wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfSSL/wolfssl

Browse Source 
Fix DSA key generation
This commit is contained in:
Ludovic FLAMENT
2015-07-23 13:24:20 +02:00
parent 349edd40c2
commit 8951d72f03
43 changed files with 1254 additions and 427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
View File

@@ -52,7 +52,7 @@
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(CYASSL_MDK_ARM)

2
IDE/MDK5-ARM/Projects/CryptTest/test.c
View File

@@ -101,7 +101,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"

21
IDE/WIN/README.txt
View File

@@ -3,7 +3,7 @@
First, if you did not get the FIPS files with your archive, you must contact
wolfSSL to obtain them.
# On Building the wolfssl-fips project
# Building the wolfssl-fips project
The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
must be built as a static library.
@@ -14,10 +14,25 @@ There are two functions added to the library that are used as markers in
memory for the in-core memory check of the code. WPO consolidates them into a
single function. WPO also optimizes away the automatic FIPS entry function.
A project using the library must disable
Each of the source files inside the FIPS boundary defines their own code and
constant section. The code section names start with ".fipsA$" and the constant
section names start with ".fipsB$". Each subsection has a letter to organize
them in a secific order. This specific ordering puts marker functions and
constants on either end of the boundary so it can be hashed.
# In Core Memory Test
The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
FIPS library code and constant data and compares it with a known value in
the code.
The Randomized Base Address setting doesn't cause any problems because
(I believe) that the addrsses in the executable are all offsets from the base
rather than absolute addresses.
The "verifyCore" check value in the source fips_test.c needs to be updated when
building the code. The POS performs this check and the default failure callback
will print out the calculated checksum. When developing your code, copy this
value and paste it back into your code in the verifyCore initializer then
rebuild the code. When statically linking, you may have to recalculate your
check value when changing your application.

17
IDE/WIN/test.vcxproj
View File

@@ -111,7 +111,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
@@ -130,7 +130,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
@@ -147,7 +147,7 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
@@ -167,7 +167,7 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
@@ -181,14 +181,13 @@
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
@@ -207,7 +206,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
@@ -224,7 +223,7 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
@@ -244,7 +243,7 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
<ClCompile>
<AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>

24
IDE/WIN/wolfssl-fips.vcxproj
View File

@@ -120,7 +120,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
@@ -132,7 +132,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -145,7 +145,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
@@ -157,7 +157,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
@@ -175,7 +175,7 @@
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
@@ -187,7 +187,7 @@
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
@@ -199,7 +199,7 @@
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
@@ -212,7 +212,7 @@
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
@@ -261,34 +261,26 @@
<ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
</ClCompile>
<ClCompile Include="..\..\wolfcrypt\src\aes.c" />
<ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
<ClCompile Include="..\..\wolfcrypt\src\asn.c" />
<ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
<ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
<ClCompile Include="..\..\wolfcrypt\src\coding.c" />
<ClCompile Include="..\..\src\crl.c" />
<ClCompile Include="..\..\wolfcrypt\src\des3.c" />
<ClCompile Include="..\..\wolfcrypt\src\dh.c" />
<ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
<ClCompile Include="..\..\wolfcrypt\src\error.c" />
<ClCompile Include="..\..\wolfcrypt\src\hash.c" />
<ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
<ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
<ClCompile Include="..\..\wolfcrypt\src\integer.c" />
<ClCompile Include="..\..\src\internal.c" />
<ClCompile Include="..\..\src\io.c" />
<ClCompile Include="..\..\src\keys.c" />
<ClCompile Include="..\..\wolfcrypt\src\logging.c" />
<ClCompile Include="..\..\wolfcrypt\src\md4.c" />
<ClCompile Include="..\..\wolfcrypt\src\md5.c" />
<ClCompile Include="..\..\wolfcrypt\src\memory.c" />
<ClCompile Include="..\..\src\ocsp.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
<ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
<ClCompile Include="..\..\wolfcrypt\src\rabbit.c" />
<ClCompile Include="..\..\wolfcrypt\src\random.c" />
<ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
<ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha256.c" />

6
LICENSING
View File

@@ -1,7 +1,7 @@
CyaSSL and wolfCrypt are either licensed for use under the GPLv2 or a
standard commercial license. For our users who cannot use CyaSSL under
GPLv2, a commercial license to CyaSSL and wolfCrypt is available.
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
under the GPLv2 or a standard commercial license. For our users who cannot use
wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
Please contact wolfSSL Inc. directly at:
Email: licensing@wolfssl.com

13
README
View File

@@ -34,7 +34,18 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes ***
wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
Release 3.6.2 of wolfSSL is an intermediate custom release including:
- OpenSSH compatibility with --enable-openssh
- stunnel compatibility with --enable-stunnel
- lighttpd compatibility with --enable-lighty
See INSTALL file for build instructions.
More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
**************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
Release 3.6.0 of wolfSSL has bug fixes and new features including:

