mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 11:40:48 +02:00
Merge remote-tracking branch 'upstream/master' into tk11899
This commit is contained in:
@@ -14,7 +14,7 @@ extern "C" {
|
||||
#define INTIME_RTOS
|
||||
|
||||
#undef WOLF_EXAMPLES_STACK
|
||||
#define WOLF_EXAMPLES_STACK 65536
|
||||
#define WOLF_EXAMPLES_STACK (1<<17)
|
||||
|
||||
#undef WOLFSSL_GENERAL_ALIGNMENT
|
||||
#define WOLFSSL_GENERAL_ALIGNMENT 4
|
||||
@@ -27,7 +27,7 @@ extern "C" {
|
||||
|
||||
/* disable directory support */
|
||||
#undef NO_WOLFSSL_DIR
|
||||
#define NO_WOLFSSL_DIR
|
||||
//#define NO_WOLFSSL_DIR
|
||||
|
||||
/* disable writev */
|
||||
#undef NO_WRITEV
|
||||
|
||||
@@ -66,7 +66,7 @@
|
||||
</Link>
|
||||
<ClCompile>
|
||||
<ExceptionHandling>Async</ExceptionHandling>
|
||||
<PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
</ItemDefinitionGroup>
|
||||
|
||||
@@ -94,6 +94,9 @@ int main(int argc, char* argv[])
|
||||
if (virtual_base == (uintptr_t)MAP_FAILED) {
|
||||
perror("mmap_device_io failed for base address ");
|
||||
}
|
||||
else {
|
||||
munmap_device_io(virtual_base, 0x00010000);
|
||||
}
|
||||
|
||||
wolfCrypt_Init();
|
||||
|
||||
|
||||
@@ -122,6 +122,11 @@ extern ${variable.value} ${variable.name};
|
||||
#define HAL_CONSOLE_UART huart2
|
||||
#define NO_STM32_RNG
|
||||
#define WOLFSSL_GENSEED_FORTEST
|
||||
#elif defined(STM32G071xx)
|
||||
#define WOLFSSL_STM32G0
|
||||
#define HAL_CONSOLE_UART huart2
|
||||
#define NO_STM32_RNG
|
||||
#define WOLFSSL_GENSEED_FORTEST
|
||||
#else
|
||||
#warning Please define a hardware platform!
|
||||
/* This means there is not a pre-defined platform for your board/CPU */
|
||||
|
||||
@@ -177,6 +177,11 @@
|
||||
#define HAL_CONSOLE_UART huart2
|
||||
#define NO_STM32_RNG
|
||||
#define WOLFSSL_GENSEED_FORTEST
|
||||
#elif defined(STM32G071xx)
|
||||
#define WOLFSSL_STM32G0
|
||||
#define HAL_CONSOLE_UART huart2
|
||||
#define NO_STM32_RNG
|
||||
#define WOLFSSL_GENSEED_FORTEST
|
||||
#else
|
||||
#warning Please define a hardware platform!
|
||||
/* This means there is not a pre-defined platform for your board/CPU */
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
# vim:ft=automake
|
||||
# included from Top Level Makefile.am
|
||||
# All paths should be given relative to the root
|
||||
|
||||
EXTRA_DIST+= IDE/WINCE/user_settings.h
|
||||
@@ -0,0 +1,333 @@
|
||||
#ifndef _WIN_USER_SETTINGS_H_
|
||||
#define _WIN_USER_SETTINGS_H_
|
||||
|
||||
/* For FIPS Ready, uncomment the following: */
|
||||
/* #define WOLFSSL_FIPS_READY */
|
||||
#ifdef WOLFSSL_FIPS_READY
|
||||
#undef HAVE_FIPS_VERSION
|
||||
#define HAVE_FIPS_VERSION 3
|
||||
#endif
|
||||
|
||||
|
||||
/* Verify this is Windows */
|
||||
#ifndef _WIN32
|
||||
#error This user_settings.h header is only designed for Windows
|
||||
#endif
|
||||
|
||||
/* Configurations */
|
||||
#define WOLFCRYPT_ONLY
|
||||
|
||||
#undef USE_FAST_MATH
|
||||
#if 1
|
||||
#define USE_FAST_MATH
|
||||
|
||||
#undef TFM_TIMING_RESISTANT
|
||||
#define TFM_TIMING_RESISTANT
|
||||
|
||||
/* Optimizations */
|
||||
//#define TFM_ARM
|
||||
#endif
|
||||
|
||||
/* Wolf Single Precision Math */
|
||||
#undef WOLFSSL_SP
|
||||
#if 0
|
||||
#define WOLFSSL_SP
|
||||
//#define WOLFSSL_SP_SMALL /* use smaller version of code */
|
||||
#define WOLFSSL_HAVE_SP_RSA
|
||||
#define WOLFSSL_HAVE_SP_DH
|
||||
#define WOLFSSL_HAVE_SP_ECC
|
||||
//#define WOLFSSL_SP_CACHE_RESISTANT
|
||||
//#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
|
||||
|
||||
/* SP Assembly Speedups */
|
||||
//#define WOLFSSL_SP_ASM /* required if using the ASM versions */
|
||||
//#define WOLFSSL_SP_ARM32_ASM
|
||||
//#define WOLFSSL_SP_ARM64_ASM
|
||||
//#define WOLFSSL_SP_ARM_THUMB_ASM
|
||||
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
|
||||
#endif
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* FIPS - Requires eval or license from wolfSSL */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
#undef HAVE_FIPS
|
||||
#if 1
|
||||
#define HAVE_FIPS
|
||||
|
||||
#undef HAVE_FIPS_VERSION
|
||||
#define HAVE_FIPS_VERSION 2
|
||||
|
||||
#ifdef SINGLE_THREADED
|
||||
#undef NO_THREAD_LS
|
||||
#define NO_THREAD_LS
|
||||
#else
|
||||
#ifndef USE_WINDOWS_API
|
||||
#define USE_WINDOWS_API
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#undef NO_ATTRIBUTE_CONSTRUCTOR
|
||||
//#define NO_ATTRIBUTE_CONSTRUCTOR
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* FIPS */
|
||||
//#define OPENSSL_EXTRA
|
||||
//#define HAVE_THREAD_LS
|
||||
#define WOLFSSL_KEY_GEN
|
||||
#define HAVE_AESGCM
|
||||
#define HAVE_HASHDRBG
|
||||
#define WOLFSSL_SHA384
|
||||
#define WOLFSSL_SHA512
|
||||
#define NO_PSK
|
||||
#define NO_HC128
|
||||
#define NO_RC4
|
||||
#define NO_RABBIT
|
||||
//#define NO_DSA
|
||||
#define NO_MD4
|
||||
|
||||
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* Crypto */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
#define USE_CERT_BUFFERS_256
|
||||
/* RSA */
|
||||
#undef NO_RSA
|
||||
#if 1
|
||||
#ifdef USE_FAST_MATH
|
||||
/* Maximum math bits (Max RSA key bits * 2) */
|
||||
#undef FP_MAX_BITS
|
||||
#define FP_MAX_BITS 8192
|
||||
#endif
|
||||
|
||||
/* half as much memory but twice as slow */
|
||||
#undef RSA_LOW_MEM
|
||||
//#define RSA_LOW_MEM
|
||||
|
||||
/* Enables blinding mode, to prevent timing attacks */
|
||||
#if 0
|
||||
#undef WC_RSA_BLINDING
|
||||
#define WC_RSA_BLINDING
|
||||
#else
|
||||
#undef WC_NO_HARDEN
|
||||
#define WC_NO_HARDEN
|
||||
#endif
|
||||
|
||||
/* RSA PSS Support */
|
||||
#if 1
|
||||
#define WC_RSA_PSS
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
#define WC_RSA_NO_PADDING
|
||||
#endif
|
||||
#else
|
||||
#define NO_RSA
|
||||
#endif
|
||||
/* ECC */
|
||||
#undef HAVE_ECC
|
||||
#if 1
|
||||
#define HAVE_ECC
|
||||
|
||||
/* Manually define enabled curves */
|
||||
#undef ECC_USER_CURVES
|
||||
//#define ECC_USER_CURVES
|
||||
|
||||
#ifdef ECC_USER_CURVES
|
||||
/* Manual Curve Selection */
|
||||
//#define HAVE_ECC192
|
||||
//#define HAVE_ECC224
|
||||
#undef NO_ECC256
|
||||
//#define HAVE_ECC384
|
||||
//#define HAVE_ECC521
|
||||
#endif
|
||||
|
||||
/* Fixed point cache (speeds repeated operations against same private key) */
|
||||
#undef FP_ECC
|
||||
//#define FP_ECC
|
||||
#ifdef FP_ECC
|
||||
/* Bits / Entries */
|
||||
#undef FP_ENTRIES
|
||||
#define FP_ENTRIES 2
|
||||
#undef FP_LUT
|
||||
#define FP_LUT 4
|
||||
#endif
|
||||
|
||||
/* Optional ECC calculation method */
|
||||
/* Note: doubles heap usage, but slightly faster */
|
||||
#undef ECC_SHAMIR
|
||||
#define ECC_SHAMIR
|
||||
|
||||
/* Reduces heap usage, but slower */
|
||||
#undef ECC_TIMING_RESISTANT
|
||||
#define ECC_TIMING_RESISTANT
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
#undef HAVE_ECC_CDH
|
||||
#define HAVE_ECC_CDH /* Enable cofactor support */
|
||||
|
||||
#undef NO_STRICT_ECDSA_LEN
|
||||
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
|
||||
|
||||
#undef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
|
||||
#endif
|
||||
|
||||
/* Compressed Key Support */
|
||||
#undef HAVE_COMP_KEY
|
||||
//#define HAVE_COMP_KEY
|
||||
|
||||
/* Use alternate ECC size for ECC math */
|
||||
#ifdef USE_FAST_MATH
|
||||
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
|
||||
#ifdef NO_RSA
|
||||
/* Custom fastmath size if not using RSA */
|
||||
#undef FP_MAX_BITS
|
||||
#define FP_MAX_BITS (256 * 2)
|
||||
#else
|
||||
#undef ALT_ECC_SIZE
|
||||
#define ALT_ECC_SIZE
|
||||
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
|
||||
//#undef FP_MAX_BITS_ECC
|
||||
//#define FP_MAX_BITS_ECC (256 * 2)
|
||||
#endif
|
||||
|
||||
/* Speedups specific to curve */
|
||||
#ifndef NO_ECC256
|
||||
#undef TFM_ECC256
|
||||
#define TFM_ECC256
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* AES */
|
||||
#undef NO_AES
|
||||
#if 1
|
||||
#undef HAVE_AES_CBC
|
||||
#define HAVE_AES_CBC
|
||||
|
||||
#undef HAVE_AESGCM
|
||||
#define HAVE_AESGCM
|
||||
|
||||
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
|
||||
//#define GCM_SMALL
|
||||
//#define GCM_WORD32
|
||||
#define GCM_TABLE
|
||||
|
||||
#undef WOLFSSL_AES_DIRECT
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
|
||||
#undef HAVE_AES_ECB
|
||||
#define HAVE_AES_ECB
|
||||
|
||||
#undef WOLFSSL_AES_COUNTER
|
||||
#define WOLFSSL_AES_COUNTER
|
||||
|
||||
#undef HAVE_AESCCM
|
||||
#define HAVE_AESCCM
|
||||
|
||||
#else
|
||||
#define NO_AES
|
||||
#endif
|
||||
|
||||
|
||||
/* DES3 */
|
||||
#undef NO_DES3
|
||||
#if 1
|
||||
#else
|
||||
#define NO_DES3
|
||||
#endif
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* Hashing */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* Sha */
|
||||
#undef NO_SHA
|
||||
#if 1
|
||||
/* 1k smaller, but 25% slower */
|
||||
//#define USE_SLOW_SHA
|
||||
#else
|
||||
#define NO_SHA
|
||||
#endif
|
||||
|
||||
/* Sha256 */
|
||||
#undef NO_SHA256
|
||||
#if 1
|
||||
/* not unrolled - ~2k smaller and ~25% slower */
|
||||
//#define USE_SLOW_SHA256
|
||||
|
||||
/* Sha224 */
|
||||
#if 1
|
||||
#define WOLFSSL_SHA224
|
||||
#endif
|
||||
#else
|
||||
#define NO_SHA256
|
||||
#endif
|
||||
|
||||
/* Sha512 */
|
||||
#undef WOLFSSL_SHA512
|
||||
#if 1
|
||||
#define WOLFSSL_SHA512
|
||||
|
||||
/* Sha384 */
|
||||
#undef WOLFSSL_SHA384
|
||||
#if 1
|
||||
#define WOLFSSL_SHA384
|
||||
#endif
|
||||
|
||||
/* over twice as small, but 50% slower */
|
||||
//#define USE_SLOW_SHA512
|
||||
#endif
|
||||
|
||||
/* Sha3 */
|
||||
#undef WOLFSSL_SHA3
|
||||
#if 1
|
||||
#define WOLFSSL_SHA3
|
||||
#endif
|
||||
|
||||
/* MD5 */
|
||||
#undef NO_MD5
|
||||
#if 1
|
||||
|
||||
#else
|
||||
#define NO_MD5
|
||||
#endif
|
||||
|
||||
/* HKDF */
|
||||
#undef HAVE_HKDF
|
||||
#if 1
|
||||
#define HAVE_HKDF
|
||||
#endif
|
||||
|
||||
/* CMAC */
|
||||
#undef WOLFSSL_CMAC
|
||||
#if 1
|
||||
#define WOLFSSL_CMAC
|
||||
#endif
|
||||
|
||||
/* DH */
|
||||
#undef NO_DH
|
||||
#if 1
|
||||
/* Use table for DH instead of -lm (math) lib dependency */
|
||||
#if 0
|
||||
#define WOLFSSL_DH_CONST
|
||||
#define HAVE_FFDHE_2048
|
||||
#define HAVE_FFDHE_4096
|
||||
//#define HAVE_FFDHE_6144
|
||||
//#define HAVE_FFDHE_8192
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
#define WOLFSSL_VALIDATE_FFC_IMPORT
|
||||
#define HAVE_FFDHE_Q
|
||||
#endif
|
||||
#else
|
||||
#define NO_DH
|
||||
#endif
|
||||
#endif /* FIPS v2 */
|
||||
|
||||
//#define DEBUG_WOLFSSL
|
||||
#define NO_MAIN_DRIVER
|
||||
#endif /* _WIN_USER_SETTINGS_H_ */
|
||||
@@ -37,6 +37,7 @@ include IDE/RISCV/include.am
|
||||
include IDE/XilinxSDK/include.am
|
||||
include IDE/VisualDSP/include.am
|
||||
include IDE/QNX/include.am
|
||||
include IDE/WINCE/include.am
|
||||
|
||||
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
|
||||
EXTRA_DIST+= IDE/OPENSTM32/README.md
|
||||
|
||||
@@ -155,3 +155,5 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
|
||||
[TLS 1.3](https://www.wolfssl.com/docs/tls13/)
|
||||
|
||||
[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
|
||||
|
||||
[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
|
||||
|
||||
+40
-15
@@ -324,6 +324,11 @@ then
|
||||
AC_MSG_ERROR([cannot enable sp-math and sp-math-all simultaneously.])
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([sp-asm],
|
||||
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
|
||||
[ ENABLED_SP_ASM=$enableval ],
|
||||
[ ENABLED_SP_ASM=no ],
|
||||
)
|
||||
|
||||
# ALL FEATURES
|
||||
AC_ARG_ENABLE([all],
|
||||
@@ -348,6 +353,7 @@ then
|
||||
test "$enable_aesctr" = "" && enable_aesctr=yes
|
||||
test "$enable_aesofb" = "" && enable_aesofb=yes
|
||||
test "$enable_aescfb" = "" && enable_aescfb=yes
|
||||
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
|
||||
test "$enable_camellia" = "" && enable_camellia=yes
|
||||
test "$enable_ripemd" = "" && enable_ripemd=yes
|
||||
test "$enable_sha512" = "" && enable_sha512=yes
|
||||
@@ -949,16 +955,12 @@ then
|
||||
AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
|
||||
fi
|
||||
|
||||
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
|
||||
then
|
||||
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
|
||||
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
# One Error Queue per Thread
|
||||
@@ -1287,6 +1289,18 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
|
||||
fi
|
||||
|
||||
# AES-CBC length checks (checks that input lengths are multiples of block size)
|
||||
AC_ARG_ENABLE([aescbc_length_checks],
|
||||
[AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
|
||||
[ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
|
||||
[ ENABLED_AESCBC_LENGTH_CHECKS=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
|
||||
fi
|
||||
|
||||
# leanpsk and leantls don't need gcm
|
||||
|
||||
# AES-GCM
|
||||
@@ -1295,6 +1309,11 @@ AC_ARG_ENABLE([aesgcm],
|
||||
[ ENABLED_AESGCM=$enableval ],
|
||||
[ ENABLED_AESGCM=yes ]
|
||||
)
|
||||
AC_ARG_ENABLE([aesgcm-stream],
|
||||
[AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: enabled)])],
|
||||
[ ENABLED_AESGCM_STREAM=$enableval ],
|
||||
[ ENABLED_AESGCM_STREAM=no ]
|
||||
)
|
||||
|
||||
# leanpsk and leantls don't need gcm
|
||||
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
|
||||
@@ -4269,6 +4288,7 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
||||
|
||||
# Requires OCSP make sure on
|
||||
if test "x$ENABLED_OCSP" = "xno"
|
||||
@@ -5134,6 +5154,10 @@ do
|
||||
ENABLED_SP_SMALL=yes
|
||||
;;
|
||||
|
||||
asm)
|
||||
ENABLED_SP_ASM=yes
|
||||
;;
|
||||
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
|
||||
break;;
|
||||
@@ -5194,11 +5218,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
|
||||
fi
|
||||
if test "$ENABLED_SMALL" = "yes"; then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
|
||||
fi
|
||||
|
||||
|
||||
if test "$ENABLED_SP_MATH" = "yes"; then
|
||||
if test "$ENABLED_SP" = "no"; then
|
||||
@@ -5313,11 +5332,6 @@ if test "$ENABLED_SP_MATH_ALL" = "yes"; then
|
||||
fi
|
||||
|
||||
|
||||
AC_ARG_ENABLE([sp-asm],
|
||||
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
|
||||
[ ENABLED_SP_ASM=$enableval ],
|
||||
[ ENABLED_SP_ASM=no ],
|
||||
)
|
||||
if test "$ENABLED_SP_ASM" = "yes"; then
|
||||
if test "$ENABLED_SP" = "no"; then
|
||||
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
|
||||
@@ -5975,6 +5989,16 @@ then
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
||||
fi
|
||||
if test "$ENABLED_AESGCM_STREAM" != "no"
|
||||
then
|
||||
if test "$ENABLED_AESGCM" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
|
||||
else
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
|
||||
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
|
||||
@@ -6494,6 +6518,7 @@ echo " * ARC4: $ENABLED_ARC4"
|
||||
echo " * AES: $ENABLED_AES"
|
||||
echo " * AES-NI: $ENABLED_AESNI"
|
||||
echo " * AES-CBC: $ENABLED_AESCBC"
|
||||
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
|
||||
echo " * AES-GCM: $ENABLED_AESGCM"
|
||||
echo " * AES-CCM: $ENABLED_AESCCM"
|
||||
echo " * AES-CTR: $ENABLED_AESCTR"
|
||||
|
||||
@@ -66,16 +66,22 @@ WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
|
||||
the resulting cipher text in the output buffer out using cipher block
|
||||
chaining with AES. This function requires that the AES object has been
|
||||
initialized by calling AesSetKey before a message is able to be encrypted.
|
||||
This function assumes that the input message is AES block length aligned.
|
||||
PKCS#7 style padding should be added beforehand. This differs from the
|
||||
OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL
|
||||
function and equivalent OpenSSL functions interoperate, one should specify
|
||||
This function assumes that the input message is AES block length aligned,
|
||||
and expects the input length to be a multiple of the block length, which
|
||||
will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS
|
||||
is defined in the build configuration. In order to assure block-multiple
|
||||
input, PKCS#7 style padding should be added beforehand. This differs from
|
||||
the OpenSSL AES-CBC methods which add the padding for you. To make the
|
||||
wolfSSL and corresponding OpenSSL functions interoperate, one should specify
|
||||
the -nopad option in the OpenSSL command line function so that it behaves
|
||||
like the wolfSSL AesCbcEncrypt method and does not add extra padding
|
||||
during encryption.
|
||||
|
||||
\return 0 On successfully encrypting message.
|
||||
\return BAD_ALIGN_E: Returned on block align error
|
||||
\return BAD_ALIGN_E: may be returned on block align error
|
||||
\return BAD_LENGTH_E will be returned if the input length isn't a
|
||||
multiple of the AES block length, when the library is built with
|
||||
WOLFSSL_AES_CBC_LENGTH_CHECKS.
|
||||
|
||||
\param aes pointer to the AES object used to encrypt data
|
||||
\param out pointer to the output buffer in which to store the ciphertext
|
||||
@@ -110,15 +116,21 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
|
||||
with AES. This function requires that the AES structure has been
|
||||
initialized by calling AesSetKey before a message is able to be decrypted.
|
||||
This function assumes that the original message was AES block length
|
||||
aligned. This differs from the OpenSSL AES-CBC methods which do not
|
||||
require alignment as it adds PKCS#7 padding automatically. To make the
|
||||
aligned, and expects the input length to be a multiple of the block length,
|
||||
which will optionally be checked and enforced if
|
||||
WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration.
|
||||
This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding
|
||||
automatically, and so do not require block-multiple input. To make the
|
||||
wolfSSL function and equivalent OpenSSL functions interoperate, one
|
||||
should specify the -nopad option in the OpenSSL command line function
|
||||
so that it behaves like the wolfSSL AesCbcEncrypt method and does not
|
||||
create errors during decryption.
