esi, xmm3, 0
L_256_mod_inv_avx2_4_store_done:
movslq rax, eax
movsxd rax, eax
shl r9, 26
add rax, r9
movslq r10, r10d
movsxd r10, r10d
shl r11, 26
add r10, r11
movslq r12, r12d
movsxd r12, r12d
shl r13, 26
add r12, r13
movslq r14, r14d
movsxd r14, r14d
shl r15, 26
add r14, r15
movslq rdi, edi
movsxd rdi, edi
shl rsi, 26
add rdi, rsi
mov r9, r10
+5 -4
View File
@@ -3581,7 +3581,8 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
#error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
#endif
#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER))
#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \
(defined(FP_32BIT) || defined(FP_64BIT))
#ifdef FP_32BIT
/* If we know the endianness of this architecture, and we're using
32-bit fp_digits, we can optimize this */
@@ -3589,7 +3590,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
unsigned char *pd = (unsigned char *)a->dp;
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
/* read the bytes in */
#ifdef BIG_ENDIAN_ORDER
{
/* Use Duff's device to unroll the loop. */
@@ -3604,6 +3604,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
}
#else
/* read the bytes in one at a time. */
for (c -= 1; c >= 0; c -= 1) {
pd[c] = *b++;
}
@@ -3616,7 +3617,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
unsigned char *pd = (unsigned char *)a->dp;
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
/* read the bytes in */
#ifdef BIG_ENDIAN_ORDER
{
/* Use Duff's device to unroll the loop. */
@@ -3635,6 +3635,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
}
#else
/* read the bytes in one at a time. */
for (c -= 1; c >= 0; c -= 1) {
pd[c] = *b++;
}
@@ -3642,7 +3643,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
#endif
#else
/* read the bytes in */
/* read the bytes in one at a time - unknown number of bits in digit */
for (; c > 0; c--) {
int err = fp_mul_2d (a, 8, a);
if (err != FP_OKAY) {
+99 -34
View File
@@ -386,7 +386,11 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
return BAD_PATH_ERROR;
}
XFSEEK(f, 0, XSEEK_END);
if (XFSEEK(f, 0, XSEEK_END) != 0) {
WOLFSSL_MSG("wc_LoadFile file seek error");
XFCLOSE(f);
return BAD_PATH_ERROR;
}
fileSz = XFTELL(f);
XREWIND(f);
if (fileSz > 0) {
@@ -415,6 +419,38 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
#if !defined(NO_WOLFSSL_DIR) && \
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
/* File Handling Helper */
/* returns 0 if file exists, WC_ISFILEEXIST_NOFILE if file doesn't exist */
int wc_FileExists(const char* fname)
{
struct ReadDirCtx ctx;
if (fname == NULL)
return 0;
if (XSTAT(fname, &ctx.s) != 0) {
WOLFSSL_MSG("stat on name failed");
return BAD_PATH_ERROR;
} else
#if defined(USE_WINDOWS_API)
if (XS_ISREG(ctx.s.st_mode)) {
return 0;
}
#elif defined(WOLFSSL_ZEPHYR)
if (XS_ISREG(ctx.s.type)) {
return 0;
}
#elif defined(WOLFSSL_TELIT_M2MB)
if (XS_ISREG(ctx.s.st_mode)) {
return 0;
}
#else
if (XS_ISREG(ctx.s.st_mode)) {
return 0;
}
#endif
return WC_ISFILEEXIST_NOFILE;
}
/* File Handling Helpers */
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
@@ -431,7 +467,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return BAD_FUNC_ARG;
}
XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
XMEMSET(ctx, 0, sizeof(ReadDirCtx));
pathLen = (int)XSTRLEN(path);
#ifdef USE_WINDOWS_API
@@ -464,6 +500,37 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return 0;
}
} while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
#elif defined(INTIME_RTOS)
if (pathLen > MAX_FILENAME_SZ - 3)
return BAD_PATH_ERROR;
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3);
XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen);
if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) {
WOLFSSL_MSG("FindFirstFile for path verify locations failed");
return BAD_PATH_ERROR;
}
do {
if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
return BAD_PATH_ERROR;
}
XSTRNCPY(ctx->name, path, pathLen + 1);
ctx->name[pathLen] = '\\';
XSTRNCPY(ctx->name + pathLen + 1,
ctx->FindFileData.cFileName,
MAX_FILENAME_SZ - pathLen - 1);
if (name)
*name = ctx->name;
return 0;
}
} while (FindNextRtFile(&ctx->FindFileData));
#elif defined(WOLFSSL_ZEPHYR)
if (fs_opendir(&ctx->dir, path) != 0) {
WOLFSSL_MSG("opendir path verify locations failed");