12
README.md
View File

@@ -38,6 +38,18 @@ before calling wolfSSL_new(); Though it's not recommended.
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
##Release 3.6.2 of wolfSSL is an intermediate custom release including:
- OpenSSH compatibility with --enable-openssh
- stunnel compatibility with --enable-stunnel
- lighttpd compatibility with --enable-lighty
See INSTALL file for build instructions.
More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
##Release 3.6.0 of wolfSSL has bug fixes and new features including:

147
configure.ac
View File

@@ -6,7 +6,7 @@
#
#
AC_INIT([wolfssl],[3.6.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -148,12 +148,24 @@ then
fi
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_OPENSSLEXTRA="yes"
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes"
then
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
@@ -194,6 +206,11 @@ AC_ARG_ENABLE([fortress],
[ ENABLED_FORTRESS=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_FORTRESS="yes"
fi
if test "$ENABLED_FORTRESS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
@@ -481,6 +498,11 @@ AC_ARG_ENABLE([nullcipher],
[ ENABLED_NULL_CIPHER=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -493,6 +515,11 @@ AC_ARG_ENABLE([ripemd],
[ ENABLED_RIPEMD=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_RIPEMD="yes"
fi
if test "$ENABLED_RIPEMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
@@ -536,6 +563,11 @@ then
ENABLED_SHA512=no
fi
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_SHA512="yes"
fi
if test "$ENABLED_SHA512" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
@@ -637,6 +669,11 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DSA="yes"
fi
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
@@ -666,6 +703,11 @@ then
ENABLED_ECC=no
fi
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ECC="yes"
fi
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
@@ -901,6 +943,11 @@ AC_ARG_ENABLE([dh],
[ ENABLED_DH=yes ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DH="yes"
fi
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
@@ -1000,6 +1047,14 @@ AC_ARG_ENABLE([aes],
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
@@ -1071,6 +1126,11 @@ AC_ARG_ENABLE([arc4],
[ ENABLED_ARC4=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ARC4="yes"
fi
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
@@ -1130,21 +1190,6 @@ fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
# MD4
AC_ARG_ENABLE([md4],
[ --enable-md4 Enable MD4 (default: disabled)],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
@@ -1412,9 +1457,9 @@ AC_ARG_WITH([ntru],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
LIBS="$LIBS -lNTRUEncrypt"
LIBS="$LIBS -lntruencrypt"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
@@ -1427,7 +1472,7 @@ AC_ARG_WITH([ntru],
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
@@ -1717,6 +1762,66 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
fi
# stunnel Support
AC_ARG_ENABLE([stunnel],
[ --enable-stunnel Enable stunnel (default: disabled)],
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
fi
# MD4
AC_ARG_ENABLE([md4],
[ --enable-md4 Enable MD4 (default: disabled)],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
@@ -1745,7 +1850,7 @@ FASTMATH_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
FASTMATH_DEFAULT=yes
FASTMATH_DEFAULT=yes
fi
# fastmath
@@ -2173,6 +2278,7 @@ echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * fastmath: $ENABLED_FASTMATH"
@@ -2218,6 +2324,7 @@ echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"

2
cyassl/ctaocrypt/blake2-impl.h
View File

@@ -36,7 +36,7 @@
#define CTAOCRYPT_BLAKE2_IMPL_H
#include <cyassl/ctaocrypt/types.h>
#include <wolfssl/wolfcrypt/blake2_impl.h>
#include <wolfssl/wolfcrypt/blake2-impl.h>
#endif /* CTAOCRYPT_BLAKE2_IMPL_H */

2
cyassl/ctaocrypt/blake2-int.h
View File

@@ -37,7 +37,7 @@
#define CTAOCRYPT_BLAKE2_INT_H
#include <cyassl/ctaocrypt/types.h>
#include <wolfssl/wolfcrypt/blake2_int.h>
#include <wolfssl/wolfcrypt/blake2-int.h>
#endif /* CTAOCRYPT_BLAKE2_INT_H */

2
mcapi/crypto.h
View File

@@ -163,7 +163,7 @@ enum {
/* AES */
typedef struct CRYPT_AES_CTX {
int holder[70]; /* big enough to hold internal, but check on init */
int holder[74]; /* big enough to hold internal, but check on init */
} CRYPT_AES_CTX;
/* key */

16
scripts/resume.test
View File

@@ -7,6 +7,15 @@ resume_port=11112
no_pid=-1
server_pid=$no_pid
remove_ready_file() {
if test -e /tmp/wolfssl_server_ready; then
echo -e "removing exisitng server_ready file"
rm /tmp/wolfssl_server_ready
fi
}
do_cleanup() {
echo "in cleanup"
@@ -15,6 +24,7 @@ do_cleanup() {
echo "killing server"
kill -9 $server_pid
fi
remove_ready_file
}
do_trap() {
@@ -27,10 +37,7 @@ trap do_trap INT TERM
echo -e "\nStarting example server for resume test...\n"
if test -e /tmp/wolfssl_server_ready; then
echo -e "removing exisitng server_ready file"
rm /tmp/wolfssl_server_ready
fi
remove_ready_file
./examples/server/server -r -R -p $resume_port &
server_pid=$!
@@ -51,6 +58,7 @@ fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then