|
||||
|
||||
\return 0 On successfully decrypting message.
|
||||
\return BAD_ALIGN_E Returned on block align error.
|
||||
\return BAD_ALIGN_E may be returned on block align error.
|
||||
\return BAD_LENGTH_E will be returned if the input length isn't a
|
||||
multiple of the AES block length, when the library is built with
|
||||
WOLFSSL_AES_CBC_LENGTH_CHECKS.
|
||||
|
||||
\param aes pointer to the AES object used to decrypt data.
|
||||
\param out pointer to the output buffer in which to store the plain text
|
||||
|
||||
+79
-11
@@ -949,7 +949,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
|
||||
/* 4. add the same message into Japanese section */
|
||||
/* (will be translated later) */
|
||||
/* 5. add printf() into suitable position of Usage() */
|
||||
static const char* client_usage_msg[][66] = {
|
||||
static const char* client_usage_msg[][67] = {
|
||||
/* English */
|
||||
{
|
||||
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
|
||||
@@ -1120,8 +1120,15 @@ static const char* client_usage_msg[][66] = {
|
||||
#ifdef HAVE_CURVE448
|
||||
"-8 Use X448 for key exchange\n", /* 66 */
|
||||
#endif
|
||||
#ifdef HAVE_CRL
|
||||
"-C Disable CRL\n",
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
"-9 Use hash dir look up for certificate loading\n"
|
||||
" loading from <wolfSSL home>/certs folder\n"
|
||||
" files in the folder would have the form \"hash.N\" file name\n"
|
||||
" e.g symbolic link to the file at certs folder\n"
|
||||
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
|
||||
/* 67 */
|
||||
#endif
|
||||
NULL,
|
||||
},
|
||||
@@ -1294,8 +1301,19 @@ static const char* client_usage_msg[][66] = {
|
||||
#ifdef HAVE_TRUSTED_CA
|
||||
"-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
|
||||
#endif
|
||||
"-6 WANT_WRITE エラーを全てのIO 送信でシュミレートします\n",
|
||||
#ifdef HAVE_CURVE448
|
||||
"-8 Use X448 for key exchange\n", /* 66 */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
"-9 証明書の読み込みに hash dir 機能を使用する\n"
|
||||
" <wolfSSL home>/certs フォルダーからロードします\n"
|
||||
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
|
||||
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
|
||||
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
|
||||
/* 67 */
|
||||
#endif
|
||||
NULL,
|
||||
},
|
||||
@@ -1465,9 +1483,15 @@ static void Usage(void)
|
||||
#ifdef HAVE_TRUSTED_CA
|
||||
printf("%s", msg[++msgid]); /* -5 */
|
||||
#endif
|
||||
printf("%s", msg[++msgid]); /* -6 */
|
||||
#ifdef HAVE_CURVE448
|
||||
printf("%s", msg[++msgid]); /* -8 */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
printf("%s", msg[++msgid]); /* -9 */
|
||||
#endif
|
||||
}
|
||||
|
||||
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
@@ -1601,6 +1625,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
const char* wnrConfigFile = wnrConfig;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
int useCertFolder = 0;
|
||||
#endif
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
|
||||
@@ -1686,7 +1715,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
while ((ch = mygetopt(argc, argv, "?:"
|
||||
"ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz"
|
||||
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
|
||||
"01:23:4568"
|
||||
"01:23:45689"
|
||||
"@#")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
@@ -2162,7 +2191,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
|
||||
case '9' :
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
useCertFolder = 1;
|
||||
break;
|
||||
#endif
|
||||
case '@' :
|
||||
{
|
||||
#ifdef HAVE_WC_INTROSPECTION
|
||||
@@ -2622,6 +2657,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
|
||||
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
if (useCertFolder) {
|
||||
WOLFSSL_X509_STORE *store;
|
||||
WOLFSSL_X509_LOOKUP *lookup;
|
||||
|
||||
store = wolfSSL_CTX_get_cert_store(ctx);
|
||||
if (store == NULL) {
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
err_sys("can't get WOLFSSL_X509_STORE");
|
||||
}
|
||||
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL) {
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
err_sys("can't add lookup");
|
||||
}
|
||||
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
|
||||
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
|
||||
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
#ifdef NO_FILESYSTEM
|
||||
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
|
||||
sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
|
||||
@@ -2669,6 +2727,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
|
||||
myVerifyAction == VERIFY_USE_PREVERFIY) {
|
||||
@@ -2692,7 +2755,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#ifdef HAVE_SNI
|
||||
if (sniHostName) {
|
||||
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
|
||||
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
|
||||
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
err_sys("UseSNI failed");
|
||||
@@ -3230,7 +3293,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
|
||||
printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
|
||||
{
|
||||
byte* rnd;
|
||||
@@ -3266,9 +3329,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_SESSION_CACHE)
|
||||
|
||||
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
|
||||
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
|
||||
#if !defined(NO_SESSION_CACHE) && \
|
||||
(defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
|
||||
!defined(NO_FILESYSTEM)
|
||||
#ifndef NO_BIO
|
||||
/* print out session to stdout */
|
||||
{
|
||||
@@ -3281,8 +3349,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
wolfSSL_BIO_free(bio);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#endif /* !NO_BIO */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (doSTARTTLS && starttlsProt != NULL) {
|
||||
|
||||
@@ -582,7 +582,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
|
||||
/* 4. add the same message into Japanese section */
|
||||
/* (will be translated later) */
|
||||
/* 5. add printf() into suitable position of Usage() */
|
||||
static const char* server_usage_msg[][56] = {
|
||||
static const char* server_usage_msg[][57] = {
|
||||
/* English */
|
||||
{
|
||||
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
|
||||
@@ -705,6 +705,16 @@ static const char* server_usage_msg[][56] = {
|
||||
/* 55 */
|
||||
#ifdef HAVE_CURVE448
|
||||
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
"-9 Use hash dir look up for certificate loading\n"
|
||||
" loading from <wolfSSL home>/certs folder\n"
|
||||
" files in the folder would have the form \"hash.N\" file name\n"
|
||||
" e.g symbolic link to the file at certs folder\n"
|
||||
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
|
||||
/* 57 */
|
||||
#endif
|
||||
NULL,
|
||||
},
|
||||
@@ -838,6 +848,16 @@ static const char* server_usage_msg[][56] = {
|
||||
/* 55 */
|
||||
#ifdef HAVE_CURVE448
|
||||
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
"-9 証明書の読み込みに hash dir 機能を使用する\n"
|
||||
" <wolfSSL home>/certs フォルダーからロードします\n"
|
||||
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
|
||||
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
|
||||
" ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
|
||||
/* 57 */
|
||||
#endif
|
||||
NULL,
|
||||
},
|
||||
@@ -966,9 +986,15 @@ static void Usage(void)
|
||||
#ifdef HAVE_TRUSTED_CA
|
||||
printf("%s", msg[++msgId]); /* -5 */
|
||||
#endif /* HAVE_TRUSTED_CA */
|
||||
printf("%s", msg[++msgId]); /* -6 */
|
||||
#ifdef HAVE_CURVE448
|
||||
printf("%s", msg[++msgId]); /* -8 */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
printf("%s", msg[++msgId]); /* -9 */
|
||||
#endif
|
||||
}
|
||||
|
||||
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
@@ -1126,6 +1152,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
#ifdef HAVE_ENCRYPT_THEN_MAC
|
||||
int disallowETM = 0;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
int useCertFolder = 0;
|
||||
#endif
|
||||
|
||||
((func_args*)args)->return_code = -1; /* error state */
|
||||
|
||||
@@ -1191,8 +1222,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
while ((ch = mygetopt(argc, argv, "?:"
|
||||
"abc:defgijk:l:mnop:q:rstuv:wxy"
|
||||
"A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
|
||||
"01:23:4:568"
|
||||
"@#")) != -1) {
|
||||
"01:23:4:5689"
|
||||
"@#")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
if(myoptarg!=NULL) {
|
||||
@@ -1620,7 +1651,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
|
||||
case '9' :
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
useCertFolder = 1;
|
||||
break;
|
||||
#endif
|
||||
case '@' :
|
||||
{
|
||||
#ifdef HAVE_WC_INTROSPECTION
|
||||
@@ -2011,7 +2048,29 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
#ifdef TEST_BEFORE_DATE
|
||||
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
if (useCertFolder) {
|
||||
WOLFSSL_X509_STORE *store;
|
||||
WOLFSSL_X509_LOOKUP *lookup;
|
||||
|
||||
store = wolfSSL_CTX_get_cert_store(ctx);
|
||||
if (store == NULL) {
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
err_sys("can't get WOLFSSL_X509_STORE");
|
||||
}
|
||||
lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL) {
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
err_sys("can't add lookup");
|
||||
}
|
||||
if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
|
||||
X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
|
||||
err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
|
||||
verify_flags) != WOLFSSL_SUCCESS) {
|
||||
err_sys_ex(catastrophic,
|
||||
@@ -2026,6 +2085,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_TRUST_PEER_CERT */
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -2584,7 +2648,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
|
||||
{
|
||||
byte* rnd = NULL;
|
||||
byte* pt;
|
||||
|
||||
@@ -107,9 +107,13 @@ run_test() {
|
||||
echo ""
|
||||
echo "Successful Revocation!!!!"
|
||||
echo ""
|
||||
exit_code=0
|
||||
echo "exiting with $exit_code"
|
||||
exit $exit_code
|
||||
if [ $exit_hash_dir_code -ne 0 ]; then
|
||||
exit_code=1
|
||||
else
|
||||
exit_code=0
|
||||
echo "exiting with $exit_code"
|
||||
exit $exit_code
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
@@ -120,9 +124,88 @@ run_test() {
|
||||
esac
|
||||
}
|
||||
|
||||
run_hashdir_test() {
|
||||
echo -e "\n\nHash dir with CRL and Certificate loading"
|
||||
|
||||
remove_ready_file
|
||||
# create hashed cert and crl
|
||||
pushd ${CERT_DIR}
|
||||
# ca file
|
||||
ca_hash_name=`openssl x509 -in ca-cert.pem -hash -noout`
|
||||
if [ -f "$ca_hash_name".0 ]; then
|
||||
rm "$ca_hash_name".0
|
||||
fi
|
||||
ln -s ca-cert.pem "$ca_hash_name".0
|
||||
# crl file
|
||||
crl_hash_name=`openssl crl -in ./crl/crl.pem -hash -noout`
|
||||
if [ -f "$crl_hash_name".r0 ]; then
|
||||
rm "$crl_hash_name".r0
|
||||
fi
|
||||
ln -s ./crl/crl.pem "$crl_hash_name".r0
|
||||
popd
|
||||
|
||||
# starts the server on crl_port, -R generates ready file to be used as a
|
||||
# mutex lock, -c loads the revoked certificate. We capture the processid
|
||||
# into the variable server_pid
|
||||
./examples/server/server -R $ready_file -p $crl_port \
|
||||
-c ${CERT_DIR}/server-revoked-cert.pem \
|
||||
-k ${CERT_DIR}/server-revoked-key.pem &
|
||||
server_pid=$!
|
||||
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
crl_port="$(cat $ready_file)"
|
||||
|
||||
# starts client on crl_port and captures the output from client
|
||||
capture_out=$(./examples/client/client -p $crl_port -9 2>&1)
|
||||
client_result=$?
|
||||
|
||||
wait $server_pid
|
||||
server_result=$?
|
||||
|
||||
case "$capture_out" in
|
||||
*$revocation_code*)
|
||||
# only exit with zero on detection of the expected error code
|
||||
echo ""
|
||||
echo "Successful Revocation!!!! with hash dir"
|
||||
echo ""
|
||||
exit_hash_dir_code=0
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo "Certificate was not revoked saw this instead: $capture_out"
|
||||
echo ""
|
||||
echo "configure with --enable-crl and run this script again"
|
||||
echo ""
|
||||
exit_hash_dir_code=1
|
||||
esac
|
||||
|
||||
# clean up hashed cert and crl
|
||||
pushd ${CERT_DIR}
|
||||
rm "$ca_hash_name".0
|
||||
rm "$crl_hash_name".r0
|
||||
popd
|
||||
|
||||
}
|
||||
######### begin program #########
|
||||
|
||||
# Check for enabling hash dir feature
|
||||
./examples/client/client -? 2>&1 | grep -- 'hash dir'
|
||||
if [ $? -eq 0 ]; then
|
||||
hash_dir=yes
|
||||
exit_hash_dir_code=1
|
||||
fi
|
||||
|
||||
if [ "$hash_dir" = "yes" ]; then
|
||||
run_hashdir_test
|
||||
else
|
||||
exit_hash_dir_code=0
|
||||
fi
|
||||
|
||||
# run the test
|
||||
run_test
|
||||
|
||||
|
||||
@@ -364,6 +364,25 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
/* if not find entry in the CRL list, it looks at the folder that sets */
|
||||
/* by LOOKUP_ctrl because user would want to use hash_dir. */
|
||||
/* Loading <issuer-hash>.rN form CRL file if find at the folder, */
|
||||
/* and try again checking Cert in the CRL list. */
|
||||
/* When not set the folder or not use hash_dir, do nothing. */
|
||||
if (foundEntry == 0) {
|
||||
if (crl->cm->x509_store_p != NULL) {
|
||||
ret = LoadCertByIssuer(crl->cm->x509_store_p,
|
||||
(WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL);
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
/* try again */
|
||||
ret = CheckCertCRLList(crl, cert, &foundEntry);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
if (foundEntry == 0) {
|
||||
WOLFSSL_MSG("Couldn't find CRL for status check");
|
||||
ret = CRL_MISSING;
|
||||
@@ -633,6 +652,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
|
||||
current = head;
|
||||
head = head->next;
|
||||
FreeCRL_Entry(current, heap);
|
||||
XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
@@ -701,7 +721,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
|
||||
if (store->cm->crl == NULL) {
|
||||
crl = wolfSSL_X509_crl_new(store->cm);
|
||||
if (DupX509_CRL(crl, newcrl) != 0) {
|
||||
FreeCRL(crl, 1);
|
||||
if (crl != NULL)
|
||||
FreeCRL(crl, 1);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
store->crl = store->cm->crl = crl;
|
||||
|
||||
+720
-12
@@ -1117,7 +1117,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver)
|
||||
}
|
||||
#else
|
||||
if (ver > DTLS_EXPORT_VERSION_3) {
|
||||
exp[idx++] = 0;
|
||||
idx++;
|
||||
}
|
||||
#endif
|
||||
#else
|
||||
@@ -1809,7 +1809,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* setup WOLFSSL_X509_STORE */
|
||||
ctx->x509_store.cm = ctx->cm;
|
||||
|
||||
/* set pointer back to x509 store */
|
||||
ctx->cm->x509_store_p = &ctx->x509_store;
|
||||
|
||||
/* WOLFSSL_X509_VERIFY_PARAM */
|
||||
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
@@ -1818,6 +1820,21 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
/* WOLFSSL_X509_LOOKUP */
|
||||
if ((ctx->x509_store.lookup.dirs =
|
||||
(WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
|
||||
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
|
||||
WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
|
||||
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
|
||||
if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
|
||||
WOLFSSL_MSG("Bad mutex init");
|
||||
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -1969,6 +1986,17 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
||||
if (ctx->param) {
|
||||
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
if (ctx->x509_store.lookup.dirs) {
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
if (ctx->x509_store.lookup.dirs->dir_entry) {
|
||||
wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry);
|
||||
}
|
||||
|
||||
#endif
|
||||
wc_FreeMutex(&ctx->x509_store.lookup.dirs->lock);
|
||||
XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_EPHEMERAL
|
||||
#ifndef NO_DH
|
||||
@@ -6367,7 +6395,9 @@ void FreeSuites(WOLFSSL* ssl)
|
||||
#endif
|
||||
{
|
||||
#ifdef OPENSSL_ALL
|
||||
wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
|
||||
if (ssl->suites != NULL) {
|
||||
wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
|
||||
}
|
||||
#endif
|
||||
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
|
||||
}
|
||||
@@ -7130,7 +7160,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
|
||||
{
|
||||
WOLFSSL_ENTER("DtlsMsgSet()");
|
||||
if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
|
||||
(fragOffset + fragSz) <= msg->sz) {
|
||||
fragSz <= msg->sz && fragOffset <= msg->sz &&
|
||||
(fragOffset + fragSz) <= msg->sz) {
|
||||
DtlsFrag* cur = msg->fragList;
|
||||
DtlsFrag* prev = cur;
|
||||
DtlsFrag* newFrag;
|
||||
@@ -8600,6 +8631,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return LENGTH_ERROR;
|
||||
#endif
|
||||
|
||||
if (*size == 0 && rh->type != application_data) {
|
||||
WOLFSSL_MSG("0 length, non-app data record.");
|
||||
return LENGTH_ERROR;
|
||||
}
|
||||
|
||||
/* verify record type here as well */
|
||||
switch (rh->type) {
|
||||
case handshake:
|
||||
@@ -9829,9 +9865,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
} else {
|
||||
wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm);
|
||||
}
|
||||
if (!(x509->key.algor->algorithm =
|
||||
wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
|
||||
ret = PUBLIC_KEY_E;
|
||||
if (!x509->key.algor) {
|
||||
ret = MEMORY_E;
|
||||
} else {
|
||||
if (!(x509->key.algor->algorithm =
|
||||
wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
|
||||
ret = PUBLIC_KEY_E;
|
||||
}
|
||||
}
|
||||
|
||||
wolfSSL_EVP_PKEY_free(x509->key.pkey);
|
||||
@@ -10553,6 +10593,198 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
|
||||
args->dCert = NULL;
|
||||
}
|
||||
}
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
/* load certificate file which has the form <hash>.(r)N[0..N] */
|
||||
/* in the folder. */
|
||||
/* (r), in the case of CRL file */
|
||||
/* @param store a pointer to X509_STORE structure */
|
||||
/* @param issuer a pointer to X509_NAME that presents an issuer */
|
||||
/* @param type X509_LU_X509 or X509_LU_CRL */
|
||||
/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */
|
||||
int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
|
||||
{
|
||||
const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */
|
||||
int ret = WOLFSSL_SUCCESS;
|
||||
WOLFSSL_X509_LOOKUP* lookup;
|
||||
WOLFSSL_BY_DIR_entry* entry;
|
||||
WOLFSSL_BY_DIR_HASH hash_tmp;
|
||||
WOLFSSL_BY_DIR_HASH* ph = NULL;
|
||||
WOLFSSL_X509* x509;
|
||||
unsigned long hash = 0;
|
||||
char* filename = NULL;
|
||||
const char* post = "";
|
||||
byte* pbuf = NULL;
|
||||
int len, num, i, index;
|
||||
byte suffix = 0;
|
||||
int retHash = NOT_COMPILED_IN;
|
||||
byte dgt[WC_MAX_DIGEST_SIZE];
|
||||
|
||||
WOLFSSL_ENTER("LoadCertByIssuer");
|
||||
|
||||
/* sanity check */
|
||||
if (store == NULL || issuer == NULL || (type != X509_LU_X509 && type != X509_LU_CRL)) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
lookup = &store->lookup;
|
||||
if (lookup->dirs == NULL || lookup->type != 1) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
|
||||
if (len > 0) {
|
||||
#ifndef NO_SHA
|
||||
retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
|
||||
#endif
|
||||
if (retHash == 0) {
|
||||
/* 4 bytes in little endian as unsigned long */
|
||||
hash = (((unsigned long)dgt[3] << 24) |
|
||||
((unsigned long)dgt[2] << 16) |
|
||||
((unsigned long)dgt[1] << 8) |
|
||||
((unsigned long)dgt[0]));
|
||||
} else {
|
||||
WOLFSSL_MSG("failed hash operation");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
wolfSSL_OPENSSL_free(pbuf);
|
||||
}
|
||||
|
||||
/* try to load each hashed name file in path */
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
|
||||
if (type == X509_LU_CRL) {
|
||||
post = "r";
|
||||
}
|
||||
|
||||
num = wolfSSL_sk_BY_DIR_entry_num(lookup->dirs->dir_entry);
|
||||
|
||||
for (i=0; i<num; i++) {
|
||||
|
||||
entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i);
|
||||
|
||||
if (type == X509_LU_CRL && entry->hashes != NULL &&
|
||||
wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) {
|
||||
/* lock the list */
|
||||
if (wc_LockMutex(&lookup->dirs->lock) != 0) {
|
||||
WOLFSSL_MSG("wc_LockMutex cdir Lock error");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
|
||||
hash_tmp.hash_value = hash;
|
||||
index = wolfSSL_sk_BY_DIR_HASH_find(entry->hashes, &hash_tmp);
|
||||
if (index >= 0) {
|
||||
WOLFSSL_MSG("find hashed CRL in list");
|
||||
ph = wolfSSL_sk_BY_DIR_HASH_value(entry->hashes, index);
|
||||
suffix = ph->last_suffix;
|
||||
} else {
|
||||
ph = NULL;
|
||||
suffix = 0;
|
||||
}
|
||||
|
||||
wc_UnLockMutex(&lookup->dirs->lock);
|
||||
}
|
||||
|
||||
/* Additional buffer length for file name memory allocation : */
|
||||
/* / <hashvalue>.(r)N\0 */
|
||||
/*|1| 8 |1|1|1|1| => 13 */
|
||||
len = (int)XSTRLEN(entry->dir_name) + 13;
|
||||
if (filename != NULL) {
|
||||
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (filename == NULL) {
|
||||
WOLFSSL_MSG("memory allocation error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
/* set as FAILURE, if successfuly loading cert of CRL, this becomes */
|
||||
/* WOLFSSL_SUCCESS */
|
||||
ret = WOLFSSL_FAILURE;
|
||||
|
||||
for (; suffix < MAX_SUFFIX; suffix++) {
|
||||
/* /folder-path/<hash>.(r)N[0..9] */
|
||||
XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
|
||||
hash, post, suffix);
|
||||
if(wc_FileExists(filename) == 0/*0 file exists */) {
|
||||
|
||||
if (type == X509_LU_X509) {
|
||||
x509 = wolfSSL_X509_load_certificate_file(filename,
|
||||
WOLFSSL_FILETYPE_PEM);
|
||||
if (x509 != NULL) {
|
||||
ret = wolfSSL_X509_STORE_add_cert(store, x509);
|
||||
wolfSSL_X509_free(x509);
|
||||
} else {
|
||||
WOLFSSL_MSG("failed to load certificate\n");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#ifdef HAVE_CRL
|
||||
else if (type == X509_LU_CRL) {
|
||||
ret = wolfSSL_X509_load_crl_file(&store->lookup, filename,