@@ -485,11 +552,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* of earlier check it is known that dnameLen is less than
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
if (fs_stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -517,12 +580,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
}
else if (ctx->s.st_mode & M2MB_S_IFREG) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -549,11 +607,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* of earlier check it is known that dnameLen is less than
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
if (stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (S_ISREG(ctx->s.st_mode)) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -600,6 +654,26 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
return 0;
}
}
#elif defined(INTIME_RTOS)
while (FindNextRtFile(&ctx->FindFileData)) {
if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
return BAD_PATH_ERROR;
}
XSTRNCPY(ctx->name, path, pathLen + 1);
ctx->name[pathLen] = '\\';
XSTRNCPY(ctx->name + pathLen + 1,
ctx->FindFileData.cFileName,
MAX_FILENAME_SZ - pathLen - 1);
if (name)
*name = ctx->name;
return 0;
}
}
#elif defined(WOLFSSL_ZEPHYR)
while ((fs_readdir(&ctx->dir, &ctx->entry)) != 0) {
dnameLen = (int)XSTRLEN(ctx->entry.name);
@@ -615,11 +689,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
if (fs_stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -641,12 +711,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
}
else if (ctx->s.st_mode & M2MB_S_IFREG) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -667,11 +732,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
if (stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (S_ISREG(ctx->s.st_mode)) {
if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -695,6 +756,10 @@ void wc_ReadDirClose(ReadDirCtx* ctx)
FindClose(ctx->hFind);
ctx->hFind = INVALID_HANDLE_VALUE;
}
#elif defined(INTIME_RTOS)
FindRtFileClose(&ctx->FindFileData);
#elif defined(WOLFSSL_ZEPHYR)
if (ctx->dirp) {
fs_closedir(ctx->dirp);
+177 -20
View File
@@ -19,7 +19,6 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@@ -3328,10 +3327,10 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
{
#ifndef WOLFSSL_NO_SHAKE256
wc_Shake sha;
byte hash[114];
byte hash[250];
testVector a, b, c;
testVector test_sha[3];
testVector a, b, c, d, e;
testVector test_sha[5];
int ret = 0;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
@@ -3356,7 +3355,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
"\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
a.inLen = XSTRLEN(a.input);
a.outLen = sizeof(hash);
a.outLen = 114;
b.input = "abc";
b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
@@ -3368,7 +3367,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
"\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
b.inLen = XSTRLEN(b.input);
b.outLen = sizeof(hash);
b.outLen = 114;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
@@ -3380,11 +3379,53 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
"\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
c.inLen = XSTRLEN(c.input);
c.outLen = sizeof(hash);
c.outLen = 114;
/* Taken from NIST CAVP test vectors - full rate output. */
d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
"\x85\xe0";
d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
"\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
"\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
"\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
"\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
"\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
"\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
"\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
"\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
"\xc2";
d.inLen = 32;
d.outLen = 136;
/* Taken from NIST CAVP test vectors - more than one output block. */
e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
"\x47\xe4";
e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
"\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
"\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
"\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
"\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
"\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