16
src/internal.c
View File

@@ -41,7 +41,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
@@ -247,7 +247,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
static RNG* rng;
static wolfSSL_Mutex* rngMutex;
static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
static word32 GetEntropy(unsigned char* out, word32 num_bytes)
{
int ret = 0;
@@ -265,7 +265,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
}
ret |= LockMutex(rngMutex);
ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
ret |= UnLockMutex(rngMutex);
if (ret != 0)
@@ -4464,7 +4464,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#else
store->current_cert = NULL;
#endif
#ifdef FORTRESS
#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL)
store->ex_data = ssl;
#endif
ok = ssl->verifyCallback(0, store);
@@ -10623,7 +10623,7 @@ static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
}
/* set up ntru drbg */
ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (ret != DRBG_OK)
return NTRU_DRBG_ERROR;
@@ -10670,7 +10670,7 @@ static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
/* set up drbg */
ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (ret != DRBG_OK)
return NTRU_DRBG_ERROR;
@@ -10805,7 +10805,7 @@ static word32 QSH_MaxSecret(QSHKey* key)
}
if (isNtru) {
ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (ret != DRBG_OK)
return NTRU_DRBG_ERROR;
ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
@@ -11251,7 +11251,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
return NO_PEER_KEY;
}
rc = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (rc != DRBG_OK) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);

770
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

8
src/tls.c
View File

@@ -37,7 +37,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#include <wolfssl/wolfcrypt/random.h>
#endif
#ifdef HAVE_QSH
@@ -2836,7 +2836,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
#ifdef HAVE_NTRU
static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
static word32 GetEntropy(unsigned char* out, word32 num_bytes)
{
int ret = 0;
@@ -2854,7 +2854,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
}
ret |= LockMutex(rngMutex);
ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
ret |= UnLockMutex(rngMutex);
if (ret != 0)
@@ -2947,7 +2947,7 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
WOLFSSL_MSG("Unknown type for creating NTRU key");
return -1;
}
ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
if (ret != DRBG_OK) {
WOLFSSL_MSG("NTRU drbg instantiate failed\n");
return ret;

2
support/wolfssl.pc
View File

@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.6.1
Version: 3.6.2
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}

3
tests/test-qsh.conf
View File

@@ -2018,4 +2018,7 @@
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES128
-v 3
-l QSH:NTRU-AES128-SHA

3
tests/test.conf
View File

@@ -2018,4 +2018,7 @@
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA

2
wolfcrypt/benchmark/benchmark.c
View File

@@ -71,7 +71,7 @@
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(WOLFSSL_MDK_ARM)

2
wolfcrypt/src/asn.c
View File

@@ -49,7 +49,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)

35
wolfcrypt/src/coding.c
View File

@@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
else
basic = base64Encode[e];
/* check whether to escape */
if (escaped) {
/* check whether to escape. Only escape for EncodeEsc */
if (escaped == WC_ESC_NL_ENC) {
switch ((char)basic) {
case '+' :
plus = 1;
@@ -235,15 +235,17 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
word32 outSz = (inLen + 3 - 1) / 3 * 4;
word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */
if (escaped)
if (escaped == WC_ESC_NL_ENC)
addSz *= 3; /* instead of just \n, we're doing %0A triplet */
else if (escaped == WC_NO_NL_ENC)
addSz = 0; /* encode without \n */
outSz += addSz;
/* if escaped we can't predetermine size for one pass encoding, but
* make sure we have enough if no escapes are in input */
if (outSz > *outLen) return BAD_FUNC_ARG;
while (inLen > 2) {
byte b1 = in[j++];
byte b2 = in[j++];
@@ -267,7 +269,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
inLen -= 3;
if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
/* Insert newline after PEM_LINE_SZ, unless no \n requested */
if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
if (ret != 0) break;
}
@@ -285,44 +288,48 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
byte e3 = (byte)((b2 & 0xF) << 2);
ret = CEscape(escaped, e1, out, &i, *outLen, 0);
if (ret == 0)
if (ret == 0)
ret = CEscape(escaped, e2, out, &i, *outLen, 0);
if (ret == 0) {
/* third */
if (twoBytes)
ret = CEscape(escaped, e3, out, &i, *outLen, 0);
else
else
ret = CEscape(escaped, '=', out, &i, *outLen, 1);
}
/* fourth always pad */
if (ret == 0)
ret = CEscape(escaped, '=', out, &i, *outLen, 1);
}
}
if (ret == 0)
if (ret == 0 && escaped != WC_NO_NL_ENC)
ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
if (i != outSz && escaped == 0 && ret == 0)
return ASN_INPUT_E;
if (i != outSz && escaped != 1 && ret == 0)
return ASN_INPUT_E;
*outLen = i;
return ret;
return ret;
}
/* Base64 Encode, PEM style, with \n line endings */
int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
{
return DoBase64_Encode(in, inLen, out, outLen, 0);
return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC);
}
/* Base64 Encode, with %0A esacped line endings instead of \n */
int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
{
return DoBase64_Encode(in, inLen, out, outLen, 1);
return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC);
}
int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
{
return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC);
}
#endif /* defined(WOLFSSL_BASE64_ENCODE) */

