diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md index 519520e56..f4525176c 100644 --- a/IDE/iOS/README.md +++ b/IDE/iOS/README.md @@ -63,10 +63,15 @@ for "Preprocessor Macros" and add the following under both `Release` and * `HAVE_AESGCM` * `WOLFSSL_SHA512` * `WOLFSSL_SHA384` +* `NO_MD4` +* `NO_HC128` +* `NO_RABBIT` +* `NO_DSA` +* `NO_PWDBASED` -The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS -and FIPS-TEST files are from our FIPS project v3.4.8. For the wolfCAVP test -the wolfSSL version used is v3.4.8. +The approved FIPS source files are from the CyaSSL project tag v3.4.8.fips. The +files fips.c and fips_test.c, and the wolfCAVP test app are from the FIPS +project tag v3.4.8a. The wolfSSL/wolfCrypt files are from tag v3.4.8. # Using the FIPS library @@ -80,7 +85,7 @@ Every time the application is changed, the FIPS checksum will change, because the FIPS library's position in the executable may change. You need to add something to your application that will output the verifyCore -value to be used. The verifyCore in fips_test.c will need to be updated with this -value, the library rebuilt, and relinked into your application. The application -should not be changed during this process or the verifyCore check will fail again. - +value to be used. The verifyCore in fips_test.c will need to be updated with +this value, the library rebuilt, and relinked into your application. The +application should not be changed during this process or the verifyCore check +will fail again. diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj index 1f14345f9..06011aecd 100644 --- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj @@ -865,7 +865,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 6.1; + IPHONEOS_DEPLOYMENT_TARGET = 8.1; ONLY_ACTIVE_ARCH = YES; SDKROOT = iphoneos; USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include"; @@ -888,7 +888,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; - IPHONEOS_DEPLOYMENT_TARGET = 6.1; + IPHONEOS_DEPLOYMENT_TARGET = 8.1; SDKROOT = iphoneos; USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include"; VALIDATE_PRODUCT = NO; @@ -911,6 +911,10 @@ HAVE_AESGCM, WOLFSSL_SHA512, WOLFSSL_SHA384, + NO_MD4, + NO_HC128, + NO_RABBIT, + NO_DSA, NO_PWDBASED, ); HEADER_SEARCH_PATHS = ( @@ -942,6 +946,10 @@ HAVE_AESGCM, WOLFSSL_SHA512, WOLFSSL_SHA384, + NO_MD4, + NO_HC128, + NO_RABBIT, + NO_DSA, NO_PWDBASED, ); HEADER_SEARCH_PATHS = ( diff --git a/src/internal.c b/src/internal.c index 39e3beb90..ab13a56a5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9977,6 +9977,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl, byte sigAlgo = ssl->specs.sig_algo; word16 verifySz = (word16) (*inOutIdx - begin); +#ifndef NO_OLD_TLS + byte doMd5 = 0; + byte doSha = 0; +#endif +#ifndef NO_SHA256 + byte doSha256 = 0; +#endif +#ifdef WOLFSSL_SHA384 + byte doSha384 = 0; +#endif +#ifdef WOLFSSL_SHA512 + byte doSha512 = 0; +#endif + (void)hash; (void)sigAlgo; (void)hashAlgo; @@ -9995,11 +10009,60 @@ static void PickHashSigAlgo(WOLFSSL* ssl, XMEMCPY(messageVerify, input + begin, verifySz); if (IsAtLeastTLSv1_2(ssl)) { + byte setHash = 0; if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) ERROR_OUT(BUFFER_ERROR, done); hashAlgo = input[(*inOutIdx)++]; sigAlgo = input[(*inOutIdx)++]; + + switch (hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + doSha512 = 1; + setHash = 1; + #endif + break; + + case sha384_mac: + #ifdef WOLFSSL_SHA384 + doSha384 = 1; + setHash = 1; + #endif + break; + + case sha256_mac: + #ifndef NO_SHA256 + doSha256 = 1; + setHash = 1; + #endif + break; + + case sha_mac: + #ifndef NO_OLD_TLS + doSha = 1; + setHash = 1; + #endif + break; + + default: + ERROR_OUT(ALGO_ID_E, done); + } + + if (setHash == 0) { + ERROR_OUT(ALGO_ID_E, done); + } + + } else { + /* only using sha and md5 for rsa */ + #ifndef NO_OLD_TLS + doSha = 1; + if (sigAlgo == rsa_sa_algo) { + doMd5 = 1; + } + #else + ERROR_OUT(ALGO_ID_E, done); + #endif } /* signature */ @@ -10024,83 +10087,104 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifndef NO_OLD_TLS /* md5 */ #ifdef WOLFSSL_SMALL_STACK - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) - ERROR_OUT(MEMORY_E, done); + if (doMd5) { + md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (md5 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - wc_InitMd5(md5); - wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); - wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); - wc_Md5Update(md5, messageVerify, verifySz); - wc_Md5Final(md5, hash); - + if (doMd5) { + wc_InitMd5(md5); + wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); + wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); + wc_Md5Update(md5, messageVerify, verifySz); + wc_Md5Final(md5, hash); + } /* sha */ #ifdef WOLFSSL_SMALL_STACK - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) - ERROR_OUT(MEMORY_E, done); + if (doSha) { + sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - ret = wc_InitSha(sha); - if (ret != 0) - goto done; - wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); - wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); - wc_ShaUpdate(sha, messageVerify, verifySz); - wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE); + if (doSha) { + ret = wc_InitSha(sha); + if (ret != 0) goto done; + wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); + wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); + wc_ShaUpdate(sha, messageVerify, verifySz); + wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE); + } #endif #ifndef NO_SHA256 #ifdef WOLFSSL_SMALL_STACK - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, + if (doSha256) { + sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, + hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha256 == NULL || hash256 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha256(sha256)) - && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) - ret = wc_Sha256Final(sha256, hash256); - if (ret != 0) - goto done; + if (doSha256) { + if (!(ret = wc_InitSha256(sha256)) + && !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) + ret = wc_Sha256Final(sha256, hash256); + if (ret != 0) goto done; + } #endif #ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SMALL_STACK - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, + if (doSha384) { + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, + hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha384 == NULL || hash384 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha384(sha384)) - && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) - ret = wc_Sha384Final(sha384, hash384); - if (ret != 0) - goto done; + if (doSha384) { + if (!(ret = wc_InitSha384(sha384)) + && !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) + ret = wc_Sha384Final(sha384, hash384); + if (ret != 0) goto done; + } #endif #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SMALL_STACK - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, + if (doSha512) { + sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); - hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, + hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) - ERROR_OUT(MEMORY_E, done); + if (sha512 == NULL || hash512 == NULL) + ERROR_OUT(MEMORY_E, done); + } #endif - if (!(ret = wc_InitSha512(sha512)) - && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) - ret = wc_Sha512Final(sha512, hash512); - if (ret != 0) - goto done; + if (doSha512) { + if (!(ret = wc_InitSha512(sha512)) + && !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, + RAN_LEN)) + && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, + RAN_LEN)) + && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) + ret = wc_Sha512Final(sha512, hash512); + if (ret != 0) goto done; + } #endif #ifndef NO_RSA @@ -10186,8 +10270,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ERROR_OUT(MEMORY_E, done); #endif - encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH); - + if (digest == NULL) + ERROR_OUT(ALGO_ID_E, done); + encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, + typeH); if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig, min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) ret = VERIFY_SIGN_ERROR; diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index 08dc21d16..9f8458588 100755 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -65,11 +65,13 @@ #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 -#define CPUID_BMI2 