|
||||
WOLFSSL_FILETYPE_PEM);
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("failed to load CRL\n");
|
||||
break;
|
||||
}
|
||||
}
|
||||
#else
|
||||
else if (type == X509_LU_CRL) {
|
||||
WOLFSSL_MSG("CRL is not supported");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
} else
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("not found file");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
} else {
|
||||
if (type == X509_LU_CRL) {
|
||||
if (wc_LockMutex(&lookup->dirs->lock) != 0) {
|
||||
WOLFSSL_MSG("wc_LockMutex cdir Lock error");
|
||||
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
if (ph == NULL) {
|
||||
ph = wolfSSL_BY_DIR_HASH_new();
|
||||
if (ph == NULL) {
|
||||
WOLFSSL_MSG("failed to allocate hash stack");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
} else {
|
||||
ph->hash_value = hash;
|
||||
ph->last_suffix = suffix;
|
||||
|
||||
ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
|
||||
}
|
||||
}
|
||||
wc_UnLockMutex(&lookup->dirs->lock);
|
||||
}
|
||||
}
|
||||
|
||||
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#else
|
||||
(void) type;
|
||||
(void) ret;
|
||||
(void) x509;
|
||||
(void) filename;
|
||||
(void) suffix;
|
||||
(void) num;
|
||||
(void) i;
|
||||
ret = WOLFSSL_NOT_IMPLEMENTED;
|
||||
#endif
|
||||
WOLFSSL_LEAVE("LoadCertByIssuer", ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
|
||||
int certType, int verify, byte** pSubjectHash, int* pAlreadySigner)
|
||||
@@ -11080,6 +11312,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
|
||||
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
|
||||
&subjectHash, &alreadySigner);
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
if (ret == ASN_NO_SIGNER_E) {
|
||||
WOLFSSL_MSG("try to load certificate if hash dir is set");
|
||||
if (ssl->ctx->x509_store_pt != NULL) {
|
||||
ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
|
||||
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
|
||||
X509_LU_X509);
|
||||
} else {
|
||||
ret = LoadCertByIssuer(&ssl->ctx->x509_store,
|
||||
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
|
||||
X509_LU_X509);
|
||||
}
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
FreeDecodedCert(args->dCert);
|
||||
args->dCertInit = 0;
|
||||
/* once again */
|
||||
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
|
||||
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
|
||||
&subjectHash, &alreadySigner);
|
||||
} else
|
||||
ret = ASN_NO_SIGNER_E;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E)
|
||||
goto exit_ppc;
|
||||
@@ -11273,6 +11530,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
|
||||
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
|
||||
&subjectHash, &alreadySigner);
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
if (ret == ASN_NO_SIGNER_E) {
|
||||
WOLFSSL_MSG("try to load certificate if hash dir is set");
|
||||
if (ssl->ctx->x509_store_pt != NULL) {
|
||||
ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
|
||||
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
|
||||
X509_LU_X509);
|
||||
} else {
|
||||
ret = LoadCertByIssuer(&ssl->ctx->x509_store,
|
||||
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
|
||||
X509_LU_X509);
|
||||
}
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
FreeDecodedCert(args->dCert);
|
||||
args->dCertInit = 0;
|
||||
/* once again */
|
||||
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
|
||||
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
|
||||
&subjectHash, &alreadySigner);
|
||||
} else
|
||||
ret = ASN_NO_SIGNER_E;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E)
|
||||
goto exit_ppc;
|
||||
@@ -13784,14 +14066,34 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||
#ifdef CHACHA_AEAD_TEST
|
||||
int i;
|
||||
#endif
|
||||
Keys* keys = &ssl->keys;
|
||||
|
||||
XMEMSET(tag, 0, sizeof(tag));
|
||||
XMEMSET(nonce, 0, sizeof(nonce));
|
||||
XMEMSET(poly, 0, sizeof(poly));
|
||||
XMEMSET(add, 0, sizeof(add));
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
|
||||
/*
|
||||
* For epochs 2+:
|
||||
* * use ssl->secure_renegotiation when encrypting the current epoch as it
|
||||
* has the current epoch cipher material
|
||||
* * use PREV_ORDER if encrypting the epoch not in
|
||||
* ssl->secure_renegotiation
|
||||
*/
|
||||
/* opaque SEQ number stored for AD */
|
||||
WriteSEQ(ssl, CUR_ORDER, add);
|
||||
if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
|
||||
if (ssl->keys.dtls_epoch ==
|
||||
ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
|
||||
keys = &ssl->secure_renegotiation->tmp_keys;
|
||||
WriteSEQ(ssl, CUR_ORDER, add);
|
||||
}
|
||||
else
|
||||
WriteSEQ(ssl, PREV_ORDER, add);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
WriteSEQ(ssl, CUR_ORDER, add);
|
||||
|
||||
if (ssl->options.oldPoly != 0) {
|
||||
/* get nonce. SEQ should not be incremented again here */
|
||||
@@ -13830,7 +14132,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
|
||||
if (ssl->options.oldPoly == 0) {
|
||||
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
|
||||
* record sequence number XORed with client_write_IV/server_write_IV */
|
||||
XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
|
||||
XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
|
||||
nonce[4] ^= add[0];
|
||||
nonce[5] ^= add[1];
|
||||
nonce[6] ^= add[2];
|
||||
@@ -13938,6 +14240,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||
byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
|
||||
int ret = 0;
|
||||
int msgLen = (sz - ssl->specs.aead_mac_size);
|
||||
Keys* keys = &ssl->keys;
|
||||
|
||||
#ifdef CHACHA_AEAD_TEST
|
||||
int i;
|
||||
@@ -13955,6 +14258,17 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||
XMEMSET(nonce, 0, sizeof(nonce));
|
||||
XMEMSET(add, 0, sizeof(add));
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
|
||||
/*
|
||||
* For epochs 2+:
|
||||
* * use ssl->secure_renegotiation when decrypting the latest epoch as it
|
||||
* has the latest epoch cipher material
|
||||
*/
|
||||
if (ssl->options.dtls && DtlsSCRKeysSet(ssl) &&
|
||||
ssl->keys.curEpoch == ssl->secure_renegotiation->tmp_keys.dtls_epoch)
|
||||
keys = &ssl->secure_renegotiation->tmp_keys;
|
||||
#endif
|
||||
|
||||
/* sequence number field is 64-bits */
|
||||
WriteSEQ(ssl, PEER_ORDER, add);
|
||||
|
||||
@@ -13984,7 +14298,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||
if (ssl->options.oldPoly == 0) {
|
||||
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
|
||||
* record sequence number XORed with client_write_IV/server_write_IV */
|
||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
|
||||
XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
|
||||
nonce[4] ^= add[0];
|
||||
nonce[5] ^= add[1];
|
||||
nonce[6] ^= add[2];
|
||||
@@ -15387,7 +15701,7 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
used = ssl->buffers.inputBuffer.length -
|
||||
ssl->buffers.inputBuffer.idx;
|
||||
if (used < ssl->curSize)
|
||||
if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
|
||||
if ((ret = GetInputData(ssl, ssl->curSize - used)) < 0)
|
||||
return ret;
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
}
|
||||
@@ -15415,6 +15729,7 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
|
||||
&ssl->buffers.inputBuffer.idx,
|
||||
&ssl->curRL, &ssl->curSize);
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
|
||||
WOLFSSL_MSG("Silently dropping out of order DTLS message");
|
||||
@@ -15902,6 +16217,12 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
if (ssl->buffers.inputBuffer.idx >=
|
||||
ssl->buffers.inputBuffer.length ||
|
||||
ssl->curSize < 1) {
|
||||
WOLFSSL_MSG("ChangeCipher msg too short");
|
||||
return LENGTH_ERROR;
|
||||
}
|
||||
if (ssl->buffers.inputBuffer.buffer[
|
||||
ssl->buffers.inputBuffer.idx] != 1) {
|
||||
WOLFSSL_MSG("ChangeCipher msg wrong value");
|
||||
@@ -21537,7 +21858,7 @@ exit_dpk:
|
||||
ato16(input + *inOutIdx, &len);
|
||||
*inOutIdx += OPAQUE16_LEN;
|
||||
|
||||
if ((*inOutIdx - begin) + len > size)
|
||||
if ((len > size) || ((*inOutIdx - begin) + len > size))
|
||||
return BUFFER_ERROR;
|
||||
|
||||
if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
|
||||
@@ -31333,6 +31654,393 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
|
||||
|
||||
return maxFragment;
|
||||
}
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
/* create an instance of WOLFSSL_BY_DIR_HASH structure */
|
||||
WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void)
|
||||
{
|
||||
WOLFSSL_BY_DIR_HASH* dir_hash;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new");
|
||||
|
||||
dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (dir_hash) {
|
||||
XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH));
|
||||
}
|
||||
return dir_hash;
|
||||
}
|
||||
/* release a WOLFSSL_BY_DIR_HASH resource */
|
||||
void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash)
|
||||
{
|
||||
if (dir_hash == NULL)
|
||||
return;
|
||||
|
||||
XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */
|
||||
WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void)
|
||||
{
|
||||
WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null");
|
||||
|
||||
if (sk) {
|
||||
sk->type = STACK_TYPE_BY_DIR_hash;
|
||||
}
|
||||
return sk;
|
||||
}
|
||||
|
||||
/* returns value less than 0 on fail to match
|
||||
* On a successful match the priority level found is returned
|
||||
*/
|
||||
int wolfSSL_sk_BY_DIR_HASH_find(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind)
|
||||
{
|
||||
WOLFSSL_STACK* next;
|
||||
int i, sz;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find");
|
||||
|
||||
if (sk == NULL || toFind == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
sz = wolfSSL_sk_BY_DIR_HASH_num(sk);
|
||||
next = sk;
|
||||
for (i = 0; i < sz && next != NULL; i++) {
|
||||
if (next->data.dir_hash->hash_value == toFind->hash_value) {
|
||||
return sz - i; /* reverse because stack pushed highest on first */
|
||||
}
|
||||
next = next->next;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
/* return a number of WOLFSSL_BY_DIR_HASH in stack */
|
||||
int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
|
||||
|
||||
if (sk == NULL)
|
||||
return -1;
|
||||
return (int)sk->num;
|
||||
}
|
||||
/* return WOLFSSL_BY_DIR_HASH instance at i */
|
||||
WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
|
||||
const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value");
|
||||
|
||||
for (; sk != NULL && i > 0; i--)
|
||||
sk = sk->next;
|
||||
|
||||
if (i != 0 || sk == NULL)
|
||||
return NULL;
|
||||
return sk->data.dir_hash;
|
||||
}
|
||||
/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */
|
||||
WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
WOLFSSL_BY_DIR_HASH* hash;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop");
|
||||
|
||||
if (sk == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
node = sk->next;
|
||||
hash = sk->data.dir_hash;
|
||||
|
||||
if (node != NULL) { /* update sk and remove node from stack */
|
||||
sk->data.dir_hash = node->data.dir_hash;
|
||||
sk->next = node->next;
|
||||
wolfSSL_sk_free_node(node);
|
||||
}
|
||||
else { /* last x509 in stack */
|
||||
sk->data.dir_hash = NULL;
|
||||
}
|
||||
|
||||
if (sk->num > 0) {
|
||||
sk->num -= 1;
|
||||
}
|
||||
|
||||
return hash;
|
||||
}
|
||||
/* release all contents in stack, and then release stack itself. */
|
||||
/* Second argument is a function pointer to release resouces. */
|
||||
/* It calls the function to release resouces when t is passed */
|
||||
/* instead of wolfSSL_BY_DIR_HASH_free(). */
|
||||
void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk,
|
||||
void (*f) (WOLFSSL_BY_DIR_HASH*))
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free");
|
||||
|
||||
if (sk == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* parse through stack freeing each node */
|
||||
node = sk->next;
|
||||
while (node && sk->num > 1) {
|
||||
WOLFSSL_STACK* tmp = node;
|
||||
node = node->next;
|
||||
|
||||
if (f)
|
||||
f(tmp->data.dir_hash);
|
||||
else
|
||||
wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash);
|
||||
tmp->data.dir_hash = NULL;
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
sk->num -= 1;
|
||||
}
|
||||
|
||||
/* free head of stack */
|
||||
if (sk->num == 1) {
|
||||
if (f)
|
||||
f(sk->data.dir_hash);
|
||||
else
|
||||
wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash);
|
||||
sk->data.dir_hash = NULL;
|
||||
}
|
||||
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
/* release all contents in stack, and then release stack itself */
|
||||
void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
|
||||
{
|
||||
wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL);
|
||||
}
|
||||
/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and
|
||||
* tries to free it when the stack is free'd.
|
||||
*
|
||||
* return 1 on success 0 on fail
|
||||
*/
|
||||
int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
|
||||
WOLFSSL_BY_DIR_HASH* in)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push");
|
||||
|
||||
if (sk == NULL || in == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* no previous values in stack */
|
||||
if (sk->data.dir_hash == NULL) {
|
||||
sk->data.dir_hash = in;
|
||||
sk->num += 1;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/* stack already has value(s) create a new node and add more */
|
||||
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (node == NULL) {
|
||||
WOLFSSL_MSG("Memory error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
|
||||
|
||||
/* push new obj onto head of stack */
|
||||
node->data.dir_hash = sk->data.dir_hash;
|
||||
node->next = sk->next;
|
||||
node->type = sk->type;
|
||||
sk->next = node;
|
||||
sk->data.dir_hash = in;
|
||||
sk->num += 1;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
/* create an instance of WOLFSSL_BY_DIR_entry structure */
|
||||
WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void)
|
||||
{
|
||||
WOLFSSL_BY_DIR_entry* entry;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new");
|
||||
|
||||
entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
|
||||
if (entry) {
|
||||
XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry));
|
||||
}
|
||||
return entry;
|
||||
}
|
||||
/* release a WOLFSSL_BY_DIR_entry resource */
|
||||
void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free");
|
||||
|
||||
if (entry == NULL)
|
||||
return;
|
||||
|
||||
if (entry->hashes) {
|
||||
wolfSSL_sk_BY_DIR_HASH_free(entry->hashes);
|
||||
}
|
||||
|
||||
if (entry->dir_name != NULL) {
|
||||
XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void)
|
||||
{
|
||||
WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null");
|
||||
|
||||
if (sk) {
|
||||
sk->type = STACK_TYPE_BY_DIR_entry;
|
||||
}
|
||||
return sk;
|
||||
}
|
||||
/* return a number of WOLFSSL_BY_DIR_entry in stack */
|
||||
int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
|
||||
|
||||
if (sk == NULL)
|
||||
return -1;
|
||||
return (int)sk->num;
|
||||
}
|
||||
/* return WOLFSSL_BY_DIR_entry instance at i */
|
||||
WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
|
||||
const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value");
|
||||
|
||||
for (; sk != NULL && i > 0; i--)
|
||||
sk = sk->next;
|
||||
|
||||
if (i != 0 || sk == NULL)
|
||||
return NULL;
|
||||
return sk->data.dir_entry;
|
||||
}
|
||||
/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */
|
||||
WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
WOLFSSL_BY_DIR_entry* entry;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop");
|
||||
|
||||
if (sk == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
node = sk->next;
|
||||
entry = sk->data.dir_entry;
|
||||
|
||||
if (node != NULL) { /* update sk and remove node from stack */
|
||||
sk->data.dir_entry = node->data.dir_entry;
|
||||
sk->next = node->next;
|
||||
wolfSSL_sk_free_node(node);
|
||||
}
|
||||
else { /* last x509 in stack */
|
||||
sk->data.dir_entry = NULL;
|
||||
}
|
||||
|
||||
if (sk->num > 0) {
|
||||
sk->num -= 1;
|
||||
}
|
||||
|
||||
return entry;
|
||||
}
|
||||
/* release all contents in stack, and then release stack itself. */
|
||||
/* Second argument is a function pointer to release resouces. */
|
||||
/* It calls the function to release resouces when t is passed */
|
||||
/* instead of wolfSSL_BY_DIR_entry_free(). */
|
||||
void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
|
||||
void (*f) (WOLFSSL_BY_DIR_entry*))
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free");
|
||||
|
||||
if (sk == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* parse through stack freeing each node */
|
||||
node = sk->next;
|
||||
while (node && sk->num > 1) {
|
||||
WOLFSSL_STACK* tmp = node;
|
||||
node = node->next;
|
||||
|
||||
if (f)
|
||||
f(tmp->data.dir_entry);
|
||||
else
|
||||
wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry);
|
||||
tmp->data.dir_entry = NULL;
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
sk->num -= 1;
|
||||
}
|
||||
|
||||
/* free head of stack */
|
||||
if (sk->num == 1) {
|
||||
if (f)
|
||||
f(sk->data.dir_entry);
|
||||
else
|
||||
wolfSSL_BY_DIR_entry_free(sk->data.dir_entry);
|
||||
sk->data.dir_entry = NULL;
|
||||
}
|
||||
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
/* release all contents in stack, and then release stack itself */
|
||||
void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk)
|
||||
{
|
||||
wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL);
|
||||
}
|
||||
|
||||
/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and
|
||||
* tries to free it when the stack is free'd.
|
||||
*
|
||||
* return 1 on success 0 on fail
|
||||
*/
|
||||
int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
|
||||
WOLFSSL_BY_DIR_entry* in)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
|
||||
if (sk == NULL || in == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* no previous values in stack */
|
||||
if (sk->data.dir_entry == NULL) {
|
||||
sk->data.dir_entry = in;
|
||||
sk->num += 1;
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/* stack already has value(s) create a new node and add more */
|
||||
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (node == NULL) {
|
||||
WOLFSSL_MSG("Memory error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
|
||||
|
||||
/* push new obj onto head of stack */
|
||||
node->data.dir_entry = sk->data.dir_entry;
|
||||
node->next = sk->next;
|
||||
node->type = sk->type;
|
||||
sk->next = node;
|
||||
sk->data.dir_entry = in;
|
||||
sk->num += 1;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_ALL */
|
||||
|
||||
|
||||
#undef ERROR_OUT
|
||||
|
||||
+8
-8
@@ -3086,10 +3086,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
||||
#ifdef WOLFSSL_DEBUG_TLS
|
||||
WOLFSSL_MSG("Provisioning ENCRYPT key");
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
|
||||
}
|
||||
#endif
|
||||
wc_encrypt = &ssl->encrypt;
|
||||
@@ -3099,10 +3099,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
||||
#ifdef WOLFSSL_DEBUG_TLS
|
||||
WOLFSSL_MSG("Provisioning DECRYPT key");
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
|
||||
}
|
||||
#endif
|
||||
wc_decrypt = &ssl->decrypt;
|
||||
@@ -3112,17 +3112,17 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
||||
#ifdef WOLFSSL_DEBUG_TLS
|
||||
WOLFSSL_MSG("Provisioning ENCRYPT key");
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
|
||||
}
|
||||
WOLFSSL_MSG("Provisioning DECRYPT key");
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
|
||||
WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
|
||||
}
|
||||
#endif
|
||||
wc_encrypt = &ssl->encrypt;
|
||||
|
||||
+27
-21
@@ -610,7 +610,11 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
/* AddCA() frees the buffer. */
|
||||
XMEMCPY(derCert->buffer, issuer->derCert->buffer,
|
||||
issuer->derCert->length);
|
||||
AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
|
||||
ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
|
||||
@@ -624,28 +628,30 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
if (certStatus)
|
||||
XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
|
||||
XMEMSET(certStatus, 0, sizeof(CertStatus));
|
||||
|
||||
certId->status = certStatus;
|
||||
certId->ownStatus = 1;
|
||||
|
||||
InitDecodedCert(&cert, subject->derCert->buffer,
|
||||
subject->derCert->length, NULL);
|
||||
if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
|
||||
certId->status->serialSz = cert.serialSz;
|
||||
|
||||
if (certId != NULL) {
|
||||
XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
|
||||
XMEMSET(certStatus, 0, sizeof(CertStatus));
|
||||
|
||||
certId->status = certStatus;
|
||||
certId->ownStatus = 1;
|
||||
|
||||
InitDecodedCert(&cert, subject->derCert->buffer,
|
||||
subject->derCert->length, NULL);
|
||||
if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
|
||||
XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
|
||||
certId->status->serialSz = cert.serialSz;
|
||||
}
|
||||
FreeDecodedCert(&cert);
|
||||
}
|
||||
FreeDecodedCert(&cert);
|
||||
|
||||
wolfSSL_CertManagerFree(cm);
|
||||
|
||||
@@ -804,8 +810,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
resp->single->ownStatus = 1;
|
||||
if (resp->single->status == NULL) {
|
||||
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
|
||||
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
return NULL;
|
||||
}
|
||||
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
|
||||
|
||||
@@ -2024,18 +2024,24 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (!extension || !extension->data) {
|
||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||
* Enable it so that the received sni is available to functions
|
||||
* that use a custom callback when SNI is received.