110
wolfcrypt/src/dsa.c
View File

@@ -18,6 +18,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include <stdio.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -93,6 +94,8 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
return BAD_FUNC_ARG;
qsize = mp_unsigned_bin_size(&dsa->q);
if (qsize == 0)
return BAD_FUNC_ARG;
/* allocate ram */
buf = (unsigned char *)XMALLOC(qsize, NULL,
@@ -114,9 +117,6 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
return err;
}
/* force magnitude */
buf[0] |= 0xC0;
err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
@@ -148,9 +148,11 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
/* modulus_size in bits */
int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
{
mp_int tmp, tmp2;
int err, res, msize, qsize, loop;
unsigned char *buf;
mp_int tmp, tmp2;
int err, msize, qsize,
loop_check_prime = 0,
check_prime = MP_NO;
unsigned char *buf;
if (rng == NULL || dsa == NULL)
return BAD_FUNC_ARG;
@@ -174,43 +176,16 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
/* modulus size in bytes */
msize = modulus_size / 8;
if (mp_init(&dsa->q) != MP_OKAY)
return MP_INIT_E;
/* make our prime q */
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
return err;
}
if (mp_init(&tmp) != MP_OKAY) {
mp_clear(&dsa->q);
return MP_INIT_E;
}
/* tmp = 2q */
err = mp_add(&dsa->q, &dsa->q, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&tmp);
return err;
}
/* allocate ram */
buf = (unsigned char *)XMALLOC(msize - qsize,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
mp_clear(&dsa->q);
mp_clear(&tmp);
return MEMORY_E;
}
/* now make a random string and multply it against q */
/* make a random string that will be multplied against q */
err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&tmp);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
@@ -221,9 +196,8 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
/* force even */
buf[msize - qsize - 1] &= ~1;
if (mp_init_multi(&tmp2, &dsa->p, 0, 0, 0, 0) != MP_OKAY) {
if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&tmp);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
@@ -232,25 +206,48 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* p = tmp2 * q */
err = mp_mul(&dsa->q, &tmp2, &dsa->p);
/* make our prime q */
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
/* p = tmp2 * q + 1, so q is a prime divisor of p-1 */
/* p = random * q */
err = mp_mul(&dsa->q, &tmp2, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
/* p = random * q + 1, so q is a prime divisor of p-1 */
err = mp_add_d(&dsa->p, 1, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
if (mp_init(&tmp) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return MP_INIT_E;
}
/* tmp = 2q */
err = mp_add(&dsa->q, &dsa->q, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
@@ -260,8 +257,8 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
}
/* loop until p is prime */
for (loop = 0; loop++;) {
err = mp_prime_is_prime(&dsa->p, 8, &res);
while (check_prime == MP_NO) {
err = mp_prime_is_prime(&dsa->p, 8, &check_prime);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
@@ -270,25 +267,26 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
return err;
}
if (res == MP_YES)
break;
if (check_prime != MP_YES) {
/* p += 2q */
err = mp_add(&tmp, &dsa->p, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
/* p += 2q */
err = mp_add(&tmp, &dsa->p, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
loop_check_prime++;
}
}
/* tmp2 += (2*loop)
/* tmp2 += (2*loop_check_prime)
* to have p = (q * tmp2) + 1 prime
*/
if (loop) {
err = mp_add_d(&tmp2, 2*loop, &tmp2);
if (loop_check_prime) {
err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);

2
wolfcrypt/src/ecc.c
View File

@@ -4912,7 +4912,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
switch (ctx->encAlgo) {
case ecAES_128_CBC:
*encKeySz = KEY_SIZE_128;
*ivSz = IV_SIZE_64;
*ivSz = IV_SIZE_128;
*blockSz = AES_BLOCK_SIZE;
break;
default:

42
wolfcrypt/src/integer.c
View File

@@ -963,7 +963,7 @@ top:
/* if not zero goto step 4 */
if (mp_iszero (&u) == 0) {
if (++loop_check > 1024) {
if (++loop_check > 4096) {
res = MP_VAL;
goto LBL_ERR;
}
@@ -2501,33 +2501,6 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
}
/* computes a = 2**b
*
* Simple algorithm which zeroes the int, grows it then just sets one bit
* as required.
*/
int
mp_2expt (mp_int * a, int b)
{
int res;
/* zero a as per default */
mp_zero (a);
/* grow a to accomodate the single bit */
if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) {
return res;
}
/* set the used count of where the bit will go */
a->used = b / DIGIT_BIT + 1;
/* put the single bit in its place */
a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT);
return MP_OKAY;
}
/* set the b bit of a */
int
mp_set_bit (mp_int * a, int b)
@@ -2550,6 +2523,19 @@ mp_set_bit (mp_int * a, int b)
return MP_OKAY;
}
/* computes a = 2**b
*
* Simple algorithm which zeroes the int, set the required bit
*/
int
mp_2expt (mp_int * a, int b)
{
/* zero a as per default */
mp_zero (a);
return mp_set_bit(a, b);
}
/* multiply by a digit */
int
mp_mul_d (mp_int * a, mp_digit b, mp_int * c)

9
wolfcrypt/src/tfm.c
View File

@@ -933,7 +933,7 @@ top:
/* if not zero goto step 4 */
if (fp_iszero (&u) == FP_NO) {
if (++loop_check > 1024) /* bad input */
if (++loop_check > 4096) /* bad input */
return FP_VAL;
goto top;
}
@@ -1840,11 +1840,11 @@ int fp_set_bit (fp_int * a, fp_digit b)
i = b/DIGIT_BIT;
/* set the used count of where the bit will go if required */
if (a->used < (int)(i + 1))
a->used = (int)(i + 1);
if (a->used < (int)(i+1))
a->used = (int)(i+1);
/* put the single bit in its place */
a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
a->dp[i] |= ((fp_digit)1) << (b % DIGIT_BIT);
return MP_OKAY;
}
@@ -1868,6 +1868,7 @@ int fp_count_bits (fp_int * a)
++r;
q >>= ((fp_digit) 1);
}
return r;
}

128
wolfcrypt/test/test.c
View File

@@ -115,7 +115,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "libntruencrypt/ntru_crypto.h"
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
@@ -3386,7 +3386,6 @@ int rsa_test(void)
wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
#endif
printf("1\n");
ret = wc_InitRsaKey(&key, 0);
if (ret != 0) {
free(tmp);
@@ -3447,7 +3446,7 @@ printf("1\n");
free(tmp);
return -49;
}
printf("11\n");
bytes = fread(tmp, 1, FOURK_BUF, file2);
fclose(file2);
#endif
@@ -3467,7 +3466,6 @@ printf("11\n");
(void)bytes;
#endif
printf("111\n");
#ifdef WOLFSSL_KEY_GEN
{
byte* der;
@@ -3478,7 +3476,7 @@ printf("111\n");
RsaKey genKey;
FILE* keyFile;
FILE* pemFile;
printf("2\n");
ret = wc_InitRsaKey(&genKey, 0);
if (ret != 0)
return -300;
@@ -3504,7 +3502,7 @@ printf("2\n");
free(pem);
return -302;
}
printf("22\n");
#ifdef FREESCALE_MQX
keyFile = fopen("a:\\certs\\key.der", "wb");
#else
@@ -3532,7 +3530,7 @@ printf("22\n");
wc_FreeRsaKey(&genKey);
return -304;
}
printf("222\n");
#ifdef FREESCALE_MQX
pemFile = fopen("a:\\certs\\key.pem", "wb");
#else
@@ -3569,7 +3567,7 @@ printf("222\n");
wc_FreeRsaKey(&genKey);
return -306;
}
printf("2222\n");
wc_FreeRsaKey(&derIn);
wc_FreeRsaKey(&genKey);
free(pem);
@@ -3577,7 +3575,6 @@ printf("2222\n");
}
#endif /* WOLFSSL_KEY_GEN */
printf("3\n");
#ifdef WOLFSSL_CERT_GEN
/* self signed */
{
@@ -3600,7 +3597,7 @@ printf("3\n");
free(derCert);
return -310;
}
printf("33\n");
wc_InitCert(&myCert);
strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
@@ -3630,7 +3627,7 @@ printf("33\n");
}
FreeDecodedCert(&decode);
#endif
printf("333\n");
#ifdef FREESCALE_MQX
derFile = fopen("a:\\certs\\cert.der", "wb");
#else
@@ -3648,14 +3645,14 @@ printf("333\n");
free(pem);
return -414;
}
printf("4\n");
pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
if (pemSz < 0) {
free(derCert);
free(pem);
return -404;
}
printf("41\n");
#ifdef FREESCALE_MQX
pemFile = fopen("a:\\certs\\cert.pem", "wb");
#else
@@ -4430,8 +4427,111 @@ int dsa_test(void)
if (answer != 1) return -65;
wc_FreeDsaKey(&key);
wc_FreeRng(&rng);
#ifdef WOLFSSL_KEY_GEN
{
byte* der;
byte* pem;
int derSz = 0;
int pemSz = 0;
DsaKey derIn;
DsaKey genKey;
FILE* keyFile;
FILE* pemFile;
wc_InitDsaKey(&genKey);
ret = wc_MakeDsaParameters(&rng, 1024, &genKey);
if (ret != 0) return -362;
ret = wc_MakeDsaKey(&rng, &genKey);
if (ret != 0) return -363;
der = (byte*)malloc(FOURK_BUF);
if (der == NULL) {
wc_FreeDsaKey(&genKey);
return -364;
}
pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) {
free(der);
wc_FreeDsaKey(&genKey);
return -365;
}
derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF);
if (derSz < 0) {
free(der);
free(pem);
return -366;
}
#ifdef FREESCALE_MQX
keyFile = fopen("a:\\certs\\key.der", "wb");
#else
keyFile = fopen("./key.der", "wb");
#endif
if (!keyFile) {
free(der);
free(pem);
wc_FreeDsaKey(&genKey);
return -367;
}
ret = (int)fwrite(der, 1, derSz, keyFile);
fclose(keyFile);
if (ret != derSz) {
free(der);
free(pem);
wc_FreeDsaKey(&genKey);
return -368;
}
pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, DSA_PRIVATEKEY_TYPE);
if (pemSz < 0) {
free(der);
free(pem);
wc_FreeDsaKey(&genKey);
return -369;
}
#ifdef FREESCALE_MQX
pemFile = fopen("a:\\certs\\key.pem", "wb");
#else
pemFile = fopen("./key.pem", "wb");
#endif
if (!pemFile) {
free(der);
free(pem);
wc_FreeDsaKey(&genKey);
return -370;
}
ret = (int)fwrite(pem, 1, pemSz, pemFile);
fclose(pemFile);
if (ret != pemSz) {
free(der);
free(pem);
wc_FreeDsaKey(&genKey);
return -371;
}
wc_InitDsaKey(&derIn);
idx = 0;
ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz);
if (ret != 0) {
free(der);
free(pem);
wc_FreeDsaKey(&derIn);
wc_FreeDsaKey(&genKey);
return -373;
}
wc_FreeDsaKey(&derIn);
wc_FreeDsaKey(&genKey);
free(pem);
free(der);
}
#endif /* WOLFSSL_KEY_GEN */
wc_FreeRng(&rng);
return 0;
}