"\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
"\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
"\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
"\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
"\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
"\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
"\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
"\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
"\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
"\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
"\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
e.inLen = 32;
e.outLen = 250;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
test_sha[4] = e;
ret = wc_InitShake256(&sha, HEAP_HINT, devId);
if (ret != 0)
@@ -3417,7 +3458,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
if (ret != 0)
ERROR_OUT(-3105, exit);
if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
if (XMEMCMP(hash, large_digest, 114) != 0)
ERROR_OUT(-3106, exit);
} /* END LARGE HASH TEST */
@@ -10045,6 +10086,103 @@ WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
#endif /* HAVE_FIPS_VERSION >= 2 */
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
#ifdef WOLFSSL_AES_256
#ifdef WOLFSSL_AESGCM_STREAM
result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (result != 0)
ERROR_OUT(-6360, out);
result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
if (result != 0)
ERROR_OUT(-6361, out);
result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
if (result != 0)
ERROR_OUT(-6362, out);
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
ERROR_OUT(-6363, out);
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
ERROR_OUT(-6364, out);
#ifdef HAVE_AES_DECRYPT
result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (result != 0)
ERROR_OUT(-6370, out);
result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
if (result != 0)
ERROR_OUT(-6371, out);
result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
if (result != 0)
ERROR_OUT(-6372, out);
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
ERROR_OUT(-6373, out);
#endif
/* alen is the size to pass in with each update. */
for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (result != 0)
ERROR_OUT(-6380, out);
/* plen is the offset into AAD to update with. */
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
int len = sizeof(a) - plen;
if (len > alen) len = alen;
result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
if (result != 0)
ERROR_OUT(-6381, out);
}
/* plen is the offset into plaintext to update with. */
for (plen = 0; plen < (int)sizeof(p); plen += alen) {
int len = sizeof(p) - plen;
if (len > alen) len = alen;
result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
NULL, 0);
if (result != 0)
ERROR_OUT(-6382, out);
}
result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
if (result != 0)
ERROR_OUT(-6383, out);
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
ERROR_OUT(-6384, out);
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
ERROR_OUT(-6385, out);
}
#ifdef HAVE_AES_DECRYPT
for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (result != 0)
ERROR_OUT(-6390, out);
/* plen is the offset into AAD to update with. */
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
int len = sizeof(a) - plen;
if (len > alen) len = alen;
result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
if (result != 0)
ERROR_OUT(-6391, out);
}
/* plen is the offset into cipher text to update with. */
for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
int len = sizeof(c1) - plen;
if (len > alen) len = alen;
result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
NULL, 0);
if (result != 0)
ERROR_OUT(-6392, out);
}
result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
if (result != 0)
ERROR_OUT(-6393, out);
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
ERROR_OUT(-6394, out);
}
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AESGCM_STREAM */
#endif /* WOLFSSL_AES_256 */
#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
wc_AesFree(enc);
wc_AesFree(dec);
@@ -11763,6 +11901,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
#elif defined(WOLFSSL_uTKERNEL2)
#define CERT_PREFIX "/uda/"
#define CERT_PATH_SEP "/"