|
||||
*/
|
||||
|
||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||
* Enable it so that the received sni is available to functions
|
||||
* that use a custom callback when SNI is received.
|
||||
*/
|
||||
#ifdef WOLFSSL_ALWAYS_KEEP_SNI
|
||||
cacheOnly = 1;
|
||||
#endif
|
||||
if (ssl->ctx->sniRecvCb) {
|
||||
cacheOnly = 1;
|
||||
}
|
||||
|
||||
if (cacheOnly) {
|
||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||
#else
|
||||
}
|
||||
else {
|
||||
/* Skipping, SNI not enabled at server side. */
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
if (OPAQUE16_LEN > length)
|
||||
@@ -2096,7 +2102,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||
|
||||
TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
|
||||
|
||||
if(!cacheOnly)
|
||||
if (!cacheOnly)
|
||||
TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
|
||||
}
|
||||
else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
|
||||
|
||||
@@ -1485,6 +1485,7 @@ end:
|
||||
#else
|
||||
return (word32)(ktime_get_real_ns() / (ktime_t)1000000);
|
||||
#endif
|
||||
}
|
||||
#elif defined(WOLFSSL_QNX_CAAM)
|
||||
word32 TimeNowInMilliseconds(void)
|
||||
{
|
||||
@@ -4211,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
|
||||
if (!usingPSK) {
|
||||
/* Not using PSK so don't require no KE. */
|
||||
ssl->options.noPskDheKe = 0;
|
||||
|
||||
#ifndef NO_CERTS
|
||||
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
|
||||
WOLFSSL_MSG("Client did not send a KeyShare extension");
|
||||
|
||||
@@ -800,6 +800,11 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
|
||||
nfds = (int)sockfd + 1;
|
||||
#endif
|
||||
|
||||
if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
|
||||
WOLFSSL_MSG("socket fd out of FDSET range");
|
||||
return -1;
|
||||
}
|
||||
|
||||
FD_ZERO(&rfds);
|
||||
FD_SET(sockfd, &rfds);
|
||||
wfds = rfds;
|
||||
|
||||
+907
-85
File diff suppressed because it is too large
Load Diff
@@ -2394,10 +2394,23 @@ static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz,
|
||||
/* while free pending slots in queue, submit ops */
|
||||
for (i = 0; i < BENCH_MAX_PENDING; i++) {
|
||||
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) {
|
||||
#ifndef BENCHMARK_AESGCM_STREAM
|
||||
ret = wc_AesGcmEncrypt(&enc[i], bench_cipher,
|
||||
bench_plain, BENCH_SIZE,
|
||||
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
|
||||
bench_additional, aesAuthAddSz);
|
||||
#else
|
||||
ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz);
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher,
|
||||
bench_plain, BENCH_SIZE, bench_additional,
|
||||
aesAuthAddSz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag,
|
||||
AES_AUTH_TAG_SZ);
|
||||
}
|
||||
#endif
|
||||
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) {
|
||||
goto exit_aes_gcm;
|
||||
}
|
||||
@@ -2433,10 +2446,23 @@ exit_aes_gcm:
|
||||
/* while free pending slots in queue, submit ops */
|
||||
for (i = 0; i < BENCH_MAX_PENDING; i++) {
|
||||
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, numBlocks, &pending)) {
|
||||
#ifndef BENCHMARK_AESGCM_STREAM
|
||||
ret = wc_AesGcmDecrypt(&dec[i], bench_plain,
|
||||
bench_cipher, BENCH_SIZE,
|
||||
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
|
||||
bench_additional, aesAuthAddSz);
|
||||
#else
|
||||
ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz);
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain,
|
||||
bench_cipher, BENCH_SIZE, bench_additional,
|
||||
aesAuthAddSz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag,
|
||||
AES_AUTH_TAG_SZ);
|
||||
}
|
||||
#endif
|
||||
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, &pending)) {
|
||||
goto exit_aes_gcm_dec;
|
||||
}
|
||||
@@ -4651,18 +4677,17 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
|
||||
#endif
|
||||
#if !defined(WOLFSSL_MDK5_COMPLv5)
|
||||
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
|
||||
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
|
||||
DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
|
||||
#else
|
||||
byte* enc[BENCH_MAX_PENDING];
|
||||
#endif
|
||||
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
|
||||
#if !defined(WOLFSSL_MDK5_COMPLv5)
|
||||
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
|
||||
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
|
||||
DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
|
||||
#else
|
||||
int idxout;
|
||||
byte* out[BENCH_MAX_PENDING];
|
||||
#endif
|
||||
#else
|
||||
@@ -6890,7 +6915,7 @@ static int string_matches(const char* arg, const char* str)
|
||||
}
|
||||
#endif /* MAIN_NO_ARGS */
|
||||
|
||||
#ifdef WOLFSSL_ESPIDF
|
||||
#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
|
||||
int wolf_benchmark_task( )
|
||||
#elif defined(MAIN_NO_ARGS)
|
||||
int main()
|
||||
|
||||
+1673
-19
File diff suppressed because it is too large
Load Diff
+7129
-31
File diff suppressed because it is too large
Load Diff
+42
-5
@@ -4214,7 +4214,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
|
||||
seqSz += sz;
|
||||
|
||||
tmpIdx = 0;
|
||||
seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr);
|
||||
ret = SetShortInt(shr, &tmpIdx, itt, maxShr);
|
||||
if (ret >= 0) {
|
||||
seqSz += ret;
|
||||
}
|
||||
else {
|
||||
return ret;
|
||||
}
|
||||
innerSz += seqSz + SetSequence(seqSz, seq);
|
||||
totalSz += innerSz + SetSequence(innerSz, seq);
|
||||
|
||||
@@ -13048,11 +13054,11 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
|
||||
* nameStr value to be encoded
|
||||
* nameType type of encoding i.e CTC_UTF8
|
||||
* type id of attribute i.e ASN_COMMON_NAME
|
||||
*
|
||||
* emailType type of email i.e CTC_UTF8
|
||||
* returns length on success
|
||||
*/
|
||||
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type)
|
||||
static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type, byte emailType)
|
||||
{
|
||||
word32 idx = 0;
|
||||
/* bottom up */
|
||||
@@ -13127,11 +13133,12 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
case ASN_EMAIL_NAME:
|
||||
{
|
||||
const byte EMAIL_OID[] = {
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01
|
||||
};
|
||||
/* email joint id */
|
||||
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
|
||||
idx += (int)sizeof(EMAIL_OID);
|
||||
name->encoded[idx++] = emailType;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -13172,6 +13179,36 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
return idx;
|
||||
}
|
||||
|
||||
/* canonical encoding one attribute of the name (issuer/subject)
|
||||
* call wc_EncodeName_ex with CTC_UTF8 for email type
|
||||
*
|
||||
* name structure to hold result of encoding
|
||||
* nameStr value to be encoded
|
||||
* nameType type of encoding i.e CTC_UTF8
|
||||
* type id of attribute i.e ASN_COMMON_NAME
|
||||
*
|
||||
* returns length on success
|
||||
*/
|
||||
int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type)
|
||||
{
|
||||
return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */);
|
||||
}
|
||||
|
||||
/* Encodes one attribute of the name (issuer/subject)
|
||||
* call we_EncodeName_ex with 0x16, IA5String for email type
|
||||
* name structure to hold result of encoding
|
||||
* nameStr value to be encoded
|
||||
* nameType type of encoding i.e CTC_UTF8
|
||||
* type id of attribute i.e ASN_COMMON_NAME
|
||||
*
|
||||
* returns length on success
|
||||
*/
|
||||
int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
||||
byte type)
|
||||
{
|
||||
return wc_EncodeName_ex(name, nameStr, nameType, type, ASN_IA5_STRING);
|
||||
}
|
||||
/* encode CertName into output, return total bytes written */
|
||||
int SetName(byte* output, word32 outputSz, CertName* name)
|
||||
{
|
||||
|
||||
@@ -95,16 +95,18 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
|
||||
|
||||
XMEMSET(cmac, 0, sizeof(Cmac));
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (devId != INVALID_DEVID) {
|
||||
cmac->devId = devId;
|
||||
cmac->devCtx = NULL;
|
||||
|
||||
ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL,
|
||||
type, unused);
|
||||
if (ret != CRYPTOCB_UNAVAILABLE)
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
+4
-8
@@ -2126,7 +2126,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
|
||||
const byte* pub, word32 pubSz)
|
||||
{
|
||||
byte havePriv, havePub;
|
||||
mp_int *keyPriv = NULL, *keyPub = NULL;
|
||||
|
||||
if (key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -2154,7 +2153,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
|
||||
mp_clear(&key->priv);
|
||||
havePriv = 0;
|
||||
} else {
|
||||
keyPriv = &key->priv;
|
||||
WOLFSSL_MSG("DH Private Key Set");
|
||||
}
|
||||
}
|
||||
@@ -2172,16 +2170,14 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
|
||||
if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) {
|
||||
mp_clear(&key->pub);
|
||||
havePub = 0;
|
||||
if (havePriv) {
|
||||
mp_clear(&key->priv);
|
||||
havePriv = 0; /* set to 0 to error out with failed read pub */
|
||||
}
|
||||
} else {
|
||||
keyPub = &key->pub;
|
||||
WOLFSSL_MSG("DH Public Key Set");
|
||||
}
|
||||
}
|
||||
/* Free Memory if error occurred */
|
||||
if (havePriv == 0 && keyPriv != NULL)
|
||||
mp_clear(keyPriv);
|
||||
if (havePub == 0 && keyPub != NULL)
|
||||
mp_clear(keyPub);
|
||||
|
||||
if (havePriv == 0 && havePub == 0) {
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -521,6 +521,15 @@ const char* wc_GetErrorString(int error)
|
||||
case SAKKE_VERIFY_FAIL_E:
|
||||
return "SAKKE derivation verification error";
|
||||
|
||||
case MISSING_IV:
|
||||
return "Required IV not set";
|
||||
|
||||
case MISSING_KEY:
|
||||
return "Required key not set";
|
||||
|
||||
case BAD_LENGTH_E:
|
||||
return "Value of length parameter is invalid.";
|
||||
|
||||
default:
|
||||
return "unknown error number";
|
||||
|
||||
|
||||
+185
-22
@@ -553,6 +553,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
}
|
||||
|
||||
#if defined(HAVE_AESGCM)
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
const unsigned char *in, int inl) {
|
||||
if (in && inl > 0) {
|
||||
@@ -570,11 +571,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
|
||||
static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
int ret = 0;
|
||||
|
||||
*outl = inl;
|
||||
@@ -606,8 +609,42 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
#else
|
||||
int ret;
|
||||
|
||||
/* When out is NULL then this is AAD. */
|
||||
if (out == NULL) {
|
||||
if (ctx->enc) {
|
||||
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
|
||||
inl);
|
||||
}
|
||||
else {
|
||||
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
|
||||
inl);
|
||||
}
|
||||
}
|
||||
/* When out is not NULL then this is plaintext/cipher text. */
|
||||
else {
|
||||
if (ctx->enc) {
|
||||
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
|
||||
0);
|
||||
}
|
||||
else {
|
||||
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
|
||||
0);
|
||||
}
|
||||
}
|
||||
*outl = inl;
|
||||
if (ret == 0) {
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
}
|
||||
else {
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
return ret;
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
}
|
||||
#endif
|
||||
#endif /* HAVE_AESGCM */
|
||||
|
||||
/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
|
||||
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
@@ -626,16 +663,16 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
*outl = 0;
|
||||
|
||||
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
switch (ctx->cipherType) {
|
||||
case AES_128_GCM_TYPE:
|
||||
case AES_192_GCM_TYPE:
|
||||
case AES_256_GCM_TYPE:
|
||||
/* if out == NULL, in/inl contains the additional authenticated data for GCM */
|
||||
return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
|
||||
default:
|
||||
/* fall-through */
|
||||
break;
|
||||
}
|
||||
switch (ctx->cipherType) {
|
||||
case AES_128_GCM_TYPE:
|
||||
case AES_192_GCM_TYPE:
|
||||
case AES_256_GCM_TYPE:
|
||||
/* if out == NULL, in/inl contains the additional authenticated data * for GCM */
|
||||
return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
|
||||
default:
|
||||
/* fall-through */
|
||||
break;
|
||||
}
|
||||
#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
|
||||
|
||||
if (out == NULL) {
|
||||
@@ -770,6 +807,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
case AES_128_GCM_TYPE:
|
||||
case AES_192_GCM_TYPE:
|
||||
case AES_256_GCM_TYPE:
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0)
|
||||
|| (ctx->gcmBufferLen == 0)) {
|
||||
if (ctx->enc)
|
||||
@@ -799,6 +837,24 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
else {
|
||||
*outl = 0;
|
||||
}
|
||||
#else
|
||||
/* No data to return - all handled in Update. */
|
||||
*outl = 0;
|
||||
if (ctx->enc) {
|
||||
ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag,
|
||||
ctx->authTagSz);
|
||||
}
|
||||
else {
|
||||
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
|
||||
ctx->authTagSz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
}
|
||||
else {
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
/* Clear IV, since IV reuse is not recommended for AES GCM. */
|
||||
XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
|
||||
break;
|
||||
@@ -2172,7 +2228,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||
switch (pkey->type) {
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
case EVP_PKEY_RSA: {
|
||||
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
|
||||
int nid;
|
||||
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
|
||||
if (ctxmd == NULL) break;
|
||||
nid = wolfSSL_EVP_MD_type(ctxmd);
|
||||
if (nid < 0) break;
|
||||
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
|
||||
siglen, pkey->rsa);
|
||||
@@ -2248,7 +2307,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
|
||||
switch (pkey->type) {
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
case EVP_PKEY_RSA: {
|
||||
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
|
||||
int nid;
|
||||
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
|
||||
if (ctxmd == NULL) break;
|
||||
nid = wolfSSL_EVP_MD_type(ctxmd);
|
||||
if (nid < 0) break;
|
||||
return wolfSSL_RSA_verify(nid, md, mdsize, sig,
|
||||
(unsigned int)siglen, pkey->rsa);
|
||||
@@ -2624,7 +2686,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
case EVP_PKEY_RSA: {
|
||||
unsigned int sigSz;
|
||||
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
|
||||
int nid;
|
||||
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
|
||||
if (md == NULL)
|
||||
break;
|
||||
nid = wolfSSL_EVP_MD_type(md);
|
||||
if (nid < 0)
|
||||
break;
|
||||
ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
|
||||
@@ -2717,7 +2783,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
|
||||
switch (ctx->pctx->pkey->type) {
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
case EVP_PKEY_RSA: {
|
||||
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
|
||||
int nid;
|
||||
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
|
||||
if (md == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
nid = wolfSSL_EVP_MD_type(md);
|
||||
if (nid < 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,
|
||||
@@ -4089,10 +4159,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
WOLFSSL_MSG("Key or IV not set");
|
||||
break;
|
||||
}
|
||||
if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) {
|
||||
if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv,
|
||||
ctx->ivSz)) != 0) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetIV failed");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
/* Initialize using IV cached in Aes object. */
|
||||
if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, NULL, 0) != 0) {
|
||||
WOLFSSL_MSG("wc_AesGcmInit failed");
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
/* OpenSSL increments the IV. Not sure why */
|
||||
IncCtr(ctx->iv, ctx->ivSz);
|
||||
break;
|
||||
@@ -4389,14 +4467,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
ctx->ivSz = GCM_NONCE_MID_SZ;
|
||||
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* !WOLFSSL_AESGCM_STREAM */
|
||||
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
/* Initialize with key and IV if available. */
|
||||
if (wc_AesGcmInit(&ctx->cipher.aes, key,
|
||||
(key == NULL) ? 0 : ctx->keyLen, iv,
|
||||
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
|
||||
WOLFSSL_MSG("wc_AesGcmInit() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
}
|
||||
@@ -4414,14 +4503,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
ctx->ivSz = GCM_NONCE_MID_SZ;
|
||||
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* !WOLFSSL_AESGCM_STREAM */
|
||||
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
/* Initialize with key and IV if available. */
|
||||
if (wc_AesGcmInit(&ctx->cipher.aes, key,
|
||||
(key == NULL) ? 0 : ctx->keyLen, iv,
|
||||
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
|
||||
WOLFSSL_MSG("wc_AesGcmInit() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
}
|
||||
@@ -4439,14 +4539,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
ctx->ivSz = GCM_NONCE_MID_SZ;
|
||||
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* !WOLFSSL_AESGCM_STREAM */
|
||||
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
|
||||
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
/* Initialize with key and IV if available. */
|
||||
if (wc_AesGcmInit(&ctx->cipher.aes,
|
||||
key, (key == NULL) ? 0 : ctx->keyLen,
|
||||
iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
|
||||
WOLFSSL_MSG("wc_AesGcmInit() failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
}
|
||||
@@ -4498,7 +4609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
if (key) {
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
|
||||
AES_ENCRYPTION, 1);
|
||||
if (ret != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -4526,7 +4637,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
if (key) {
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
|
||||
AES_ENCRYPTION, 1);
|
||||
if (ret != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -4552,7 +4663,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
if (enc == 0 || enc == 1)
|
||||
ctx->enc = enc ? 1 : 0;
|
||||
if (key) {
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
|
||||
ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
|
||||
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
|
||||
}
|
||||
if (ret != 0)
|
||||
@@ -5278,6 +5389,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
case AES_192_GCM_TYPE :
|
||||
case AES_256_GCM_TYPE :
|
||||
WOLFSSL_MSG("AES GCM");
|
||||
#ifndef WOLFSSL_AESGCM_STREAM
|
||||
if (!dst) {
|
||||
ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
|
||||
}
|
||||
@@ -5291,6 +5403,50 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
len, ctx->iv, ctx->ivSz, ctx->authTag,
|
||||
ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz);
|
||||
}
|
||||
#else
|
||||
/* Do one shot operation with streaming API as other
|
||||
* initialization set up for streaming. */
|
||||
ret = wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, ctx->iv,
|
||||
ctx->ivSz);
|
||||
/* No destination means only AAD. */
|
||||
if ((ret == 0) && (dst == NULL)) {
|
||||
if (ctx->enc) {
|
||||
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL,
|
||||
NULL, 0, src, len);
|
||||
}
|
||||
else {
|
||||
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL,
|
||||
NULL, 0, src, len);
|
||||
}
|
||||
}
|
||||
/* Only plaintext/cipher text. */
|
||||
else if (ret == 0) {
|
||||
if (ctx->enc) {
|
||||
ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src,
|
||||
len, NULL, 0);
|
||||
}
|
||||
else {
|
||||
ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src,
|
||||
len, NULL, 0);
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
|
||||
ctx->authTag, ctx->authTagSz);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (ctx->enc) {
|
||||
/* Calculate authentication tag. */
|
||||
ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes,
|
||||
ctx->authTag, ctx->authTagSz);
|
||||
}
|
||||
else {
|
||||
/* Calculate authentication tag and compare. */
|
||||
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
|
||||
ctx->authTag, ctx->authTagSz);
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
if (ret == 0)
|
||||
ret = len;
|
||||
break;
|
||||
@@ -6726,17 +6882,24 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
|
||||
XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
|
||||
pkey->heap = heap;
|
||||
pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
|
||||
|
||||
/* init of mutex needs to come before wolfSSL_EVP_PKEY_free */
|
||||
ret = wc_InitMutex(&pkey->refMutex);
|
||||
if (ret != 0){
|
||||
XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