12
wolfssl/internal.h
View File

@@ -890,7 +890,7 @@ enum Misc {
MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
#ifdef FORTRESS
#if defined(FORTRESS) || defined (HAVE_STUNNEL)
MAX_EX_DATA = 3, /* allow for three items of ex_data */
#endif
@@ -1612,8 +1612,11 @@ struct WOLFSSL_CTX {
#endif /* HAVE_ANON */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
pem_password_cb passwd_cb;
void* userdata;
void* userdata;
#endif /* OPENSSL_EXTRA */
#ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA];
#endif
#ifdef HAVE_OCSP
WOLFSSL_OCSP ocsp;
#endif
@@ -1847,6 +1850,9 @@ struct WOLFSSL_SESSION {
word16 ticketLen;
byte ticket[SESSION_TICKET_LEN];
#endif
#ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA];
#endif
};
@@ -2300,7 +2306,7 @@ struct WOLFSSL {
#ifdef KEEP_PEER_CERT
WOLFSSL_X509 peerCert; /* X509 peer cert */
#endif
#ifdef FORTRESS
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
#endif
#ifdef HAVE_CAVIUM

17
wolfssl/openssl/asn1.h
View File

@@ -1,2 +1,19 @@
/* asn1.h for openssl */
#ifndef WOLFSSL_ASN1_H_
#define WOLFSSL_ASN1_H_
struct WOLFSSL_ASN1_BIT_STRING {
int length;
int type;
char* data;
long flags;
};
struct WOLFSSL_ASN1_STRING {
int length;
int type;
char* data;
long flags;
};
#endif /* WOLFSSL_ASN1_H_ */

4
wolfssl/openssl/bn.h
View File

@@ -77,7 +77,9 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
WOLFSSL_BN_ULONG);
WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
#endif
WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);

8
wolfssl/openssl/crypto.h
View File

@@ -21,6 +21,14 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
#define SSLEAY_VERSION 0x0090600fL
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#ifdef HAVE_STUNNEL
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
#define FIPS_mode wolfSSL_FIPS_mode
#define FIPS_mode_set wolfSSL_FIPS_mode_set
typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA;
typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
long argl, void* argp);
#endif /* HAVE_STUNNEL */
#endif /* header */

7
wolfssl/openssl/dh.h
View File

@@ -11,7 +11,7 @@
extern "C" {
#endif
typedef struct WOLFSSL_DH {
struct WOLFSSL_DH {
WOLFSSL_BIGNUM* p;
WOLFSSL_BIGNUM* g;
WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */
@@ -23,7 +23,7 @@ typedef struct WOLFSSL_DH {
* lighttpd src code.
*/
int length;
} WOLFSSL_DH;
};
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
@@ -48,4 +48,7 @@ typedef WOLFSSL_DH DH;
} /* extern "C" */
#endif
#ifdef HAVE_STUNNEL
#define DH_generate_parameters wolfSSL_DH_generate_parameters
#endif /* HAVE_STUNNEL */
#endif /* header */