#elif defined(_WIN32_WCE)
#define CERT_PREFIX "\\windows\\"
#define CERT_PATH_SEP "\\"
#endif
#ifndef CERT_PREFIX
@@ -13604,8 +13745,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", -40);
err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
ERROR_OUT(-7801, exit_rsa_nopadding);
}
@@ -23151,7 +23291,7 @@ static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
);
count++;
/* TODO: Real-time work can be called here */
/* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#ifdef DEBUG_WOLFSSL
printf("ECC non-block verify: %d times\n", count);
@@ -23235,7 +23375,7 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
);
count++;
/* TODO: Real-time work can be called here */
/* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#ifdef DEBUG_WOLFSSL
@@ -23245,8 +23385,8 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
if (ret == 0) {
/* export r/s */
mp_to_unsigned_bin(&r, sig);
mp_to_unsigned_bin(&s, sig + curveSz);
mp_to_unsigned_bin_len(&r, sig, curveSz);
mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
}
mp_clear(&r);
@@ -27512,16 +27652,18 @@ int eccsi_test(void)
mp_int* ssk;
ecc_point* pvt;
priv = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10205;
}
pub = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10206;
}
ssk = XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -28636,16 +28778,19 @@ int sakke_test(void)
SakkeKey* key;
ecc_point* rsk = NULL;
priv = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10404;
}
pub = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10405;
}
key = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -28884,8 +29029,16 @@ WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
XMEMSET(tag, 0, sizeof(tag));
tagSz = AES_BLOCK_SIZE;
#if !defined(HAVE_FIPS) || \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
#else
if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
#endif
{
ERROR_OUT(-12000, out);
}
if (tc->partial) {
if (wc_CmacUpdate(cmac, tc->m,
tc->mSz/2 - tc->partial) != 0)
@@ -36687,6 +36840,10 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
ret = pbkdf2_test();
#endif
#endif
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
if (ret == 0)
ret = cmac_test();
#endif
/* reset devId */
devId = INVALID_DEVID;
+61
View File
@@ -1684,6 +1684,21 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
#endif
#endif
struct WOLFSSL_BY_DIR_HASH {
unsigned long hash_value;
int last_suffix;
};
struct WOLFSSL_BY_DIR_entry {
char* dir_name;
int dir_type;
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes;
};
struct WOLFSSL_BY_DIR {
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry;
wolfSSL_Mutex lock; /* dir list lock */
};
/* wolfSSL method type */
struct WOLFSSL_METHOD {
@@ -2066,6 +2081,11 @@ struct WOLFSSL_CERT_MANAGER {
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum allowed ECC key size */
#endif
#if defined(OPENSSL_EXTRA)
WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */
/* CTX has ownership and free this */
/* with CTX free. */
#endif
wolfSSL_Mutex refMutex; /* reference count mutex */
int refCount; /* reference count */
@@ -3691,6 +3711,8 @@ typedef struct Arrays {
#define STACK_TYPE_X509_NAME 9
#define STACK_TYPE_CONF_VALUE 10
#define STACK_TYPE_X509_INFO 11
#define STACK_TYPE_BY_DIR_entry 12
#define STACK_TYPE_BY_DIR_hash 13
struct WOLFSSL_STACK {
unsigned long num; /* number of nodes in stack
@@ -3716,6 +3738,8 @@ struct WOLFSSL_STACK {
void* generic;
char* string;
WOLFSSL_GENERAL_NAME* gn;
WOLFSSL_BY_DIR_entry* dir_entry;
WOLFSSL_BY_DIR_HASH* dir_hash;
} data;
void* heap; /* memory heap hint */
WOLFSSL_STACK* next;
@@ -4811,6 +4835,43 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store,
X509_NAME* issuer, int Type);
#endif
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void);
WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash);
WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void);
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find(
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind);
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i);
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk);
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
void (*f) (WOLFSSL_BY_DIR_HASH*));
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