WOLFSSL_MSG("Issue initializing mutex");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID);
|
||||
#else
|
||||
ret = wc_InitRng(&pkey->rng);
|
||||
#endif
|
||||
pkey->references = 1;
|
||||
wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before
|
||||
* wolfSSL_EVP_PKEY_free */
|
||||
if (ret != 0){
|
||||
wolfSSL_EVP_PKEY_free(pkey);
|
||||
WOLFSSL_MSG("memory failure");
|
||||
WOLFSSL_MSG("Issue initializing RNG");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
+15
-11
@@ -200,62 +200,66 @@ int wc_HmacSizeByType(int type)
|
||||
int _InitHmac(Hmac* hmac, int type, void* heap)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
int devId = hmac->devId;
|
||||
#else
|
||||
int devId = INVALID_DEVID;
|
||||
#endif
|
||||
switch (type) {
|
||||
#ifndef NO_MD5
|
||||
case WC_MD5:
|
||||
ret = wc_InitMd5(&hmac->hash.md5);
|
||||
ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId);
|
||||
break;
|
||||
#endif /* !NO_MD5 */
|
||||
|
||||
#ifndef NO_SHA
|
||||
case WC_SHA:
|
||||
ret = wc_InitSha(&hmac->hash.sha);
|
||||
ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId);
|
||||
break;
|
||||
#endif /* !NO_SHA */
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
case WC_SHA224:
|
||||
ret = wc_InitSha224(&hmac->hash.sha224);
|
||||
ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA224 */
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case WC_SHA256:
|
||||
ret = wc_InitSha256(&hmac->hash.sha256);
|
||||
ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId);
|
||||
break;
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case WC_SHA384:
|
||||
ret = wc_InitSha384(&hmac->hash.sha384);
|
||||
ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case WC_SHA512:
|
||||
ret = wc_InitSha512(&hmac->hash.sha512);
|
||||
ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId);
|
||||
break;
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
#ifdef WOLFSSL_SHA3
|
||||
#ifndef WOLFSSL_NOSHA3_224
|
||||
case WC_SHA3_224:
|
||||
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
|
||||
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_256
|
||||
case WC_SHA3_256:
|
||||
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
|
||||
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_384
|
||||
case WC_SHA3_384:
|
||||
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
|
||||
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId);
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_NOSHA3_512
|
||||
case WC_SHA3_512:
|
||||
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
|
||||
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
+7
-10
@@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
|
||||
return MP_VAL;
|
||||
}
|
||||
if (mp_isone(P)) {
|
||||
mp_set(Y, 0);
|
||||
return MP_OKAY;
|
||||
return mp_set(Y, 0);
|
||||
}
|
||||
if (mp_iszero(X)) {
|
||||
mp_set(Y, 1);
|
||||
return MP_OKAY;
|
||||
return mp_set(Y, 1);
|
||||
}
|
||||
if (mp_iszero(G)) {
|
||||
mp_set(Y, 0);
|
||||
return MP_OKAY;
|
||||
return mp_set(Y, 0);
|
||||
}
|
||||
|
||||
/* if exponent X is negative we have to recurse */
|
||||
@@ -1449,10 +1446,10 @@ int mp_set (mp_int * a, mp_digit b)
|
||||
/* check if a bit is set */
|
||||
int mp_is_bit_set (mp_int *a, mp_digit b)
|
||||
{
|
||||
int i = (int)(b / DIGIT_BIT); /* word index */
|
||||
int s = b % DIGIT_BIT; /* bit index */
|
||||
mp_digit i = b / DIGIT_BIT; /* word index */
|
||||
mp_digit s = b % DIGIT_BIT; /* bit index */
|
||||
|
||||
if (a->used <= i) {
|
||||
if ((mp_digit)a->used <= i) {
|
||||
/* no words avaialable at that bit count */
|
||||
return 0;
|
||||
}
|
||||
@@ -2415,7 +2412,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
|
||||
}
|
||||
|
||||
/* swap res with Y */
|
||||
mp_copy(res, Y);
|
||||
err = mp_copy(res, Y);
|
||||
|
||||
LBL_RES:mp_clear (res);
|
||||
LBL_M:
|
||||
|
||||
+10
-1
@@ -755,7 +755,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
|
||||
outerSz += mac->saltSz;
|
||||
|
||||
/* MAC iterations */
|
||||
outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
|
||||
ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
|
||||
if (ret >= 0) {
|
||||
outerSz += ret;
|
||||
ret = 0;
|
||||
}
|
||||
else {
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* sequence of inner data */
|
||||
outerSz += SetSequence(innerSz, seq);
|
||||
@@ -1817,6 +1824,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx);
|
||||
if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){
|
||||
WOLFSSL_MSG("Buffer not large enough for DATA OID");
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BUFFER_E;
|
||||
}
|
||||
XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
|
||||
@@ -1824,6 +1832,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
|
||||
/* copy over encrypted data */
|
||||
if (idx + encSz > *outSz){
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BUFFER_E;
|
||||
}
|
||||
XMEMCPY(out + idx, tmp, encSz);
|
||||
|
||||
+11
-1
@@ -5077,6 +5077,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
||||
if (pkcs7->stream->flagOne) {
|
||||
pkiMsg2 = pkiMsg;
|
||||
|
||||
/* check if using internal stream buffer and should adjust sz */
|
||||
if (pkiMsg != in && pkcs7->stream->length > 0) {
|
||||
pkiMsg2Sz = pkcs7->stream->length;
|
||||
}
|
||||
}
|
||||
|
||||
/* restore content type */
|
||||
@@ -5136,7 +5141,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* last state expect the reset of the buffer */
|
||||
/* last state expect the rest of the buffer */
|
||||
pkcs7->stream->expected = (pkcs7->stream->maxLen -
|
||||
pkcs7->stream->totalRd) + pkcs7->stream->length;
|
||||
}
|
||||
@@ -5155,6 +5160,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
|
||||
if (pkcs7->stream->flagOne) {
|
||||
pkiMsg2 = pkiMsg;
|
||||
|
||||
/* check if using internal stream buffer and should adjust sz */
|
||||
if (pkiMsg != in && pkcs7->stream->length > 0) {
|
||||
pkiMsg2Sz = pkcs7->stream->length;
|
||||
}
|
||||
}
|
||||
|
||||
/* restore content */
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
|
||||
#ifndef __aarch64__
|
||||
.text
|
||||
.align 2
|
||||
@@ -6008,7 +6008,7 @@ fe_ge_sub:
|
||||
pop {r4, r5, r6, r7, r8, r9, r10, r11, pc}
|
||||
.size fe_ge_sub,.-fe_ge_sub
|
||||
#endif /* !__aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
|
||||
|
||||
#if defined(__linux__) && defined(__ELF__)
|
||||
.section .note.GNU-stack,"",%progbits
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
|
||||
#ifndef __aarch64__
|
||||
#include <stdint.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@@ -5573,4 +5573,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
|
||||
}
|
||||
|
||||
#endif /* !__aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
|
||||
#ifndef __aarch64__
|
||||
#ifdef WOLFSSL_ARMASM_NO_NEON
|
||||
.text
|
||||
@@ -5331,7 +5331,7 @@ L_sha512_len_neon_start:
|
||||
.size Transform_Sha512_Len,.-Transform_Sha512_Len
|
||||
#endif /* !WOLFSSL_ARMASM_NO_NEON */
|
||||
#endif /* !__aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
|
||||
|
||||
#if defined(__linux__) && defined(__ELF__)
|
||||
.section .note.GNU-stack,"",%progbits
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
|
||||
#ifndef __aarch64__
|
||||
#include <stdint.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@@ -4776,4 +4776,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
|
||||
|
||||
#endif /* !WOLFSSL_ARMASM_NO_NEON */
|
||||
#endif /* !__aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
|
||||
#ifdef __aarch64__
|
||||
#ifndef __APPLE__
|
||||
.text
|
||||
@@ -7472,7 +7472,7 @@ _fe_ge_sub:
|
||||
.size fe_ge_sub,.-fe_ge_sub
|
||||
#endif /* __APPLE__ */
|
||||
#endif /* __aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
|
||||
|
||||
#if defined(__linux__) && defined(__ELF__)
|
||||
.section .note.GNU-stack,"",%progbits
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
|
||||
#ifdef __aarch64__
|
||||
#include <wolfssl/wolfcrypt/fe_operations.h>
|
||||
|
||||
@@ -7217,4 +7217,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
|
||||
}
|
||||
|
||||
#endif /* __aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
|
||||
|
||||
@@ -96,6 +96,188 @@ static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
|
||||
|
||||
#ifdef __aarch64__
|
||||
|
||||
/* First block is in sha256->buffer and rest in data. */
|
||||
static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
|
||||
word32 numBlocks)
|
||||
{
|
||||
word32* k = (word32*)K;
|
||||
|
||||
__asm__ volatile (
|
||||
"#load leftover data\n"
|
||||
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
|
||||
|
||||
"#load current digest\n"
|
||||
"LD1 {v12.2d-v13.2d}, %[digest] \n"
|
||||
"MOV w8, %w[blocks] \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
|
||||
"#load K values in \n"
|
||||
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
|
||||
|
||||
/* beginning of SHA256 block operation */
|
||||
"1:\n"
|
||||
/* Round 1 */
|
||||
"MOV v4.16b, v0.16b \n"
|
||||
"ADD v0.4s, v0.4s, v16.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 2 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v17.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 3 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v18.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 4 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v19.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 5 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v20.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 6 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v21.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 7 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v22.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 8 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v23.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 9 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v24.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 10 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v25.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 11 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v26.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 12 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v27.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 13 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v28.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 14 */
|
||||
"ADD v0.4s, v1.4s, v29.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 15 */
|
||||
"ADD v0.4s, v2.4s, v30.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 16 */
|
||||
"ADD v0.4s, v3.4s, v31.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"SUB w8, w8, #1 \n"
|
||||
"ADD v12.4s, v12.4s, v14.4s \n"
|
||||
"ADD v13.4s, v13.4s, v15.4s \n"
|
||||
|
||||
"#check if more blocks should be done\n"
|
||||
"CBZ w8, 2f \n"
|
||||
|
||||
"#load in message and schedule updates \n"
|
||||
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n"
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
"B 1b \n" /* do another block */
|
||||
|
||||
"2:\n"
|
||||
"STP q12, q13, %[out] \n"
|
||||
|
||||
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
|
||||
"=r" (data), "=r" (k)
|
||||
: [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
|
||||
[blocks] "2" (numBlocks), [dataIn] "3" (data)
|
||||
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
|
||||
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
|
||||
"v15", "v16", "v17", "v18", "v19", "v20", "v21",
|
||||
"v22", "v23", "v24", "v25", "v26", "v27", "v28",
|
||||
"v29", "v30", "v31", "w8"
|
||||
);
|
||||
}
|
||||
|
||||
/* ARMv8 hardware acceleration */
|
||||
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
|
||||
{
|
||||
@@ -115,184 +297,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
|
||||
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
|
||||
|
||||
if (numBlocks > 0) {
|
||||
word32* k = (word32*)K;
|
||||
|
||||
/* get leftover amount after blocks */
|
||||
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
|
||||
__asm__ volatile (
|
||||
"#load leftover data\n"
|
||||
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
|
||||
|
||||
"#load current digest\n"
|
||||
"LD1 {v12.2d-v13.2d}, %[digest] \n"
|
||||
"MOV w8, %w[blocks] \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
|
||||
"#load K values in \n"
|
||||
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
|
||||
|
||||
/* beginning of SHA256 block operation */
|
||||
"1:\n"
|
||||
/* Round 1 */
|
||||
"MOV v4.16b, v0.16b \n"
|
||||
"ADD v0.4s, v0.4s, v16.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 2 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v17.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 3 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v18.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 4 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v19.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 5 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v20.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 6 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v21.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 7 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v22.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 8 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v23.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 9 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v24.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 10 */
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"ADD v0.4s, v1.4s, v25.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 11 */
|
||||
"SHA256SU0 v1.4s, v2.4s \n"
|
||||
"ADD v0.4s, v2.4s, v26.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v1.4s, v3.4s, v4.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 12 */
|
||||
"SHA256SU0 v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v27.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v2.4s, v4.4s, v1.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 13 */
|
||||
"SHA256SU0 v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v28.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256SU1 v3.4s, v1.4s, v2.4s \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 14 */
|
||||
"ADD v0.4s, v1.4s, v29.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 15 */
|
||||
"ADD v0.4s, v2.4s, v30.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Round 16 */
|
||||
"ADD v0.4s, v3.4s, v31.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"SUB w8, w8, #1 \n"
|
||||
"ADD v12.4s, v12.4s, v14.4s \n"
|
||||
"ADD v13.4s, v13.4s, v15.4s \n"
|
||||
|
||||
"#check if more blocks should be done\n"
|
||||
"CBZ w8, 2f \n"
|
||||
|
||||
"#load in message and schedule updates \n"
|
||||
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n"
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
"B 1b \n" /* do another block */
|
||||
|
||||
"2:\n"
|
||||
"STP q12, q13, %[out] \n"
|
||||
|
||||
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
|
||||
"=r" (data), "=r" (k)
|
||||
: [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
|
||||
[blocks] "2" (numBlocks), [dataIn] "3" (data)
|
||||
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
|
||||
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
|
||||
"v15", "v16", "v17", "v18", "v19", "v20", "v21",
|
||||
"v22", "v23", "v24", "v25", "v26", "v27", "v28",
|
||||
"v29", "v30", "v31", "w8"
|
||||
);
|
||||
Sha256Transform(sha256, data, numBlocks);
|
||||
|
||||
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
|
||||
|
||||
@@ -658,6 +666,202 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
|
||||
|
||||
#else /* not using 64 bit */
|
||||
|
||||
static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
|
||||
word32 numBlocks)
|
||||
{
|
||||
word32* bufPt = sha256->buffer;
|
||||
word32* digPt = sha256->digest;
|
||||
|
||||
__asm__ volatile (
|
||||
"#load leftover data\n"
|
||||
"VLDM %[buffer]!, {q0-q3} \n"
|
||||
|
||||
"#load current digest\n"
|
||||
"VLDM %[digest], {q12-q13} \n"
|
||||
"MOV r8, %[blocks] \n"
|
||||
"VREV32.8 q0, q0 \n"
|
||||
"VREV32.8 q1, q1 \n"
|
||||
"VREV32.8 q2, q2 \n"
|
||||
"VREV32.8 q3, q3 \n"
|
||||
"VLDM %[k]! ,{q5-q8} \n"
|
||||
"VLDM %[k]! ,{q9}\n"
|
||||
|
||||
"VMOV.32 q14, q12 \n" /* store digest for add at the end */
|
||||
"VMOV.32 q15, q13 \n"
|
||||
|
||||
/* beginning of SHA256 block operation */
|
||||
"1:\n"
|
||||
|
||||
/* Round 1 */
|
||||
"VMOV.32 q4, q0 \n"
|
||||
"VADD.i32 q0, q0, q5 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 2 */
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q6 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 3 */
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q7 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 4 */
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q8 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 5 */
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q9 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 6 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 7 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 8 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 9 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 10 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 11 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 12 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 13 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 14 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 15 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 16 */
|
||||
"VLD1.32 {q10}, [%[k]] \n"
|
||||
"SUB r8, r8, #1 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"VADD.i32 q12, q12, q14 \n"
|
||||
"VADD.i32 q13, q13, q15 \n"
|
||||
|
||||
"#check if more blocks should be done\n"
|
||||
"CMP r8, #0 \n"
|
||||
"BEQ 2f \n"
|
||||
|
||||
"#load in message and schedule updates \n"
|
||||
"VLD1.32 {q0}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q1}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q2}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q3}, [%[dataIn]]! \n"
|
||||
|
||||
/* reset K pointer */
|
||||
"SUB %[k], %[k], #160 \n"
|
||||
"VREV32.8 q0, q0 \n"
|
||||
"VREV32.8 q1, q1 \n"
|
||||
"VREV32.8 q2, q2 \n"
|
||||
"VREV32.8 q3, q3 \n"
|
||||
"VMOV.32 q14, q12 \n"
|
||||
"VMOV.32 q15, q13 \n"
|
||||
"B 1b \n" /* do another block */
|
||||
|
||||
"2:\n"
|
||||
"VST1.32 {q12, q13}, [%[out]] \n"
|
||||
|
||||
: [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
|
||||
"=r" (data)
|
||||
: [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
|
||||
[blocks] "2" (numBlocks), [dataIn] "3" (data)
|
||||
: "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
|
||||
"q8", "q9", "q10", "q11", "q12", "q13", "q14",
|
||||
"q15", "r8"
|
||||
);
|
||||
}
|
||||
|
||||
/* ARMv8 hardware acceleration Aarch32 */
|
||||
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
|
||||
{
|
||||
@@ -677,198 +881,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
|
||||
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
|
||||
|
||||
if (numBlocks > 0) {
|
||||
word32* bufPt = sha256->buffer;
|
||||
word32* digPt = sha256->digest;
|
||||
/* get leftover amount after blocks */
|
||||
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
|
||||
__asm__ volatile (
|
||||
"#load leftover data\n"
|
||||
"VLDM %[buffer]!, {q0-q3} \n"
|
||||
|
||||
"#load current digest\n"
|
||||
"VLDM %[digest], {q12-q13} \n"
|
||||
"MOV r8, %[blocks] \n"
|
||||
"VREV32.8 q0, q0 \n"
|
||||
"VREV32.8 q1, q1 \n"
|
||||
"VREV32.8 q2, q2 \n"
|
||||
"VREV32.8 q3, q3 \n"
|
||||
"VLDM %[k]! ,{q5-q8} \n"
|
||||
"VLDM %[k]! ,{q9}\n"
|
||||
|
||||
"VMOV.32 q14, q12 \n" /* store digest for add at the end */
|
||||
"VMOV.32 q15, q13 \n"
|
||||
|
||||
/* beginning of SHA256 block operation */
|
||||
"1:\n"
|
||||
|
||||
/* Round 1 */
|
||||
"VMOV.32 q4, q0 \n"
|
||||
"VADD.i32 q0, q0, q5 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 2 */
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q6 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 3 */
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q7 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 4 */
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q8 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 5 */