2
wolfssl/openssl/ecdh.h
View File

@@ -7,7 +7,7 @@
#include <wolfssl/openssl/bn.h>
#ifdef __cplusplus
extern C {
extern "C" {
#endif

3
wolfssl/openssl/ecdsa.h
View File

@@ -35,4 +35,5 @@ WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
} /* extern "C" */
#endif
#endif /* header */
#endif /* header */

3
wolfssl/openssl/err.h
View File

@@ -1,2 +1,3 @@
/* err.h for openssl */
#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings
#define ERR_peek_last_error wolfSSL_ERR_peek_last_error

10
wolfssl/openssl/opensslv.h
View File

@@ -5,7 +5,15 @@
/* api version compatibility */
#define OPENSSL_VERSION_NUMBER 0x0090810fL
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x0090700fL
#else
#define OPENSSL_VERSION_NUMBER 0x0090810fL
#endif
#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING
#endif /* header */

2
wolfssl/openssl/rand.h
View File

@@ -1,4 +1,6 @@
/* rand.h for openSSL */
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/wolfcrypt/random.h>
#define RAND_set_rand_method wolfSSL_RAND_set_rand_method

76
wolfssl/openssl/ssl.h
View File

@@ -289,7 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define ASN1_TIME_pr wolfSSL_ASN1_TIME_pr
#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
@@ -304,7 +304,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
#define SSL_CTX_set_timeout wolfSSL_CTX_set_timeout
#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
#define ERR_peek_error wolfSSL_ERR_peek_error
@@ -407,25 +407,21 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_CB_HANDSHAKE_START 0x10
#define X509_NAME_free WOLFSSL_X509_NAME_free
#define SSL_CTX_use_certificate WOLFSSL_CTX_use_certificate
#define SSL_CTX_use_PrivateKey WOLFSSL_CTX_use_PrivateKey
#define BIO_new_file wolfSSL_BIO_new_file
#define X509_NAME_free wolfSSL_X509_NAME_free
#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
#define BIO_read_filename wolfSSL_BIO_read_filename
#define BIO_s_file WOLFSSL_BIO_s_file
#define BIO_s_file wolfSSL_BIO_s_file
#define OBJ_nid2sn wolf_OBJ_nid2sn
#define OBJ_obj2nid wolf_OBJ_obj2nid
#define OBJ_sn2nid wolf_OBJ_sn2nid
#define PEM_read_bio_DHparams PEM_read_bio_DHparams
#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
#define SSL_CTX_set_tmp_dh WOLFSSL_CTX_set_tmp_dh
#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
#define SSL_get_app_data WOLFSSL_get_app_data
#define SSL_set_app_data WOLFSSL_set_app_data
#define SSL_get_app_data wolfSSL_get_app_data
#define SSL_set_app_data wolfSSL_set_app_data
#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
#define X509_NAME_ENTRY_get_object WOLFSSL_X509_NAME_ENTRY_get_object
#define X509_NAME_get_entry WOLFSSL_X509_NAME_get_entry
#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
#define SHA1 wolfSSL_SHA1
#define X509_check_private_key wolfSSL_X509_check_private_key
@@ -433,6 +429,58 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#endif
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
#define BIO_new_file wolfSSL_BIO_new_file
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#ifdef HAVE_STUNNEL
#include <wolfssl/openssl/asn1.h>
/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/
#define SSL_CB_ACCEPT_LOOP 0x2001
#define SSL2_VERSION 0x0002
#define SSL3_VERSION 0x0300
#define TLS1_VERSION 0x0301
#define DTLS1_VERSION 0xFEFF
#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000)
#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000)
#define ASN1_STRFLGS_ESC_MSB 4
#define X509_V_ERR_CERT_REJECTED 28
#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long
#define SSL_alert_type_string_long wolfSSL_alert_type_string_long
#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits
#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num
#define sk_X509_num wolfSSL_sk_X509_num
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define SSL_CTX_get_options wolfSSL_CTX_get_options
#define SSL_CTX_flush_sessions wolfSSL_flush_sessions
#define SSL_CTX_add_session wolfSSL_CTX_add_session
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_version wolfSSL_version
#define SSL_get_state wolfSSL_get_state
#define SSL_state_string_long wolfSSL_state_string_long
#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
#define sk_X509_value wolfSSL_sk_X509_value
#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data
#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define CRYPTO_dynlock_value WOLFSSL_dynlock_value
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#endif /* HAVE_STUNNEL */
#ifdef __cplusplus
} /* extern "C" */
#endif