WOLFSSL_BY_DIR_HASH* in);
/* WOLFSSL_BY_DIR_entry stuff */
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void);
WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry);
WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void);
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk);
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i);
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk);
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
void (*f) (WOLFSSL_BY_DIR_entry*));
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk);
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
WOLFSSL_BY_DIR_entry* in);
#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#ifdef __cplusplus
} /* extern "C" */
+3 -1
View File
@@ -4,5 +4,7 @@
#undef HAVE_OPENSSL_ENGINE_H
#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/
/* ENGINE_load_builtin_engines not needed, as all builtin engines are already
loaded into memory and used on startup. */
#define ENGINE_load_builtin_engines()
+2
View File
@@ -24,4 +24,6 @@
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/wolfcrypt/random.h>
typedef WOLFSSL_RAND_METHOD RAND_METHOD;
#define RAND_set_rand_method wolfSSL_RAND_set_rand_method
+1
View File
@@ -111,6 +111,7 @@ WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
unsigned char* out, WOLFSSL_RSA* rsa, int padding);
WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*);
+3 -1
View File
@@ -70,6 +70,8 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA_Init wolfSSL_SHA_Init
#define SHA_Update wolfSSL_SHA_Update
#define SHA_Final wolfSSL_SHA_Final
#define SHA_Transform wolfSSL_SHA_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
@@ -81,7 +83,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA1_Init wolfSSL_SHA1_Init
#define SHA1_Update wolfSSL_SHA1_Update
#define SHA1_Final wolfSSL_SHA1_Final
#define SHA1_Transform wolfSSL_SHA1_Transform
#ifdef WOLFSSL_SHA224
+1 -1
View File
@@ -806,7 +806,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define RSA_generate_key wolfSSL_RSA_generate_key
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
#define RSA_print wolfSSL_RSA_print
#define RSA_bits wolfSSL_RSA_size
#define RSA_bits wolfSSL_RSA_bits
#define RSA_up_ref wolfSSL_RSA_up_ref
#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS
#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS
+36 -4
View File
@@ -143,6 +143,10 @@ typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH;
typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry;
typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR;
/* redeclare guard */
#define WOLFSSL_TYPES_DEFINED
@@ -276,8 +280,6 @@ struct WOLFSSL_X509V3_CTX {
WOLFSSL_X509* x509;
};
struct WOLFSSL_ASN1_OBJECT {
void* heap;
const unsigned char* obj;
@@ -531,6 +533,8 @@ struct WOLFSSL_X509_LOOKUP_METHOD {
struct WOLFSSL_X509_LOOKUP {
WOLFSSL_X509_STORE *store;
int type;
WOLFSSL_BY_DIR* dirs;
};
struct WOLFSSL_X509_STORE {
@@ -639,6 +643,25 @@ struct WOLFSSL_X509_STORE_CTX {
typedef char* WOLFSSL_STRING;
typedef struct WOLFSSL_RAND_METHOD {
/* seed = Data to mix into the random generator.
* len = Number of bytes to mix from seed. */
int (*seed)(const void* seed, int len);
/* buf = Buffer to store random bytes in.
* len = Number of bytes to store in buf. */
int (*bytes)(unsigned char* buf, int len);
void (*cleanup)(void);
/* add = Data to mix into the random generator.
* len = Number of bytes to mix from add.
* entropy = Estimate of randomness contained in seed.
* Should be between 0 and len. */
int (*add)(const void* add, int len, double entropy);
/* buf = Buffer to store pseudorandom bytes in.
* len = Number of bytes to store in buf. */
int (*pseudorand)(unsigned char *buf, int len);
int (*status)(void);
} WOLFSSL_RAND_METHOD;
/* Valid Alert types from page 16/17
* Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
*/
@@ -1422,6 +1445,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
unsigned char** out);
WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
unsigned char** out);
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
unsigned char **in, long length);
#ifndef NO_RSA
@@ -1500,6 +1525,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
const void* data, int dataSz);
WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
const WOLFSSL_ASN1_STRING* src);
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
@@ -1591,6 +1618,8 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
const WOLFSSL_X509_VERIFY_PARAM* from);
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
#endif
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
@@ -3585,11 +3614,14 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_SECRET_CALLBACK)
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
@@ -3770,7 +3802,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void);
WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods);
WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
+6 -1
View File
@@ -349,6 +349,7 @@
#define cliEd448CertFile "certs/ed448/client-ed448.pem"
#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem"
#define caEd448CertFile "certs/ed448/ca-ed448.pem"
#define caCertFolder "certs/"
#ifdef HAVE_WNR
/* Whitewood netRandom default config file */
#define wnrConfig "wnr-example.conf"
@@ -382,6 +383,7 @@
#define cliEd448CertFile "./certs/ed448/client-ed448.pem"
#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem"
#define caEd448CertFile "./certs/ed448/ca-ed448.pem"
#define caCertFolder "./certs/"
#ifdef HAVE_WNR
/* Whitewood netRandom default config file */
#define wnrConfig "./wnr-example.conf"
@@ -4092,8 +4094,11 @@ static WC_INLINE word16 GetRandomPort(void)
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
{
int earlyData_status;
#ifdef OPENSSL_EXTRA
earlyData_status = SSL_get_early_data_status(ssl);
#else
earlyData_status = wolfSSL_get_early_data_status(ssl);
#endif
if (earlyData_status < 0) return;
printf("Early Data was ");
+35
View File
@@ -250,6 +250,21 @@ struct Aes {
silabs_aes_t ctx;
#endif
void* heap; /* memory hint to use */
#ifdef WOLFSSL_AESGCM_STREAM
#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
#else
byte* streamData;
#endif
word32 aSz;
word32 cSz;
byte over;
byte aOver;
byte cOver;
byte gcmKeySet:1;
byte nonceSet:1;
byte ctrSet:1;
#endif
};
#ifndef WC_AES_TYPE_DEFINED
@@ -361,6 +376,26 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#ifdef WOLFSSL_AESGCM_STREAM
WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len,
const byte* iv, word32 ivSz);
WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len,
const byte* iv, word32 ivSz);
WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len,
byte* ivOut, word32 ivOutSz);
WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in,
word32 sz, const byte* authIn, word32 authInSz);
WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag,
word32 authTagSz);
WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
const byte* iv, word32 ivSz);
WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
word32 sz, const byte* authIn, word32 authInSz);
WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
word32 authTagSz);
#endif
#ifndef WC_NO_RNG
WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
+2
View File
@@ -1173,6 +1173,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
+4 -1
View File
@@ -53,12 +53,15 @@ struct Cmac {
byte k2[AES_BLOCK_SIZE];
word32 bufferSz;
word32 totalSz;
#if defined(WOLF_CRYPTO_CB)
#ifdef WOLF_CRYPTO_CB
int devId;
void* devCtx;
#ifdef WOLFSSL_QNX_CAAM
byte ctx[32]; /* hold state for save and return */
word32 blackKey;
word32 keylen;
byte initialized;
#endif
#endif
};
+4 -1
View File
@@ -235,8 +235,11 @@ enum {
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */
MISSING_IV = -277, /* IV was not set */
MISSING_KEY = -278, /* Key was not set */
BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */
WC_LAST_E = -276, /* Update this to indicate last error */
WC_LAST_E = -279, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes
+14 -16
View File
@@ -271,6 +271,7 @@
unsigned int CAAM_READ(unsigned int reg);
void CAAM_WRITE(unsigned int reg, unsigned int in);
int CAAM_SET_BASEADDR(void);
void CAAM_UNSET_BASEADDR(void);
unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz);
void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy);
void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
@@ -278,20 +279,18 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
int CAAM_ADR_SYNC(void* vaddr, int sz);
CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int length);
#ifndef WOLFSSL_CAAM_BUFFER
#define WOLFSSL_CAAM_BUFFER
typedef struct CAAM_BUFFER {
int BufferType;
CAAM_ADDRESS TheAddress;
int Length;
} CAAM_BUFFER;
#endif
unsigned int caamReadRegister(unsigned int reg);
void caamWriteRegister(unsigned int reg, unsigned int in);
int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
int caamJobRingFree(void);
#ifndef WOLFSSL_CAAM_BUFFER
#define WOLFSSL_CAAM_BUFFER
typedef struct CAAM_BUFFER {
int BufferType;
CAAM_ADDRESS TheAddress;
int Length;
} CAAM_BUFFER;
#endif
unsigned int caamReadRegister(unsigned int reg);
void caamWriteRegister(unsigned int reg, unsigned int in);
int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
int CleanupCAAM(void);
/* Driver API that can be called by caam_<env>.c port layers */
@@ -309,8 +308,7 @@ int caamECDSAMake(DESCSTRUCT *desc, CAAM_BUFFER *buf, unsigned int args[4]);
int caamAesCmac(DESCSTRUCT *desc, int sz, unsigned int args[4]);
int caamBlob(DESCSTRUCT *desc);
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
unsigned int flag);
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag);
int caamFreePart(unsigned int part);
int caamFindUnusuedPartition(void);
+6 -2
View File
@@ -1240,7 +1240,8 @@ extern void uITRON4_free(void *p) ;
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
defined(WOLFSSL_STM32G0)
#define SIZEOF_LONG_LONG 8
#ifndef CHAR_BIT
@@ -1293,6 +1294,8 @@ extern void uITRON4_free(void *p) ;
#include "stm32h7xx_hal.h"
#elif defined(WOLFSSL_STM32WB)
#include "stm32wbxx_hal.h"
#elif defined(WOLFSSL_STM32G0)
#include "stm32g0xx_hal.h"
#endif
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
#include "stm32l4xx_ll_rng.h"
@@ -1343,7 +1346,8 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* WOLFSSL_STM32_CUBEMX */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */
#ifdef WOLFSSL_DEOS
#include <deos.h>
#include <timeout.h>
+9 -3
View File
@@ -27,9 +27,15 @@
#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(WOLFSSL_HAVE_SP_ECC)
#ifndef WOLFSSL_LINUXKM
#include <stdint.h>
#ifdef _WIN32_WCE
typedef __int8 int8_t;
typedef __int32 int32_t;
typedef __int64 int64_t;
typedef unsigned __int8 uint8_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
#elif !defined(WOLFSSL_LINUXKM)
#include <stdint.h>
#endif
#include <wolfssl/wolfcrypt/integer.h>
+22 -18
View File
@@ -113,29 +113,33 @@ extern "C" {
#error "Size of unsigned long not detected"
#endif
#if ULLONG_MAX == 18446744073709551615ULL
#define SP_ULLONG_BITS 64
#ifdef ULLONG_MAX
#if ULLONG_MAX == 18446744073709551615ULL
#define SP_ULLONG_BITS 64
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint64;
typedef long long sp_int64;
#endif
#elif ULLONG_MAX == 4294967295UL
#define SP_ULLONG_BITS 32
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint64;
typedef long long sp_int64;
#endif
#elif ULLONG_MAX == 4294967295UL
#define SP_ULLONG_BITS 32
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint32;
typedef long long sp_int32;
#endif
#elif ULLONG_MAX == 65535
#define SP_ULLONG_BITS 16
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint32;
typedef long long sp_int32;
#endif
#elif ULLONG_MAX == 65535
#define SP_ULLONG_BITS 16
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint16;
typedef long long sp_int16;
#if SP_ULLONG_BITS > SP_ULONG_BITS
typedef unsigned long long sp_uint16;
typedef long long sp_int16;
#endif
#else
#error "Size of unsigned long long not detected"
#endif
#else
#error "Size of unsigned long long not detected"
#define SP_ULLONG_BITS 0
#endif
+9 -7
View File
@@ -556,17 +556,17 @@ decouple library dependencies with standard string, memory and so on.
{
va_list ap;
int ret;
if ((int)n <= 0) return -1;
va_start(ap, format);
ret = vsnprintf(s, n, format, ap);
ret = XVSNPRINTF(s, n, format, ap);
if (ret < 0)
ret = -1;
va_end(ap);
return ret;
}
#define XSNPRINTF _xsnprintf_
@@ -597,7 +597,7 @@ decouple library dependencies with standard string, memory and so on.
if ((int)bufsize <= 0) return -1;
va_start(ap, format);
ret = vsnprintf(buffer, bufsize, format, ap);
ret = XVSNPRINTF(buffer, bufsize, format, ap);
if (ret >= (int)bufsize)
ret = -1;
va_end(ap);
@@ -659,6 +659,8 @@ decouple library dependencies with standard string, memory and so on.