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q9 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 6 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 7 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 8 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 9 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 10 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q4, q1 \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q4, q2, q3 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 11 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q1, q2 \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q1, q3, q4 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 12 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q2, q3 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q2, q4, q1 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 13 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"SHA256SU0.32 q3, q4 \n"
|
||||
"VADD.i32 q0, q4, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256SU1.32 q3, q1, q2 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 14 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"VADD.i32 q0, q1, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 15 */
|
||||
"VLD1.32 {q10}, [%[k]]! \n"
|
||||
"VADD.i32 q0, q2, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
/* Round 16 */
|
||||
"VLD1.32 {q10}, [%[k]] \n"
|
||||
"SUB r8, r8, #1 \n"
|
||||
"VADD.i32 q0, q3, q10 \n"
|
||||
"VMOV.32 q11, q12 \n"
|
||||
"SHA256H.32 q12, q13, q0 \n"
|
||||
"SHA256H2.32 q13, q11, q0 \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"VADD.i32 q12, q12, q14 \n"
|
||||
"VADD.i32 q13, q13, q15 \n"
|
||||
|
||||
"#check if more blocks should be done\n"
|
||||
"CMP r8, #0 \n"
|
||||
"BEQ 2f \n"
|
||||
|
||||
"#load in message and schedule updates \n"
|
||||
"VLD1.32 {q0}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q1}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q2}, [%[dataIn]]! \n"
|
||||
"VLD1.32 {q3}, [%[dataIn]]! \n"
|
||||
|
||||
/* reset K pointer */
|
||||
"SUB %[k], %[k], #160 \n"
|
||||
"VREV32.8 q0, q0 \n"
|
||||
"VREV32.8 q1, q1 \n"
|
||||
"VREV32.8 q2, q2 \n"
|
||||
"VREV32.8 q3, q3 \n"
|
||||
"VMOV.32 q14, q12 \n"
|
||||
"VMOV.32 q15, q13 \n"
|
||||
"B 1b \n" /* do another block */
|
||||
|
||||
"2:\n"
|
||||
"VST1.32 {q12, q13}, [%[out]] \n"
|
||||
|
||||
: [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
|
||||
"=r" (data)
|
||||
: [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
|
||||
[blocks] "2" (numBlocks), [dataIn] "3" (data)
|
||||
: "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
|
||||
"q8", "q9", "q10", "q11", "q12", "q13", "q14",
|
||||
"q15", "r8"
|
||||
);
|
||||
Sha256Transform(sha256, data, numBlocks);
|
||||
|
||||
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
|
||||
|
||||
@@ -1401,6 +1417,22 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
|
||||
{
|
||||
if (sha256 == NULL || data == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#ifdef LITTLE_ENDIAN_ORDER
|
||||
ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE);
|
||||
#else
|
||||
XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
|
||||
#endif
|
||||
Sha256Transform(sha256, data, 1);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
|
||||
#ifdef __aarch64__
|
||||
#ifndef __APPLE__
|
||||
.text
|
||||
@@ -1093,7 +1093,7 @@ L_sha512_len_neon_start:
|
||||
.size Transform_Sha512_Len,.-Transform_Sha512_Len
|
||||
#endif /* __APPLE__ */
|
||||
#endif /* __aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
|
||||
|
||||
#if defined(__linux__) && defined(__ELF__)
|
||||
.section .note.GNU-stack,"",%progbits
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
* cd ../scripts
|
||||
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c
|
||||
*/
|
||||
#ifdef WOLFSSL_ARMASM
|
||||
#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
|
||||
#ifdef __aarch64__
|
||||
#include <wolfssl/wolfcrypt/sha512.h>
|
||||
|
||||
@@ -1050,4 +1050,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
|
||||
}
|
||||
|
||||
#endif /* __aarch64__ */
|
||||
#endif /* WOLFSSL_ARMASM */
|
||||
#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
|
||||
|
||||
@@ -483,6 +483,17 @@ void wc_Sha512Free(wc_Sha512* sha512)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
|
||||
{
|
||||
if (sha512 == NULL || data == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
Transform_Sha512_Len(sha512, data, WC_SHA512_BLOCK_SIZE);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
@@ -335,13 +335,10 @@ static Error caamCreatePartition(unsigned int page, unsigned int par,
|
||||
}
|
||||
|
||||
|
||||
/* return a mapped address to the partition on success, returns 0 on fail */
|
||||
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
|
||||
unsigned int flag)
|
||||
/* return a partitions physical address on success, returns 0 on fail */
|
||||
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag)
|
||||
{
|
||||
int err;
|
||||
CAAM_ADDRESS vaddr;
|
||||
unsigned int local;
|
||||
|
||||
(void)flag; /* flag is for future changes to flag passed when creating */
|
||||
|
||||
@@ -353,13 +350,7 @@ CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* map secure partition to virtual address */
|
||||
local = (CAAM_PAGE + (part << 12));
|
||||
vaddr = CAAM_ADR_TO_VIRTUAL(local, partSz);
|
||||
if (phys != NULL) {
|
||||
*phys = local;
|
||||
}
|
||||
return vaddr;
|
||||
return (CAAM_ADDRESS)(CAAM_PAGE + (part << 12));
|
||||
}
|
||||
|
||||
|
||||
@@ -839,11 +830,19 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
|
||||
}
|
||||
#endif
|
||||
|
||||
CAAM_ADR_UNMAP(vaddr[0], desc->buf[1].data, desc->buf[1].dataSz, 1);
|
||||
CAAM_ADR_UNMAP(vaddr[1], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
|
||||
for (vidx = 2, i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
|
||||
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0);
|
||||
vidx = 0;
|
||||
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[1].data, desc->buf[1].dataSz, 1);
|
||||
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
|
||||
if (sz == 2) {
|
||||
CAAM_ADR_UNMAP(vaddr[vidx], 0, 0, 0);
|
||||
}
|
||||
else {
|
||||
for (i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
|
||||
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data,
|
||||
desc->buf[i].dataSz, 0);
|
||||
}
|
||||
}
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -888,8 +887,7 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4])
|
||||
|
||||
/* map secure partition to virtual address */
|
||||
phys = (CAAM_PAGE + (part << 12));
|
||||
buf[0].TheAddress = CAAM_ADR_TO_VIRTUAL(phys,
|
||||
buf[0].Length + buf[1].Length + BLACK_KEY_MAC_SZ);
|
||||
buf[0].TheAddress = phys;
|
||||
desc->desc[desc->idx++] = phys;
|
||||
|
||||
/* public x,y out */
|
||||
@@ -979,8 +977,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz,
|
||||
vidx = vidx + 1;
|
||||
}
|
||||
else {
|
||||
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
|
||||
desc->buf[i].dataSz);
|
||||
desc->desc[desc->idx++] = desc->buf[i].data;
|
||||
}
|
||||
i = i + 1;
|
||||
|
||||
@@ -1089,8 +1086,7 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4])
|
||||
vidx++;
|
||||
}
|
||||
else {
|
||||
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
|
||||
desc->buf[i].dataSz);
|
||||
desc->desc[desc->idx++] = desc->buf[i].data;
|
||||
}
|
||||
i++;
|
||||
|
||||
@@ -1162,9 +1158,9 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
|
||||
void* vaddr[sz];
|
||||
|
||||
if (args != NULL) {
|
||||
isBlackKey = args[0];
|
||||
isBlackKey = args[0];
|
||||
peerBlackKey = args[1];
|
||||
pdECDSEL = args[2];
|
||||
pdECDSEL = args[2];
|
||||
}
|
||||
|
||||
if (pdECDSEL == 0) {
|
||||
@@ -1193,8 +1189,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
|
||||
vidx++;
|
||||
}
|
||||
else {
|
||||
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
|
||||
desc->buf[i].dataSz);
|
||||
desc->desc[desc->idx++] = desc->buf[i].data;
|
||||
}
|
||||
i++;
|
||||
|
||||
@@ -1216,8 +1211,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
|
||||
vidx++;
|
||||
}
|
||||
else {
|
||||
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
|
||||
desc->buf[i].dataSz);
|
||||
desc->desc[desc->idx++] = desc->buf[i].data;
|
||||
}
|
||||
i++;
|
||||
|
||||
@@ -1507,9 +1501,10 @@ int InitCAAM(void)
|
||||
}
|
||||
|
||||
|
||||
int caamJobRingFree()
|
||||
int CleanupCAAM()
|
||||
{
|
||||
CAAM_FREE_MUTEX(&caam.ring.jr_lock);
|
||||
CAAM_UNSET_BASEADDR();
|
||||
caamFreeAllPart();
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -85,6 +85,11 @@ int CAAM_SET_BASEADDR()
|
||||
}
|
||||
|
||||
|
||||
/* cleans up having set the base address */
|
||||
void CAAM_UNSET_BASEADDR()
|
||||
{
|
||||
munmap_device_io(virtual_base, 0x00010000);
|
||||
}
|
||||
|
||||
/* convert a virtual address to a physical address
|
||||
* returns the physical address on success
|
||||
@@ -105,7 +110,7 @@ CAAM_ADDRESS CAAM_ADR_TO_PHYSICAL(void* in, int inSz)
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("posix offset failed");
|
||||
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
|
||||
perror("");
|
||||
perror("posix offset failed : ");
|
||||
#endif
|
||||
}
|
||||
msync(in, inSz, MS_INVALIDATE);
|
||||
@@ -146,7 +151,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy)
|
||||
if (vaddr == MAP_FAILED) {
|
||||
WOLFSSL_MSG("Failed to map memory");
|
||||
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
|
||||
perror("");
|
||||
perror("Failed to map memory : ");
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
@@ -229,10 +234,8 @@ int CAAM_ADR_SYNC(void* vaddr, int sz)
|
||||
*/
|
||||
static int sanityCheckPartitionAddress(CAAM_ADDRESS partAddr, int partSz)
|
||||
{
|
||||
unsigned int phys;
|
||||
|
||||
phys = CAAM_ADR_TO_PHYSICAL((void*)partAddr, partSz);
|
||||
if (phys < CAAM_PAGE || (phys + partSz) > CAAM_PAGE*7) {
|
||||
if (partAddr < CAAM_PAGE || partAddr > CAAM_PAGE * MAX_PART ||
|
||||
partSz > 4096) {
|
||||
WOLFSSL_MSG("error in physical address range");
|
||||
return -1;
|
||||
}
|
||||
@@ -924,7 +927,11 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg,
|
||||
partNumber = args[0];
|
||||
partSz = args[1];
|
||||
|
||||
partAddr = caamGetPartition(partNumber, partSz, NULL, 0);
|
||||
partAddr = caamGetPartition(partNumber, partSz, 0);
|
||||
if (partAddr == 0) {
|
||||
return EBADMSG;
|
||||
}
|
||||
|
||||
SETIOV(&out_iov, &partAddr, sizeof(CAAM_ADDRESS));
|
||||
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
|
||||
|
||||
@@ -943,6 +950,7 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
|
||||
{
|
||||
int partSz, ret;
|
||||
CAAM_ADDRESS partAddr;
|
||||
CAAM_ADDRESS vaddr;
|
||||
unsigned char *buf;
|
||||
iov_t in_iov;
|
||||
|
||||
@@ -968,7 +976,14 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
|
||||
return EBADMSG;
|
||||
}
|
||||
|
||||
CAAM_ADR_UNMAP(buf, partAddr, partSz, 1);
|
||||
vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
|
||||
if (vaddr == 0) {
|
||||
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
|
||||
return ECANCELED;
|
||||
}
|
||||
|
||||
CAAM_ADR_UNMAP(buf, vaddr, partSz, 1);
|
||||
CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
|
||||
return EOK;
|
||||
}
|
||||
|
||||
@@ -981,6 +996,7 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
|
||||
{
|
||||
int partSz;
|
||||
CAAM_ADDRESS partAddr;
|
||||
CAAM_ADDRESS vaddr;
|
||||
unsigned char *buf;
|
||||
iov_t out_iov;
|
||||
|
||||
@@ -1002,10 +1018,18 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
|
||||
if (buf == NULL) {
|
||||
return ECANCELED;
|
||||
}
|
||||
memcpy(buf, (unsigned int*)partAddr, partSz);
|
||||
|
||||
vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
|
||||
if (vaddr == 0) {
|
||||
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
|
||||
return ECANCELED;
|
||||
}
|
||||
|
||||
memcpy(buf, (unsigned char*)vaddr, partSz);
|
||||
SETIOV(&out_iov, buf, partSz);
|
||||
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
|
||||
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
|
||||
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
|
||||
CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
|
||||
return EOK;
|
||||
}
|
||||
|
||||
@@ -1249,14 +1273,14 @@ int main(int argc, char *argv[])
|
||||
while (1) {
|
||||
ctp = dispatch_block(ctp);
|
||||
if (ctp == NULL) {
|
||||
caamJobRingFree();
|
||||
CleanupCAAM();
|
||||
exit (1);
|
||||
}
|
||||
dispatch_handler (ctp);
|
||||
}
|
||||
|
||||
pthread_mutex_destroy(&sm_mutex);
|
||||
caamJobRingFree();
|
||||
CleanupCAAM();
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -97,7 +97,6 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
word32 ecdsel = 0;
|
||||
byte r[MAX_ECC_BYTES] = {0};
|
||||
byte s[MAX_ECC_BYTES] = {0};
|
||||
word32 outSz;
|
||||
word32 idx = 0;
|
||||
|
||||
byte pk[MAX_ECC_BYTES] = {0};
|
||||
@@ -127,16 +126,16 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
/* private key */
|
||||
if (key->blackKey > 0) {
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)key->blackKey;
|
||||
buf[idx].Length = keySz;
|
||||
args[0] = 1; /* is a black key */
|
||||
}
|
||||
else {
|
||||
outSz = mp_unsigned_bin_size(&key->k);
|
||||
mp_to_unsigned_bin(&key->k, pk);
|
||||
if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) {
|
||||
return MP_TO_E;
|
||||
}
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
|
||||
buf[idx].Length = outSz;
|
||||
args[0] = 0; /* non black key */
|
||||
}
|
||||
buf[idx].Length = keySz;
|
||||
idx++;
|
||||
|
||||
/* hash to sign */
|
||||
@@ -195,7 +194,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
|
||||
word32 args[4] = {0};
|
||||
CAAM_BUFFER buf[9] = {0};
|
||||
int ret;
|
||||
int rSz, sSz;
|
||||
int keySz;
|
||||
word32 idx = 0;
|
||||
word32 ecdsel = 0;
|
||||
|
||||
@@ -230,9 +229,8 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
|
||||
}
|
||||
|
||||
/* Wx,y public key */
|
||||
keySz = wc_ecc_size(key);
|
||||
if (key->securePubKey > 0) {
|
||||
int keySz = wc_ecc_size(key);
|
||||
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)key->securePubKey;
|
||||
buf[idx].Length = keySz * 2;
|
||||
args[0] = 1; /* using public key in secure memory */
|
||||
@@ -251,18 +249,20 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
|
||||
buf[idx].Length = hashlen;
|
||||
idx++;
|
||||
|
||||
rSz = mp_unsigned_bin_size(r);
|
||||
mp_to_unsigned_bin(r, rbuf);
|
||||
if (mp_to_unsigned_bin_len(r, rbuf, keySz) != MP_OKAY) {
|
||||
return MP_TO_E;
|
||||
}
|
||||
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)rbuf;
|
||||
buf[idx].Length = rSz;
|
||||
buf[idx].Length = keySz;
|
||||
idx++;
|
||||
|
||||
sSz = mp_unsigned_bin_size(s);
|
||||
mp_to_unsigned_bin(s, sbuf);
|
||||
if (mp_to_unsigned_bin_len(s, sbuf, keySz) != MP_OKAY) {
|
||||
return MP_TO_E;
|
||||
}
|
||||
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)sbuf;
|
||||
buf[idx].Length = sSz;
|
||||
buf[idx].Length = keySz;
|
||||
idx++;
|
||||
|
||||
/* temporary scratch buffer, the manual calls for it and HW expects it */
|
||||
@@ -313,7 +313,6 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
CAAM_BUFFER buf[9] = {0};
|
||||
int ret, keySz;
|
||||
word32 ecdsel = 0; /* ecc parameters in hardware */
|
||||
word32 outSz;
|
||||
word32 idx = 0;
|
||||
|
||||
byte pk[MAX_ECC_BYTES] = {0};
|
||||
@@ -365,16 +364,21 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
/* private key */
|
||||
if (private_key->blackKey > 0) {
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)private_key->blackKey;
|
||||
buf[idx].Length = keySz;
|
||||
args[0] = 1; /* is a black key */
|
||||
}
|
||||
else {
|
||||
outSz = mp_unsigned_bin_size(&private_key->k);
|
||||
mp_to_unsigned_bin(&private_key->k, pk);
|
||||
if (keySz > MAX_ECC_BYTES) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) {
|
||||
return MP_TO_E;
|
||||
}
|
||||
|
||||
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
|
||||
buf[idx].Length = outSz;
|
||||
args[0] = 0; /* non black key */
|
||||
}
|
||||
buf[idx].Length = keySz;
|
||||
idx++;
|
||||
|
||||
/* output shared secret */
|
||||
|
||||
@@ -495,6 +495,7 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
|
||||
sha->heap = heap;
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
sha->devId = devId;
|
||||
sha->devCtx = NULL;
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
|
||||
|
||||
@@ -399,6 +399,7 @@ static int InitSha256(wc_Sha256* sha256)
|
||||
sha256->heap = heap;
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
sha256->devId = devId;
|
||||
sha256->devCtx = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK_CACHE
|
||||
sha256->W = NULL;
|
||||
|
||||
+25
-17
@@ -636,30 +636,38 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
|
||||
* len Number of bytes in output.
|
||||
* returns 0 on success.
|
||||
*/
|
||||
static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l)
|
||||
static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
|
||||
{
|
||||
word32 rate = p * 8;
|
||||
word32 j;
|
||||
byte i;
|
||||
byte *state = (byte *)sha3->s;
|
||||
|
||||
sha3->t[p * 8 - 1] = 0x00;
|
||||
sha3->t[rate - 1] = 0x00;
|
||||
#ifdef WOLFSSL_HASH_FLAGS
|
||||
if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) {
|
||||
if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256)
|
||||
padChar = 0x01;
|
||||
}
|
||||
#endif
|
||||
sha3->t[ sha3->i] = padChar;
|
||||
sha3->t[p * 8 - 1] |= 0x80;
|
||||
for (i=sha3->i + 1; i < p * 8 - 1; i++)
|
||||
sha3->t[sha3->i ] = padChar;
|
||||
sha3->t[rate - 1] |= 0x80;
|
||||
for (i=sha3->i + 1; i < rate - 1; i++)
|
||||
sha3->t[i] = 0;
|
||||
for (i = 0; i < p; i++)
|
||||
sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
|
||||
BlockSha3(sha3->s);
|
||||
#if defined(BIG_ENDIAN_ORDER)
|
||||
ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8);
|
||||
#endif
|
||||
for (i = 0; i < l; i++)
|
||||
hash[i] = state[i];
|
||||
|
||||
for (j = 0; l - j >= rate; j += rate) {
|
||||
BlockSha3(sha3->s);
|
||||
#if defined(BIG_ENDIAN_ORDER)
|
||||
ByteReverseWords64((word64*)(hash + j), sha3->s, rate);
|
||||
#else
|
||||
XMEMCPY(hash + j, sha3->s, rate);
|
||||
#endif
|
||||
}
|
||||
if (j != l) {
|
||||
BlockSha3(sha3->s);
|
||||
#if defined(BIG_ENDIAN_ORDER)
|
||||
ByteReverseWords64(sha3->s, sha3->s, rate);
|
||||
#endif
|
||||
XMEMCPY(hash + j, sha3->s, l - j);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -763,7 +771,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
ret = Sha3Final(sha3, 0x06, hash, p, len);
|
||||
ret = Sha3Final(sha3, 0x06, hash, p, (word32)len);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
@@ -1193,7 +1201,7 @@ int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, (byte)hashLen);
|
||||
ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
|
||||
+1508
-1760
File diff suppressed because it is too large
Load Diff
+1448
-1734
File diff suppressed because it is too large
Load Diff
+1508
-1760
File diff suppressed because it is too large
Load Diff
+2231
-2420
File diff suppressed because it is too large
Load Diff
+2228
-2411
File diff suppressed because it is too large
Load Diff
+1508
-1760
File diff suppressed because it is too large
Load Diff
+30
-9
@@ -77,8 +77,11 @@ This library provides single precision (SP) integer math functions.
|
||||
* called again until complete.
|
||||
* WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular
|
||||
* exponentation implementation.
|
||||
* WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used.
|
||||
* WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit
|
||||
* pointer is not allowed.
|
||||
* WOLFSSL_SP_NO_DYN_STACK Disable use of dynamic stack items.
|
||||
* Used with small code size and not small stack.
|
||||
*/
|
||||
|
||||
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
|
||||
@@ -93,7 +96,7 @@ This library provides single precision (SP) integer math functions.
|
||||
sp_int* n = NULL
|
||||
#else
|
||||
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL)
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
/* Declare a variable on the stack with the required data size. */
|
||||
#define DECL_SP_INT(n, s) \
|
||||
byte n##d[MP_INT_SIZEOF(s)]; \
|
||||
@@ -163,7 +166,7 @@ This library provides single precision (SP) integer math functions.
|
||||
sp_int* n[c] = { NULL, }
|
||||
#else
|
||||
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL)
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
/* Declare a variable on the stack with the required data size. */
|
||||
#define DECL_SP_INT_ARRAY(n, s, c) \
|
||||
byte n##d[MP_INT_SIZEOF(s) * (c)]; \
|
||||
@@ -204,7 +207,7 @@ This library provides single precision (SP) integer math functions.
|
||||
while (0)
|
||||
#else
|
||||
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL)
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
/* Data declared on stack that supports multiple sp_ints of the
|
||||
* required size. Use pointers into data to make up array and set sizes.