0x10 +#define CPUID_BMI2 0x10 /* MULX, RORX */ +#define CPUID_ADX 0x20 /* ADCX, ADOX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) #define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) +#define IS_INTEL_ADX (cpuid_flags&CPUID_ADX) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) #define SET_FLAGS @@ -98,6 +100,7 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { INLINE static int set_cpuid_flags(void) { if(cpuid_check == 0) { if(cpuid_flag(7, 0, EBX, 8)){ cpuid_flags |= CPUID_BMI2 ; } + if(cpuid_flag(7, 0, EBX,19)){ cpuid_flags |= CPUID_ADX ; } cpuid_check = 1 ; return 0 ; } @@ -107,7 +110,7 @@ INLINE static int set_cpuid_flags(void) { #define RETURN return #define IF_HAVE_INTEL_MULX(func, ret) \ if(cpuid_check==0)set_cpuid_flags() ; \ - if(IS_INTEL_BMI2){ func; ret ; } + if(IS_INTEL_BMI2 && IS_INTEL_ADX){ func; ret ; } #else #define IF_HAVE_INTEL_MULX(func, ret) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 399753ab3..634623bee 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2931,12 +2931,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) } -word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) +word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, + int hashOID) { byte digArray[MAX_ENCODED_DIG_SZ]; byte algoArray[MAX_ALGO_SZ]; byte seqArray[MAX_SEQ_SZ]; - word32 encDigSz, algoSz, seqSz; + word32 encDigSz, algoSz, seqSz; encDigSz = SetDigest(digest, digSz, digArray); algoSz = SetAlgoID(hashOID, algoArray, hashType, 0); diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 9993dcc88..6ab516347 100755 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -176,9 +176,11 @@ int InitSha256(Sha256* sha256) { #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 +#define CPUID_BMI2 0x10 /* MULX, RORX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) +#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) @@ -207,6 +209,7 @@ static int set_cpuid_flags(void) { if(cpuid_check==0) { if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;} if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; } + if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; } if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; } cpuid_check = 1 ; @@ -235,7 +238,7 @@ static void set_Transform(void) { if(set_cpuid_flags())return ; #if defined(HAVE_INTEL_AVX2) - if(IS_INTEL_AVX2){ + if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ Transform_p = Transform_AVX1_RORX; return ; Transform_p = Transform_AVX2 ; /* for avoiding warning,"not used" */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index f77c8a2cf..62457f891 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -208,9 +208,11 @@ int InitSha512(Sha512* sha512) { #define CPUID_AVX2 0x2 #define CPUID_RDRAND 0x4 #define CPUID_RDSEED 0x8 +#define CPUID_BMI2 0x10 /* MULX, RORX */ #define IS_INTEL_AVX1 (cpuid_flags&CPUID_AVX1) #define IS_INTEL_AVX2 (cpuid_flags&CPUID_AVX2) +#define IS_INTEL_BMI2 (cpuid_flags&CPUID_BMI2) #define IS_INTEL_RDRAND (cpuid_flags&CPUID_RDRAND) #define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED) @@ -242,6 +244,7 @@ static int set_cpuid_flags(int sha) { if((cpuid_check & sha) ==0) { if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;} if(cpuid_flag(7, 0, EBX, 5)){ cpuid_flags |= CPUID_AVX2 ; } + if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ; } if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ; } cpuid_check |= sha ; @@ -276,7 +279,7 @@ static void set_Transform(void) { if(set_cpuid_flags(CHECK_SHA512)) return ; #if defined(HAVE_INTEL_AVX2) - if(IS_INTEL_AVX2){ + if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ Transform_p = Transform_AVX1_RORX; return ; Transform_p = Transform_AVX2 ; /* for avoiding warning,"not used" */ @@ -1352,7 +1355,7 @@ static void set_Transform384(void) { Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ; #elif defined(HAVE_INTEL_AVX2) #if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_RORX) - if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX1_RORX ; return ; } + if(IS_INTEL_AVX2 && IS_INTEL_BMI2) { Transform384_p = Transform384_AVX1_RORX ; return ; } #endif if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX2 ; return ; } #if defined(HAVE_INTEL_AVX1)