#endif
#ifdef OPENSSL_ALL
#define XISALNUM(c) isalnum((c))
#define XISASCII(c) isascii((c))
#define XISSPACE(c) isspace((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
+4 -2
View File
@@ -43,7 +43,8 @@
*/
#if defined(BUILDING_WOLFSSL)
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
defined(_WIN32_WCE)
#if defined(WOLFSSL_DLL)
#define WOLFSSL_API __declspec(dllexport)
#else
@@ -61,7 +62,8 @@
#define WOLFSSL_LOCAL
#endif /* HAVE_VISIBILITY */
#else /* BUILDING_WOLFSSL */
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
defined(_WIN32_WCE)
#if defined(WOLFSSL_DLL)
#define WOLFSSL_API __declspec(dllimport)
#else
+65 -2
View File
@@ -616,6 +616,22 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XSEEK_END 0
#define XBADFILE NULL
#define XFGETS(b,s,f) f_gets((b), (s), (f))
#elif defined (_WIN32_WCE)
/* stdio, WINCE case */
#include <stdio.h>
#define XFILE FILE*
#define XFOPEN fopen
#define XFDOPEN fdopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) XFSEEK(F, 0, SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#define XFGETS fgets
#define XVSNPRINTF _vsnprintf
#elif defined(FUSION_RTOS)
#include <fclstdio.h>
@@ -676,14 +692,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFGETS fgets
#define XFPRINTF fprintf
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
#if !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
#if defined(USE_WINDOWS_API)
#include <sys/stat.h>
#define XSTAT _stat
#define XS_ISREG(s) (s & _S_IFREG)
#define SEPARATOR_CHAR ';'
#elif defined(WOLFSSL_ZEPHYR)
#define XSTAT fs_stat
#define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE)
#define SEPARATOR_CHAR ':'
#elif defined(WOLFSSL_TELIT_M2MB)
#define XSTAT m2mb_fs_stat
#define XS_ISREG(s) (s & M2MB_S_IFREG)
#define SEPARATOR_CHAR ':'
#else
#include <dirent.h>
#include <unistd.h>
#include <sys/stat.h>
#define XWRITE write
#define XREAD read
#define XCLOSE close
#define XSTAT stat
#define XS_ISREG(s) S_ISREG(s)
#define SEPARATOR_CHAR ':'
#endif
#endif
#endif
@@ -719,6 +753,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifdef USE_WINDOWS_API
WIN32_FIND_DATAA FindFileData;
HANDLE hFind;
struct XSTAT s;
#elif defined(WOLFSSL_ZEPHYR)
struct fs_dirent entry;
struct fs_dir_t dir;
@@ -729,10 +764,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
M2MB_DIR_T* dir;
struct M2MB_DIRENT* entry;
struct M2MB_STAT s;
#elif defined(INTIME_RTOS)
FIND_FILE_DATA FindFileData;
#else
struct dirent* entry;
DIR* dir;
struct stat s;
struct XSTAT s;
#endif
char name[MAX_FILENAME_SZ];
} ReadDirCtx;
@@ -743,6 +780,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
#endif /* !NO_WOLFSSL_DIR */
#define WC_ISFILEEXIST_NOFILE -1
WOLFSSL_API int wc_FileExists(const char* fname);
#endif /* !NO_FILESYSTEM */
@@ -863,9 +903,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#elif defined(_WIN32_WCE)
#include <windows.h>
#include <stdlib.h> /* For file system */
time_t windows_time(time_t* timer);
#define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d)
#define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \
(LPWIN32_FIND_DATAW) d)
#define XTIME(t1) windows_time((t1))
#define WOLFSSL_GMTIME
/* if struct tm is not defined in WINCE SDK */
#ifndef _TM_DEFINED
struct tm {
int tm_sec; /* seconds */
int tm_min; /* minutes */
int tm_hour; /* hours */
int tm_mday; /* day of month (month specific) */
int tm_mon; /* month */
int tm_year; /* year */
int tm_wday; /* day of week (out of 1-7)*/
int tm_yday; /* day of year (out of 365) */
int tm_isdst; /* is it daylight savings */
};
#define _TM_DEFINED
#endif
#elif defined(WOLFSSL_APACHE_MYNEWT)
#include "os/os_time.h"
#define XTIME(t1) mynewt_time((t1))