|
||||
*/
|
||||
@@ -3107,25 +3110,33 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
|
||||
/* Check validity of parameters. */
|
||||
if ((a == NULL) || (r == NULL)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifndef WOLFSSL_SP_INT_NEGATIVE
|
||||
/* Positive only so just use internal function. */
|
||||
err = _sp_add_d(a, d, r);
|
||||
#else
|
||||
if (a->sign == MP_ZPOS) {
|
||||
/* Positive so use interal function. */
|
||||
r->sign = MP_ZPOS;
|
||||
err = _sp_add_d(a, d, r);
|
||||
}
|
||||
else if ((a->used > 1) || (a->dp[0] > d)) {
|
||||
/* Negative value bigger than digit so subtract digit. */
|
||||
r->sign = MP_NEG;
|
||||
_sp_sub_d(a, d, r);
|
||||
}
|
||||
else {
|
||||
/* Negative value smaller or equal to digit. */
|
||||
r->sign = MP_ZPOS;
|
||||
/* Subtract negative value from digit. */
|
||||
r->dp[0] = d - a->dp[0];
|
||||
/* Result is a digit equal to or greater than zero. */
|
||||
r->used = ((r->dp[0] == 0) ? 0 : 1);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -3149,25 +3160,32 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
|
||||
{
|
||||
int err = MP_OKAY;
|
||||
|
||||
/* Check validity of parameters. */
|
||||
if ((a == NULL) || (r == NULL)) {
|
||||
err = MP_VAL;
|
||||
}
|
||||
else {
|
||||
#ifndef WOLFSSL_SP_INT_NEGATIVE
|
||||
/* Positive only so just use internal function. */
|
||||
_sp_sub_d(a, d, r);
|
||||
#else
|
||||
if (a->sign == MP_NEG) {
|
||||
/* Subtracting from negative use interal add. */
|
||||
r->sign = MP_NEG;
|
||||
err = _sp_add_d(a, d, r);
|
||||
}
|
||||
else if ((a->used > 1) || (a->dp[0] >= d)) {
|
||||
/* Positive number greater than digit so add digit. */
|
||||
r->sign = MP_ZPOS;
|
||||
_sp_sub_d(a, d, r);
|
||||
}
|
||||
else {
|
||||
/* Negative value smaller than digit. */
|
||||
r->sign = MP_NEG;
|
||||
/* Subtract positive value from digit. */
|
||||
r->dp[0] = d - a->dp[0];
|
||||
r->used = r->dp[0] > 0;
|
||||
/* Result is a digit equal to or greater than zero. */
|
||||
r->used = 1;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -4752,7 +4770,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
int k;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
|
||||
sp_int_digit* t = NULL;
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
sp_int_digit t[a->used * 2];
|
||||
#else
|
||||
sp_int_digit t[SP_INT_DIGITS];
|
||||
@@ -4828,7 +4847,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
int k;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
|
||||
sp_int_digit* t = NULL;
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
sp_int_digit t[a->used + b->used];
|
||||
#else
|
||||
sp_int_digit t[SP_INT_DIGITS];
|
||||
@@ -4905,7 +4925,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
|
||||
int k;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
|
||||
sp_int_digit* t = NULL;
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
sp_int_digit t[a->used + b->used];
|
||||
#else
|
||||
sp_int_digit t[SP_INT_DIGITS];
|
||||
@@ -9284,7 +9305,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
|
||||
sp_int_digit* t = NULL;
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL)
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
sp_int_digit t[a->used * 2];
|
||||
#else
|
||||
sp_int_digit t[SP_INT_DIGITS];
|
||||
@@ -9393,7 +9414,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
|
||||
sp_int_digit* t = NULL;
|
||||
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
|
||||
defined(WOLFSSL_SP_SMALL)
|
||||
defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
|
||||
sp_int_digit t[a->used * 2];
|
||||
#else
|
||||
sp_int_digit t[SP_INT_DIGITS];
|
||||
|
||||
+1546
-1806
File diff suppressed because it is too large
Load Diff
@@ -40479,7 +40479,7 @@ L_256_mod_inv_4_uv_u:
|
||||
shrd r10, r11, 1
|
||||
shrd r11, r12, 1
|
||||
shr r12, 1
|
||||
test r8b, 1
|
||||
test r9b, 1
|
||||
jnz L_256_mod_inv_4_usubv_even_end
|
||||
L_256_mod_inv_4_usubv_even_start:
|
||||
shrd r9, r10, 1
|
||||
@@ -40488,7 +40488,7 @@ L_256_mod_inv_4_usubv_even_start:
|
||||
shr r12, 1
|
||||
mov BYTE PTR [rsp+rsi], 0
|
||||
inc rsi
|
||||
test r8b, 1
|
||||
test r9b, 1
|
||||
jz L_256_mod_inv_4_usubv_even_start
|
||||
L_256_mod_inv_4_usubv_even_end:
|
||||
cmp r9, 1
|
||||
@@ -40561,7 +40561,7 @@ L_256_mod_inv_4_op_b_sub_d:
|
||||
adc r11, QWORD PTR [r8+16]
|
||||
adc r12, QWORD PTR [r8+24]
|
||||
L_256_mod_inv_4_op_div2_b:
|
||||
test r8b, 1
|
||||
test r9b, 1
|
||||
mov rdx, 0
|
||||
jz L_256_mod_inv_4_op_div2_b_mod
|
||||
add r9, QWORD PTR [r8]
|
||||
@@ -40896,19 +40896,19 @@ L_256_mod_inv_avx2_4_vsubu_sub_shr1:
|
||||
vpextrd edi, xmm2, 0
|
||||
vpextrd esi, xmm3, 0
|
||||
L_256_mod_inv_avx2_4_store_done:
|
||||
movslq rax, eax
|
||||
movsxd rax, eax
|
||||
shl r9, 26
|
||||
add rax, r9
|
||||
movslq r10, r10d
|
||||
movsxd r10, r10d
|
||||
shl r11, 26
|
||||
add r10, r11
|
||||
movslq r12, r12d
|
||||
movsxd r12, r12d
|
||||
shl r13, 26
|
||||
add r12, r13
|
||||
movslq r14, r14d
|
||||
movsxd r14, r14d
|
||||
shl r15, 26
|
||||
add r14, r15
|
||||
movslq rdi, edi
|
||||
movsxd rdi, edi
|
||||
shl rsi, 26
|
||||
add rdi, rsi
|
||||
mov r9, r10
|
||||
|
||||
+5
-4
@@ -3581,7 +3581,8 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
#error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
|
||||
#endif
|
||||
|
||||
#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER))
|
||||
#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \
|
||||
(defined(FP_32BIT) || defined(FP_64BIT))
|
||||
#ifdef FP_32BIT
|
||||
/* If we know the endianness of this architecture, and we're using
|
||||
32-bit fp_digits, we can optimize this */
|
||||
@@ -3589,7 +3590,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
unsigned char *pd = (unsigned char *)a->dp;
|
||||
|
||||
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
|
||||
/* read the bytes in */
|
||||
#ifdef BIG_ENDIAN_ORDER
|
||||
{
|
||||
/* Use Duff's device to unroll the loop. */
|
||||
@@ -3604,6 +3604,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
}
|
||||
}
|
||||
#else
|
||||
/* read the bytes in one at a time. */
|
||||
for (c -= 1; c >= 0; c -= 1) {
|
||||
pd[c] = *b++;
|
||||
}
|
||||
@@ -3616,7 +3617,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
unsigned char *pd = (unsigned char *)a->dp;
|
||||
|
||||
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
|
||||
/* read the bytes in */
|
||||
#ifdef BIG_ENDIAN_ORDER
|
||||
{
|
||||
/* Use Duff's device to unroll the loop. */
|
||||
@@ -3635,6 +3635,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
}
|
||||
}
|
||||
#else
|
||||
/* read the bytes in one at a time. */
|
||||
for (c -= 1; c >= 0; c -= 1) {
|
||||
pd[c] = *b++;
|
||||
}
|
||||
@@ -3642,7 +3643,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
|
||||
}
|
||||
#endif
|
||||
#else
|
||||
/* read the bytes in */
|
||||
/* read the bytes in one at a time - unknown number of bits in digit */
|
||||
for (; c > 0; c--) {
|
||||
int err = fp_mul_2d (a, 8, a);
|
||||
if (err != FP_OKAY) {
|
||||
|
||||
+99
-34
@@ -386,7 +386,11 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
|
||||
return BAD_PATH_ERROR;
|
||||
}
|
||||
|
||||
XFSEEK(f, 0, XSEEK_END);
|
||||
if (XFSEEK(f, 0, XSEEK_END) != 0) {
|
||||
WOLFSSL_MSG("wc_LoadFile file seek error");
|
||||
XFCLOSE(f);
|
||||
return BAD_PATH_ERROR;
|
||||
}
|
||||
fileSz = XFTELL(f);
|
||||
XREWIND(f);
|
||||
if (fileSz > 0) {
|
||||
@@ -415,6 +419,38 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
|
||||
|
||||
#if !defined(NO_WOLFSSL_DIR) && \
|
||||
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
|
||||
/* File Handling Helper */
|
||||
/* returns 0 if file exists, WC_ISFILEEXIST_NOFILE if file doesn't exist */
|
||||
int wc_FileExists(const char* fname)
|
||||
{
|
||||
struct ReadDirCtx ctx;
|
||||
|
||||
if (fname == NULL)
|
||||
return 0;
|
||||
|
||||
if (XSTAT(fname, &ctx.s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
return BAD_PATH_ERROR;
|
||||
} else
|
||||
#if defined(USE_WINDOWS_API)
|
||||
if (XS_ISREG(ctx.s.st_mode)) {
|
||||
return 0;
|
||||
}
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
if (XS_ISREG(ctx.s.type)) {
|
||||
return 0;
|
||||
}
|
||||
#elif defined(WOLFSSL_TELIT_M2MB)
|
||||
if (XS_ISREG(ctx.s.st_mode)) {
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
if (XS_ISREG(ctx.s.st_mode)) {
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
return WC_ISFILEEXIST_NOFILE;
|
||||
}
|
||||
|
||||
/* File Handling Helpers */
|
||||
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
|
||||
@@ -431,7 +467,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
|
||||
XMEMSET(ctx, 0, sizeof(ReadDirCtx));
|
||||
pathLen = (int)XSTRLEN(path);
|
||||
|
||||
#ifdef USE_WINDOWS_API
|
||||
@@ -464,6 +500,37 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
|
||||
return 0;
|
||||
}
|
||||
} while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
|
||||
|
||||
#elif defined(INTIME_RTOS)
|
||||
if (pathLen > MAX_FILENAME_SZ - 3)
|
||||
return BAD_PATH_ERROR;
|
||||
|
||||
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3);
|
||||
XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen);
|
||||
|
||||
if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) {
|
||||
WOLFSSL_MSG("FindFirstFile for path verify locations failed");
|
||||
return BAD_PATH_ERROR;
|
||||
}
|
||||
|
||||
do {
|
||||
if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
|
||||
dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
|
||||
|
||||
if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
|
||||
return BAD_PATH_ERROR;
|
||||
}
|
||||
XSTRNCPY(ctx->name, path, pathLen + 1);
|
||||
ctx->name[pathLen] = '\\';
|
||||
XSTRNCPY(ctx->name + pathLen + 1,
|
||||
ctx->FindFileData.cFileName,
|
||||
MAX_FILENAME_SZ - pathLen - 1);
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
}
|
||||
} while (FindNextRtFile(&ctx->FindFileData));
|
||||
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
if (fs_opendir(&ctx->dir, path) != 0) {
|
||||
WOLFSSL_MSG("opendir path verify locations failed");
|
||||
@@ -485,11 +552,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* of earlier check it is known that dnameLen is less than
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
|
||||
if (fs_stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
} else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -517,12 +580,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
|
||||
|
||||
if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
}
|
||||
else if (ctx->s.st_mode & M2MB_S_IFREG) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -549,11 +607,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* of earlier check it is known that dnameLen is less than
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
|
||||
if (stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
} else if (S_ISREG(ctx->s.st_mode)) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -600,6 +654,26 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#elif defined(INTIME_RTOS)
|
||||
while (FindNextRtFile(&ctx->FindFileData)) {
|
||||
if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
|
||||
dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
|
||||
|
||||
if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
|
||||
return BAD_PATH_ERROR;
|
||||
}
|
||||
XSTRNCPY(ctx->name, path, pathLen + 1);
|
||||
ctx->name[pathLen] = '\\';
|
||||
XSTRNCPY(ctx->name + pathLen + 1,
|
||||
ctx->FindFileData.cFileName,
|
||||
MAX_FILENAME_SZ - pathLen - 1);
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
while ((fs_readdir(&ctx->dir, &ctx->entry)) != 0) {
|
||||
dnameLen = (int)XSTRLEN(ctx->entry.name);
|
||||
@@ -615,11 +689,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
|
||||
|
||||
if (fs_stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
} else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -641,12 +711,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
|
||||
|
||||
if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
}
|
||||
else if (ctx->s.st_mode & M2MB_S_IFREG) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -667,11 +732,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
|
||||
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
|
||||
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
|
||||
|
||||
if (stat(ctx->name, &ctx->s) != 0) {
|
||||
WOLFSSL_MSG("stat on name failed");
|
||||
ret = BAD_PATH_ERROR;
|
||||
break;
|
||||
} else if (S_ISREG(ctx->s.st_mode)) {
|
||||
if ((ret = wc_FileExists(ctx->name)) == 0) {
|
||||
if (name)
|
||||
*name = ctx->name;
|
||||
return 0;
|
||||
@@ -695,6 +756,10 @@ void wc_ReadDirClose(ReadDirCtx* ctx)
|
||||
FindClose(ctx->hFind);
|
||||
ctx->hFind = INVALID_HANDLE_VALUE;
|
||||
}
|
||||
|
||||
#elif defined(INTIME_RTOS)
|
||||
FindRtFileClose(&ctx->FindFileData);
|
||||
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
if (ctx->dirp) {
|
||||
fs_closedir(ctx->dirp);
|
||||
|
||||
+177
-20
@@ -19,7 +19,6 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
@@ -3328,10 +3327,10 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
|
||||
{
|
||||
#ifndef WOLFSSL_NO_SHAKE256
|
||||
wc_Shake sha;
|
||||
byte hash[114];
|
||||
byte hash[250];
|
||||
|
||||
testVector a, b, c;
|
||||
testVector test_sha[3];
|
||||
testVector a, b, c, d, e;
|
||||
testVector test_sha[5];
|
||||
int ret = 0;
|
||||
int times = sizeof(test_sha) / sizeof(struct testVector), i;
|
||||
|
||||
@@ -3356,7 +3355,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
|
||||
"\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
|
||||
"\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
|
||||
a.inLen = XSTRLEN(a.input);
|
||||
a.outLen = sizeof(hash);
|
||||
a.outLen = 114;
|
||||
|
||||
b.input = "abc";
|
||||
b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
|
||||
@@ -3368,7 +3367,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
|
||||
"\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
|
||||
"\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
|
||||
b.inLen = XSTRLEN(b.input);
|
||||
b.outLen = sizeof(hash);
|
||||
b.outLen = 114;
|
||||
|
||||
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
|
||||
c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
|
||||
@@ -3380,11 +3379,53 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
|
||||
"\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
|
||||
"\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
|
||||
c.inLen = XSTRLEN(c.input);
|
||||
c.outLen = sizeof(hash);
|
||||
c.outLen = 114;
|
||||
|
||||
/* Taken from NIST CAVP test vectors - full rate output. */
|
||||
d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
|
||||
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
|
||||
"\x85\xe0";
|
||||
d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
|
||||
"\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
|
||||
"\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
|
||||
"\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
|
||||
"\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
|
||||
"\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
|
||||
"\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
|
||||
"\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
|
||||
"\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
|
||||
"\xc2";
|
||||
d.inLen = 32;
|
||||
d.outLen = 136;
|
||||
/* Taken from NIST CAVP test vectors - more than one output block. */
|
||||
e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
|
||||
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
|
||||
"\x47\xe4";
|
||||
e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
|
||||
"\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
|
||||
"\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
|
||||
"\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
|
||||
"\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
|
||||
"\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
|
||||
"\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
|
||||
"\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
|
||||
"\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
|
||||
"\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
|
||||
"\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
|
||||
"\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
|
||||
"\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
|
||||
"\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
|
||||
"\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
|
||||
"\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
|
||||
"\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
|
||||
e.inLen = 32;
|
||||
e.outLen = 250;
|
||||
|
||||
test_sha[0] = a;
|
||||
test_sha[1] = b;
|
||||
test_sha[2] = c;
|
||||
test_sha[3] = d;
|
||||
test_sha[4] = e;
|
||||
|
||||
ret = wc_InitShake256(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0)
|
||||
@@ -3417,7 +3458,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
|
||||
ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-3105, exit);
|
||||
if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
|
||||
if (XMEMCMP(hash, large_digest, 114) != 0)
|
||||
ERROR_OUT(-3106, exit);
|
||||
} /* END LARGE HASH TEST */
|
||||
|
||||
@@ -10045,6 +10086,103 @@ WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
|
||||
#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
|
||||
#endif /* HAVE_FIPS_VERSION >= 2 */
|
||||
|
||||
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
|
||||
#ifdef WOLFSSL_AES_256
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6360, out);
|
||||
result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6361, out);
|
||||
result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6362, out);
|
||||
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
|
||||
ERROR_OUT(-6363, out);
|
||||
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
|
||||
ERROR_OUT(-6364, out);
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6370, out);
|
||||
result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6371, out);
|
||||
result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6372, out);
|
||||
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
|
||||
ERROR_OUT(-6373, out);
|
||||
#endif
|
||||
|
||||
/* alen is the size to pass in with each update. */
|
||||
for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
|
||||
result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6380, out);
|
||||
|
||||
/* plen is the offset into AAD to update with. */
|
||||
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
|
||||
int len = sizeof(a) - plen;
|
||||
if (len > alen) len = alen;
|
||||
result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6381, out);
|
||||
}
|
||||
/* plen is the offset into plaintext to update with. */
|
||||
for (plen = 0; plen < (int)sizeof(p); plen += alen) {
|
||||
int len = sizeof(p) - plen;
|
||||
if (len > alen) len = alen;
|
||||
result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
|
||||
NULL, 0);
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6382, out);
|
||||
}
|
||||
result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6383, out);
|
||||
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
|
||||
ERROR_OUT(-6384, out);
|
||||
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
|
||||
ERROR_OUT(-6385, out);
|
||||
}
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
|
||||
result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6390, out);
|
||||
|
||||
/* plen is the offset into AAD to update with. */
|
||||
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
|
||||
int len = sizeof(a) - plen;
|
||||
if (len > alen) len = alen;
|
||||
result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6391, out);
|
||||
}
|
||||
/* plen is the offset into cipher text to update with. */
|
||||
for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
|
||||
int len = sizeof(c1) - plen;
|
||||
if (len > alen) len = alen;
|
||||
result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
|
||||
NULL, 0);
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6392, out);
|
||||
}
|
||||
result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
|
||||
if (result != 0)
|
||||
ERROR_OUT(-6393, out);
|
||||
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
|
||||
ERROR_OUT(-6394, out);
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif /* WOLFSSL_AESGCM_STREAM */
|
||||
#endif /* WOLFSSL_AES_256 */
|
||||
#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
|
||||
|
||||
wc_AesFree(enc);
|
||||
wc_AesFree(dec);
|
||||
|
||||
@@ -11763,6 +11901,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
|
||||
#elif defined(WOLFSSL_uTKERNEL2)
|
||||
#define CERT_PREFIX "/uda/"
|
||||
#define CERT_PATH_SEP "/"
|
||||
#elif defined(_WIN32_WCE)
|
||||
#define CERT_PREFIX "\\windows\\"
|
||||
#define CERT_PATH_SEP "\\"
|
||||
#endif
|
||||
|
||||
#ifndef CERT_PREFIX
|
||||
@@ -13604,8 +13745,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
|
||||
#elif !defined(NO_FILESYSTEM)
|
||||
file = XFOPEN(clientKey, "rb");
|
||||
if (!file) {
|
||||
err_sys("can't open ./certs/client-key.der, "
|
||||
"Please run from wolfSSL home dir", -40);
|
||||
err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
|
||||
ERROR_OUT(-7801, exit_rsa_nopadding);
|
||||
}
|
||||
|
||||
@@ -23151,7 +23291,7 @@ static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
|
||||
);
|
||||
count++;
|
||||
|
||||
/* TODO: Real-time work can be called here */
|
||||
/* This is where real-time work could be called */
|
||||
} while (ret == FP_WOULDBLOCK);
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
printf("ECC non-block verify: %d times\n", count);
|
||||
@@ -23235,7 +23375,7 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
|
||||
);
|
||||
count++;
|
||||
|
||||
/* TODO: Real-time work can be called here */
|
||||
/* This is where real-time work could be called */
|
||||
} while (ret == FP_WOULDBLOCK);
|
||||
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
@@ -23245,8 +23385,8 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
|
||||
|
||||
if (ret == 0) {
|
||||
/* export r/s */
|
||||
mp_to_unsigned_bin(&r, sig);
|
||||
mp_to_unsigned_bin(&s, sig + curveSz);
|
||||
mp_to_unsigned_bin_len(&r, sig, curveSz);
|
||||
mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
|
||||
}
|
||||
|
||||
mp_clear(&r);
|
||||
@@ -27512,16 +27652,18 @@ int eccsi_test(void)
|
||||
mp_int* ssk;
|
||||
ecc_point* pvt;
|
||||
|
||||
priv = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv == NULL) {
|
||||
return -10205;
|
||||
}
|
||||
pub = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pub == NULL) {
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return -10206;
|
||||
}
|
||||
ssk = XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (ssk == NULL) {
|
||||
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -28636,16 +28778,19 @@ int sakke_test(void)
|
||||
SakkeKey* key;
|
||||
ecc_point* rsk = NULL;
|
||||
|
||||
priv = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv == NULL) {
|
||||
return -10404;
|
||||
}
|
||||
pub = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pub == NULL) {
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return -10405;
|
||||
}
|
||||
key = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key == NULL) {
|
||||
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -28884,8 +29029,16 @@ WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
|
||||
|
||||
XMEMSET(tag, 0, sizeof(tag));
|
||||
tagSz = AES_BLOCK_SIZE;
|
||||
|
||||
#if !defined(HAVE_FIPS) || \
|
||||
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
|
||||
if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
|
||||
#else
|
||||
if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
|
||||
#endif
|
||||
{
|
||||
ERROR_OUT(-12000, out);
|
||||
}
|
||||
if (tc->partial) {
|
||||
if (wc_CmacUpdate(cmac, tc->m,
|
||||
tc->mSz/2 - tc->partial) != 0)
|
||||
@@ -36687,6 +36840,10 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
|
||||
ret = pbkdf2_test();
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
|
||||
if (ret == 0)
|
||||
ret = cmac_test();
|
||||
#endif
|
||||
|
||||
/* reset devId */
|
||||
devId = INVALID_DEVID;
|
||||
|
||||
@@ -1684,6 +1684,21 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
struct WOLFSSL_BY_DIR_HASH {
|
||||
unsigned long hash_value;
|
||||
int last_suffix;
|
||||
};
|
||||
|
||||
struct WOLFSSL_BY_DIR_entry {
|
||||
char* dir_name;
|
||||
int dir_type;
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes;
|
||||
};
|
||||
|
||||
struct WOLFSSL_BY_DIR {
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry;
|
||||
wolfSSL_Mutex lock; /* dir list lock */
|
||||
};
|
||||
|
||||
/* wolfSSL method type */
|
||||
struct WOLFSSL_METHOD {
|
||||
@@ -2066,6 +2081,11 @@ struct WOLFSSL_CERT_MANAGER {
|
||||
#endif
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
short minEccKeySz; /* minimum allowed ECC key size */
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */
|
||||
/* CTX has ownership and free this */
|
||||
/* with CTX free. */
|
||||
#endif
|
||||
wolfSSL_Mutex refMutex; /* reference count mutex */
|
||||
int refCount; /* reference count */
|
||||
@@ -3691,6 +3711,8 @@ typedef struct Arrays {
|
||||
#define STACK_TYPE_X509_NAME 9
|
||||
#define STACK_TYPE_CONF_VALUE 10
|
||||
#define STACK_TYPE_X509_INFO 11
|
||||
#define STACK_TYPE_BY_DIR_entry 12
|
||||
#define STACK_TYPE_BY_DIR_hash 13
|
||||
|
||||
struct WOLFSSL_STACK {
|
||||
unsigned long num; /* number of nodes in stack
|
||||
@@ -3716,6 +3738,8 @@ struct WOLFSSL_STACK {
|
||||
void* generic;
|
||||
char* string;
|
||||
WOLFSSL_GENERAL_NAME* gn;
|
||||
WOLFSSL_BY_DIR_entry* dir_entry;
|
||||
WOLFSSL_BY_DIR_HASH* dir_hash;
|
||||
} data;
|
||||
void* heap; /* memory heap hint */
|
||||
WOLFSSL_STACK* next;
|
||||
@@ -4811,6 +4835,43 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
|
||||
WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store,
|
||||
X509_NAME* issuer, int Type);
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void);
|
||||
WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash);
|
||||
WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void);
|
||||
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind);
|
||||
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
|
||||
const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i);
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk);
|
||||
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
|
||||
void (*f) (WOLFSSL_BY_DIR_HASH*));
|
||||
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
|
||||
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
|
||||
WOLFSSL_BY_DIR_HASH* in);
|
||||
/* WOLFSSL_BY_DIR_entry stuff */
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void);
|
||||
WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry);
|
||||
WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void);
|
||||
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk);
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
|
||||
const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i);
|
||||
WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
|
||||
WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk);
|
||||
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
|
||||
void (*f) (WOLFSSL_BY_DIR_entry*));
|
||||
WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk);
|
||||
WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
|
||||
WOLFSSL_BY_DIR_entry* in);
|
||||
#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
||||
@@ -4,5 +4,7 @@
|
||||
|
||||
#undef HAVE_OPENSSL_ENGINE_H
|
||||
|
||||
#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/
|
||||
/* ENGINE_load_builtin_engines not needed, as all builtin engines are already
|
||||
loaded into memory and used on startup. */
|
||||
#define ENGINE_load_builtin_engines()
|
||||
|
||||
|
||||
@@ -24,4 +24,6 @@
|
||||
#include <wolfssl/openssl/ssl.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
typedef WOLFSSL_RAND_METHOD RAND_METHOD;
|
||||
|
||||
#define RAND_set_rand_method wolfSSL_RAND_set_rand_method
|
||||
|
||||
@@ -111,6 +111,7 @@ WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
|
||||
unsigned char* out, WOLFSSL_RSA* rsa, int padding);
|
||||
|
||||
WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
|
||||
WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
|
||||
WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
|
||||
unsigned int mLen, unsigned char* sigRet,
|
||||
unsigned int* sigLen, WOLFSSL_RSA*);
|
||||
|
||||
@@ -70,6 +70,8 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
|
||||
#define SHA_Init wolfSSL_SHA_Init
|
||||
#define SHA_Update wolfSSL_SHA_Update
|
||||
#define SHA_Final wolfSSL_SHA_Final
|
||||
#define SHA_Transform wolfSSL_SHA_Transform
|
||||
|
||||
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_FIPS) || \
|
||||
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
|
||||
@@ -81,7 +83,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
|
||||
#define SHA1_Init wolfSSL_SHA1_Init
|
||||
#define SHA1_Update wolfSSL_SHA1_Update
|
||||
#define SHA1_Final wolfSSL_SHA1_Final
|
||||
|
||||
#define SHA1_Transform wolfSSL_SHA1_Transform
|
||||
|
||||
#ifdef WOLFSSL_SHA224
|
||||
|
||||
|
||||
@@ -806,7 +806,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define RSA_generate_key wolfSSL_RSA_generate_key
|
||||
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
|
||||
#define RSA_print wolfSSL_RSA_print
|
||||
#define RSA_bits wolfSSL_RSA_size
|
||||
#define RSA_bits wolfSSL_RSA_bits
|
||||
#define RSA_up_ref wolfSSL_RSA_up_ref
|
||||
#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS
|
||||
#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS
|
||||
|
||||
+36
-4
@@ -143,6 +143,10 @@ typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
|
||||
|
||||
typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
|
||||
|
||||
typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH;
|
||||
typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry;
|
||||
typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR;
|
||||
|
||||
/* redeclare guard */
|
||||
#define WOLFSSL_TYPES_DEFINED
|
||||
|
||||
@@ -276,8 +280,6 @@ struct WOLFSSL_X509V3_CTX {
|
||||
WOLFSSL_X509* x509;
|
||||
};
|
||||
|
||||
|
||||
|
||||
struct WOLFSSL_ASN1_OBJECT {
|
||||
void* heap;
|
||||
const unsigned char* obj;
|
||||
@@ -531,6 +533,8 @@ struct WOLFSSL_X509_LOOKUP_METHOD {
|
||||
|
||||
struct WOLFSSL_X509_LOOKUP {
|
||||
WOLFSSL_X509_STORE *store;
|
||||
int type;
|
||||
WOLFSSL_BY_DIR* dirs;
|
||||
};
|
||||
|
||||
struct WOLFSSL_X509_STORE {
|
||||
@@ -639,6 +643,25 @@ struct WOLFSSL_X509_STORE_CTX {
|
||||
|
||||
typedef char* WOLFSSL_STRING;
|
||||
|
||||
typedef struct WOLFSSL_RAND_METHOD {
|
||||
/* seed = Data to mix into the random generator.