120
wolfssl/ssl.h
View File

@@ -91,13 +91,10 @@ typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME;
typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_STRING{
#ifdef HAVE_LIGHTY
char* data;
int length;
#endif
} WOLFSSL_ASN1_STRING;
typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
typedef struct WOLFSSL_DH WOLFSSL_DH;
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
@@ -146,6 +143,7 @@ typedef struct WOLFSSL_X509_REVOKED {
typedef struct WOLFSSL_X509_OBJECT {
union {
char* ptr;
WOLFSSL_X509 *x509;
WOLFSSL_X509_CRL* crl; /* stunnel dereference */
} data;
} WOLFSSL_X509_OBJECT;
@@ -340,7 +338,7 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
WOLFSSL_API int wolfSSL_ERR_GET_REASON(int err);
WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
unsigned long sz);
@@ -524,14 +522,15 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb);
WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void));
WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
void (*)(const WOLFSSL* ssl, int type, int val));
WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
WOLFSSL_API int wolfSSL_GET_REASON(int);
WOLFSSL_API char* wolfSSL_alert_type_string_long(int);
WOLFSSL_API char* wolfSSL_alert_desc_string_long(int);
WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*);
WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
void(*)(int, int, void*), void*);
@@ -644,11 +643,16 @@ enum {
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
X509_V_ERR_CERT_HAS_EXPIRED = 21,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
X509_V_ERR_CERT_REJECTED = 23,
X509_V_OK = 0,
XN_FLAG_SPC_EQ = (1 << 23),
XN_FLAG_ONELINE = 0,
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10
CRYPTO_NUM_LOCKS = 10,
ASN1_STRFLGS_ESC_MSB = 4
};
/* extras end */
@@ -1509,26 +1513,23 @@ typedef struct WOLFSSL_X509_NAME_ENTRY {
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/asn1.h>
WOLFSSL_API void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
WOLFSSL_API int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
WOLFSSL_API WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void);
/* These are to be merged shortly */
WOLFSSL_API const char * wolf_OBJ_nid2sn(int n);
WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn);
WOLFSSL_API WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
WOLFSSL_API long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
WOLFSSL_API void* WOLFSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
@@ -1538,6 +1539,77 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#endif
#endif
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
WOLFSSL_DH **x, pem_password_cb *cb, void *u);
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#ifdef HAVE_STUNNEL
#include <wolfssl/openssl/crypto.h>
WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int, void *), void *cb_arg);
WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
WOLFSSL_API int wolfSSL_FIPS_mode(void);
WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s);
WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s);
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,unsigned long);
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
const WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_version(WOLFSSL*);
WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int);
WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int);
WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
CRYPTO_free_func*);
WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*);
#endif /* HAVE_STUNNEL */
#ifdef __cplusplus
} /* extern "C" */

4
wolfssl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "3.6.1"
#define LIBWOLFSSL_VERSION_HEX 0x03006001
#define LIBWOLFSSL_VERSION_STRING "3.6.2"
#define LIBWOLFSSL_VERSION_HEX 0x03006002
#ifdef __cplusplus
}

9
wolfssl/wolfcrypt/coding.h
View File

@@ -41,6 +41,12 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
#ifdef WOLFSSL_BASE64_ENCODE
enum Escaped {
WC_STD_ENC = 0, /* normal \n line ending encoding */
WC_ESC_NL_ENC, /* use escape sequence encoding */
WC_NO_NL_ENC /* no encoding at all */
}; /* Encoding types */
/* encode isn't */
WOLFSSL_API
int Base64_Encode(const byte* in, word32 inLen, byte* out,
@@ -48,6 +54,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
WOLFSSL_API
int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
word32* outLen);
WOLFSSL_API
int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
word32* outLen);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)

1
wolfssl/wolfcrypt/ecc.h
View File

@@ -234,6 +234,7 @@ enum {
KEY_SIZE_128 = 16,
KEY_SIZE_256 = 32,
IV_SIZE_64 = 8,
IV_SIZE_128 = 16,
EXCHANGE_SALT_SZ = 16,
EXCHANGE_INFO_SZ = 23
};

5
wolfssl/wolfcrypt/logging.h
View File

@@ -46,9 +46,13 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel,
WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#ifdef DEBUG_WOLFSSL
/* a is prepended to m and b is appended, creating a log msg a + m + b */
#define WOLFSSL_LOG_CAT(a, m, b) #a " " m " " #b
void WOLFSSL_ENTER(const char* msg);
void WOLFSSL_LEAVE(const char* msg, int ret);
#define WOLFSSL_STUB(m) \
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
void WOLFSSL_ERROR(int);
void WOLFSSL_MSG(const char* msg);
@@ -57,6 +61,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#define WOLFSSL_ENTER(m)
#define WOLFSSL_LEAVE(m, r)
#define WOLFSSL_STUB(m)
#define WOLFSSL_ERROR(e)
#define WOLFSSL_MSG(m)