|
||||
* len = Number of bytes to mix from seed. */
|
||||
int (*seed)(const void* seed, int len);
|
||||
/* buf = Buffer to store random bytes in.
|
||||
* len = Number of bytes to store in buf. */
|
||||
int (*bytes)(unsigned char* buf, int len);
|
||||
void (*cleanup)(void);
|
||||
/* add = Data to mix into the random generator.
|
||||
* len = Number of bytes to mix from add.
|
||||
* entropy = Estimate of randomness contained in seed.
|
||||
* Should be between 0 and len. */
|
||||
int (*add)(const void* add, int len, double entropy);
|
||||
/* buf = Buffer to store pseudorandom bytes in.
|
||||
* len = Number of bytes to store in buf. */
|
||||
int (*pseudorand)(unsigned char *buf, int len);
|
||||
int (*status)(void);
|
||||
} WOLFSSL_RAND_METHOD;
|
||||
|
||||
/* Valid Alert types from page 16/17
|
||||
* Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
|
||||
*/
|
||||
@@ -1422,6 +1445,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
|
||||
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
|
||||
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
|
||||
unsigned char** out);
|
||||
WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
|
||||
unsigned char** out);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
|
||||
unsigned char **in, long length);
|
||||
#ifndef NO_RSA
|
||||
@@ -1500,6 +1525,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
|
||||
const void* data, int dataSz);
|
||||
WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
|
||||
WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
|
||||
WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
|
||||
const WOLFSSL_ASN1_STRING* src);
|
||||
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
|
||||
WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
|
||||
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
|
||||
@@ -1591,6 +1618,8 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
|
||||
const WOLFSSL_X509_VERIFY_PARAM* from);
|
||||
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
|
||||
const char *file, int type);
|
||||
WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
|
||||
const char *file, int type);
|
||||
#endif
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
||||
@@ -3585,11 +3614,14 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
|
||||
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
|
||||
WOLFSSL_X509_STORE* str);
|
||||
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
|
||||
defined(HAVE_SECRET_CALLBACK)
|
||||
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
|
||||
unsigned char *out, size_t outlen);
|
||||
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
|
||||
unsigned char* out, size_t outSz);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
|
||||
@@ -3770,7 +3802,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void);
|
||||
|
||||
WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
|
||||
|
||||
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
|
||||
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
|
||||
|
||||
|
||||
+6
-1
@@ -349,6 +349,7 @@
|
||||
#define cliEd448CertFile "certs/ed448/client-ed448.pem"
|
||||
#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem"
|
||||
#define caEd448CertFile "certs/ed448/ca-ed448.pem"
|
||||
#define caCertFolder "certs/"
|
||||
#ifdef HAVE_WNR
|
||||
/* Whitewood netRandom default config file */
|
||||
#define wnrConfig "wnr-example.conf"
|
||||
@@ -382,6 +383,7 @@
|
||||
#define cliEd448CertFile "./certs/ed448/client-ed448.pem"
|
||||
#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem"
|
||||
#define caEd448CertFile "./certs/ed448/ca-ed448.pem"
|
||||
#define caCertFolder "./certs/"
|
||||
#ifdef HAVE_WNR
|
||||
/* Whitewood netRandom default config file */
|
||||
#define wnrConfig "./wnr-example.conf"
|
||||
@@ -4092,8 +4094,11 @@ static WC_INLINE word16 GetRandomPort(void)
|
||||
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
|
||||
{
|
||||
int earlyData_status;
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
earlyData_status = SSL_get_early_data_status(ssl);
|
||||
#else
|
||||
earlyData_status = wolfSSL_get_early_data_status(ssl);
|
||||
#endif
|
||||
if (earlyData_status < 0) return;
|
||||
|
||||
printf("Early Data was ");
|
||||
|
||||
@@ -250,6 +250,21 @@ struct Aes {
|
||||
silabs_aes_t ctx;
|
||||
#endif
|
||||
void* heap; /* memory hint to use */
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
|
||||
ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
|
||||
#else
|
||||
byte* streamData;
|
||||
#endif
|
||||
word32 aSz;
|
||||
word32 cSz;
|
||||
byte over;
|
||||
byte aOver;
|
||||
byte cOver;
|
||||
byte gcmKeySet:1;
|
||||
byte nonceSet:1;
|
||||
byte ctrSet:1;
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef WC_AES_TYPE_DEFINED
|
||||
@@ -361,6 +376,26 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
|
||||
const byte* iv, word32 ivSz,
|
||||
const byte* authTag, word32 authTagSz,
|
||||
const byte* authIn, word32 authInSz);
|
||||
#ifdef WOLFSSL_AESGCM_STREAM
|
||||
WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len,
|
||||
const byte* iv, word32 ivSz);
|
||||
|
||||
WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len,
|
||||
const byte* iv, word32 ivSz);
|
||||
WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len,
|
||||
byte* ivOut, word32 ivOutSz);
|
||||
WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in,
|
||||
word32 sz, const byte* authIn, word32 authInSz);
|
||||
WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag,
|
||||
word32 authTagSz);
|
||||
|
||||
WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
|
||||
const byte* iv, word32 ivSz);
|
||||
WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
|
||||
word32 sz, const byte* authIn, word32 authInSz);
|
||||
WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
|
||||
word32 authTagSz);
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
|
||||
|
||||
@@ -1173,6 +1173,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
||||
|
||||
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
|
||||
@@ -53,12 +53,15 @@ struct Cmac {
|
||||
byte k2[AES_BLOCK_SIZE];
|
||||
word32 bufferSz;
|
||||
word32 totalSz;
|
||||
#if defined(WOLF_CRYPTO_CB)
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
int devId;
|
||||
void* devCtx;
|
||||
#ifdef WOLFSSL_QNX_CAAM
|
||||
byte ctx[32]; /* hold state for save and return */
|
||||
word32 blackKey;
|
||||
word32 keylen;
|
||||
byte initialized;
|
||||
#endif
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
@@ -235,8 +235,11 @@ enum {
|
||||
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
|
||||
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
|
||||
SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */
|
||||
MISSING_IV = -277, /* IV was not set */
|
||||
MISSING_KEY = -278, /* Key was not set */
|
||||
BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */
|
||||
|
||||
WC_LAST_E = -276, /* Update this to indicate last error */
|
||||
WC_LAST_E = -279, /* Update this to indicate last error */
|
||||
MIN_CODE_E = -300 /* errors -101 - -299 */
|
||||
|
||||
/* add new companion error id strings for any new error codes
|
||||
|
||||
@@ -271,6 +271,7 @@
|
||||
unsigned int CAAM_READ(unsigned int reg);
|
||||
void CAAM_WRITE(unsigned int reg, unsigned int in);
|
||||
int CAAM_SET_BASEADDR(void);
|
||||
void CAAM_UNSET_BASEADDR(void);
|
||||
unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz);
|
||||
void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy);
|
||||
void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
|
||||
@@ -278,20 +279,18 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
|
||||
int CAAM_ADR_SYNC(void* vaddr, int sz);
|
||||
CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int length);
|
||||
|
||||
|
||||
|
||||
#ifndef WOLFSSL_CAAM_BUFFER
|
||||
#define WOLFSSL_CAAM_BUFFER
|
||||
typedef struct CAAM_BUFFER {
|
||||
int BufferType;
|
||||
CAAM_ADDRESS TheAddress;
|
||||
int Length;
|
||||
} CAAM_BUFFER;
|
||||
#endif
|
||||
unsigned int caamReadRegister(unsigned int reg);
|
||||
void caamWriteRegister(unsigned int reg, unsigned int in);
|
||||
int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
|
||||
int caamJobRingFree(void);
|
||||
#ifndef WOLFSSL_CAAM_BUFFER
|
||||
#define WOLFSSL_CAAM_BUFFER
|
||||
typedef struct CAAM_BUFFER {
|
||||
int BufferType;
|
||||
CAAM_ADDRESS TheAddress;
|
||||
int Length;
|
||||
} CAAM_BUFFER;
|
||||
#endif
|
||||
unsigned int caamReadRegister(unsigned int reg);
|
||||
void caamWriteRegister(unsigned int reg, unsigned int in);
|
||||
int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
|
||||
int CleanupCAAM(void);
|
||||
|
||||
|
||||
/* Driver API that can be called by caam_<env>.c port layers */
|
||||
@@ -309,8 +308,7 @@ int caamECDSAMake(DESCSTRUCT *desc, CAAM_BUFFER *buf, unsigned int args[4]);
|
||||
int caamAesCmac(DESCSTRUCT *desc, int sz, unsigned int args[4]);
|
||||
int caamBlob(DESCSTRUCT *desc);
|
||||
|
||||
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
|
||||
unsigned int flag);
|
||||
CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag);
|
||||
int caamFreePart(unsigned int part);
|
||||
int caamFindUnusuedPartition(void);
|
||||
|
||||
|
||||
@@ -1240,7 +1240,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
|
||||
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
|
||||
defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
|
||||
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
|
||||
defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
|
||||
defined(WOLFSSL_STM32G0)
|
||||
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#ifndef CHAR_BIT
|
||||
@@ -1293,6 +1294,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#include "stm32h7xx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32WB)
|
||||
#include "stm32wbxx_hal.h"
|
||||
#elif defined(WOLFSSL_STM32G0)
|
||||
#include "stm32g0xx_hal.h"
|
||||
#endif
|
||||
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
|
||||
#include "stm32l4xx_ll_rng.h"
|
||||
@@ -1343,7 +1346,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#endif /* WOLFSSL_STM32_CUBEMX */
|
||||
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
|
||||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
|
||||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
|
||||
WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */
|
||||
#ifdef WOLFSSL_DEOS
|
||||
#include <deos.h>
|
||||
#include <timeout.h>
|
||||
|
||||
@@ -27,9 +27,15 @@
|
||||
|
||||
#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
|
||||
defined(WOLFSSL_HAVE_SP_ECC)
|
||||
|
||||
#ifndef WOLFSSL_LINUXKM
|
||||
#include <stdint.h>
|
||||
#ifdef _WIN32_WCE
|
||||
typedef __int8 int8_t;
|
||||
typedef __int32 int32_t;
|
||||
typedef __int64 int64_t;
|
||||
typedef unsigned __int8 uint8_t;
|
||||
typedef unsigned __int32 uint32_t;
|
||||
typedef unsigned __int64 uint64_t;
|
||||
#elif !defined(WOLFSSL_LINUXKM)
|
||||
#include <stdint.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/integer.h>
|
||||
|
||||
+22
-18
@@ -113,29 +113,33 @@ extern "C" {
|
||||
#error "Size of unsigned long not detected"
|
||||
#endif
|
||||
|
||||
#if ULLONG_MAX == 18446744073709551615ULL
|
||||
#define SP_ULLONG_BITS 64
|
||||
#ifdef ULLONG_MAX
|
||||
#if ULLONG_MAX == 18446744073709551615ULL
|
||||
#define SP_ULLONG_BITS 64
|
||||
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint64;
|
||||
typedef long long sp_int64;
|
||||
#endif
|
||||
#elif ULLONG_MAX == 4294967295UL
|
||||
#define SP_ULLONG_BITS 32
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint64;
|
||||
typedef long long sp_int64;
|
||||
#endif
|
||||
#elif ULLONG_MAX == 4294967295UL
|
||||
#define SP_ULLONG_BITS 32
|
||||
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint32;
|
||||
typedef long long sp_int32;
|
||||
#endif
|
||||
#elif ULLONG_MAX == 65535
|
||||
#define SP_ULLONG_BITS 16
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint32;
|
||||
typedef long long sp_int32;
|
||||
#endif
|
||||
#elif ULLONG_MAX == 65535
|
||||
#define SP_ULLONG_BITS 16
|
||||
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint16;
|
||||
typedef long long sp_int16;
|
||||
#if SP_ULLONG_BITS > SP_ULONG_BITS
|
||||
typedef unsigned long long sp_uint16;
|
||||
typedef long long sp_int16;
|
||||
#endif
|
||||
#else
|
||||
#error "Size of unsigned long long not detected"
|
||||
#endif
|
||||
#else
|
||||
#error "Size of unsigned long long not detected"
|
||||
#define SP_ULLONG_BITS 0
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
@@ -556,17 +556,17 @@ decouple library dependencies with standard string, memory and so on.
|
||||
{
|
||||
va_list ap;
|
||||
int ret;
|
||||
|
||||
|
||||
if ((int)n <= 0) return -1;
|
||||
|
||||
|
||||
va_start(ap, format);
|
||||
|
||||
ret = vsnprintf(s, n, format, ap);
|
||||
|
||||
ret = XVSNPRINTF(s, n, format, ap);
|
||||
if (ret < 0)
|
||||
ret = -1;
|
||||
|
||||
|
||||
va_end(ap);
|
||||
|
||||
|
||||
return ret;
|
||||
}
|
||||
#define XSNPRINTF _xsnprintf_
|
||||
@@ -597,7 +597,7 @@ decouple library dependencies with standard string, memory and so on.
|
||||
|
||||
if ((int)bufsize <= 0) return -1;
|
||||
va_start(ap, format);
|
||||
ret = vsnprintf(buffer, bufsize, format, ap);
|
||||
ret = XVSNPRINTF(buffer, bufsize, format, ap);
|
||||
if (ret >= (int)bufsize)
|
||||
ret = -1;
|
||||
va_end(ap);
|
||||
@@ -659,6 +659,8 @@ decouple library dependencies with standard string, memory and so on.
|
||||
#endif
|
||||
#ifdef OPENSSL_ALL
|
||||
#define XISALNUM(c) isalnum((c))
|
||||
#define XISASCII(c) isascii((c))
|
||||
#define XISSPACE(c) isspace((c))
|
||||
#endif
|
||||
/* needed by wolfSSL_check_domain_name() */
|
||||
#define XTOLOWER(c) tolower((c))
|
||||
|
||||
@@ -43,7 +43,8 @@
|
||||
*/
|
||||
|
||||
#if defined(BUILDING_WOLFSSL)
|
||||
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
|
||||
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
|
||||
defined(_WIN32_WCE)
|
||||
#if defined(WOLFSSL_DLL)
|
||||
#define WOLFSSL_API __declspec(dllexport)
|
||||
#else
|
||||
@@ -61,7 +62,8 @@
|
||||
#define WOLFSSL_LOCAL
|
||||
#endif /* HAVE_VISIBILITY */
|
||||
#else /* BUILDING_WOLFSSL */
|
||||
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
|
||||
#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
|
||||
defined(_WIN32_WCE)
|
||||
#if defined(WOLFSSL_DLL)
|
||||
#define WOLFSSL_API __declspec(dllimport)
|
||||
#else
|
||||
|
||||
@@ -616,6 +616,22 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#define XSEEK_END 0
|
||||
#define XBADFILE NULL
|
||||
#define XFGETS(b,s,f) f_gets((b), (s), (f))
|
||||
#elif defined (_WIN32_WCE)
|
||||
/* stdio, WINCE case */
|
||||
#include <stdio.h>
|
||||
#define XFILE FILE*
|
||||
#define XFOPEN fopen
|
||||
#define XFDOPEN fdopen
|
||||
#define XFSEEK fseek
|
||||
#define XFTELL ftell
|
||||
#define XREWIND(F) XFSEEK(F, 0, SEEK_SET)
|
||||
#define XFREAD fread
|
||||
#define XFWRITE fwrite
|
||||
#define XFCLOSE fclose
|
||||
#define XSEEK_END SEEK_END
|
||||
#define XBADFILE NULL
|
||||
#define XFGETS fgets
|
||||
#define XVSNPRINTF _vsnprintf
|
||||
|
||||
#elif defined(FUSION_RTOS)
|
||||
#include <fclstdio.h>
|
||||
@@ -676,14 +692,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#define XFGETS fgets
|
||||
#define XFPRINTF fprintf
|
||||
|
||||
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
|
||||
#if !defined(NO_WOLFSSL_DIR)\
|
||||
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
|
||||
#if defined(USE_WINDOWS_API)
|
||||
#include <sys/stat.h>
|
||||
#define XSTAT _stat
|
||||
#define XS_ISREG(s) (s & _S_IFREG)
|
||||
#define SEPARATOR_CHAR ';'
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
#define XSTAT fs_stat
|
||||
#define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE)
|
||||
#define SEPARATOR_CHAR ':'
|
||||
#elif defined(WOLFSSL_TELIT_M2MB)
|
||||
#define XSTAT m2mb_fs_stat
|
||||
#define XS_ISREG(s) (s & M2MB_S_IFREG)
|
||||
#define SEPARATOR_CHAR ':'
|
||||
#else
|
||||
#include <dirent.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/stat.h>
|
||||
#define XWRITE write
|
||||
#define XREAD read
|
||||
#define XCLOSE close
|
||||
#define XSTAT stat
|
||||
#define XS_ISREG(s) S_ISREG(s)
|
||||
#define SEPARATOR_CHAR ':'
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -719,6 +753,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#ifdef USE_WINDOWS_API
|
||||
WIN32_FIND_DATAA FindFileData;
|
||||
HANDLE hFind;
|
||||
struct XSTAT s;
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
struct fs_dirent entry;
|
||||
struct fs_dir_t dir;
|
||||
@@ -729,10 +764,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
M2MB_DIR_T* dir;
|
||||
struct M2MB_DIRENT* entry;
|
||||
struct M2MB_STAT s;
|
||||
#elif defined(INTIME_RTOS)
|
||||
FIND_FILE_DATA FindFileData;
|
||||
#else
|
||||
struct dirent* entry;
|
||||
DIR* dir;
|
||||
struct stat s;
|
||||
struct XSTAT s;
|
||||
#endif
|
||||
char name[MAX_FILENAME_SZ];
|
||||
} ReadDirCtx;
|
||||
@@ -743,6 +780,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
|
||||
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
|
||||
#endif /* !NO_WOLFSSL_DIR */
|
||||
#define WC_ISFILEEXIST_NOFILE -1
|
||||
|
||||
WOLFSSL_API int wc_FileExists(const char* fname);
|
||||
|
||||
#endif /* !NO_FILESYSTEM */
|
||||
|
||||
@@ -863,9 +903,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
|
||||
#elif defined(_WIN32_WCE)
|
||||
#include <windows.h>
|
||||
#include <stdlib.h> /* For file system */
|
||||
|
||||
time_t windows_time(time_t* timer);
|
||||
|
||||
#define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d)
|
||||
#define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \
|
||||
(LPWIN32_FIND_DATAW) d)
|
||||
#define XTIME(t1) windows_time((t1))
|
||||
#define WOLFSSL_GMTIME
|
||||
|
||||
/* if struct tm is not defined in WINCE SDK */
|
||||
#ifndef _TM_DEFINED
|
||||
struct tm {
|
||||
int tm_sec; /* seconds */
|
||||
int tm_min; /* minutes */
|
||||
int tm_hour; /* hours */
|
||||
int tm_mday; /* day of month (month specific) */
|
||||
int tm_mon; /* month */
|
||||
int tm_year; /* year */
|
||||
int tm_wday; /* day of week (out of 1-7)*/
|
||||
int tm_yday; /* day of year (out of 365) */
|
||||
int tm_isdst; /* is it daylight savings */
|
||||
};
|
||||
#define _TM_DEFINED
|
||||
#endif
|
||||
|
||||
#elif defined(WOLFSSL_APACHE_MYNEWT)
|
||||
#include "os/os_time.h"
|
||||
#define XTIME(t1) mynewt_time((t1))
|
||||
|
||||
Reference in New Issue
Block a user