diff --git a/.gitignore b/.gitignore index f8ff8a508..47c38e3f1 100644 --- a/.gitignore +++ b/.gitignore @@ -39,6 +39,8 @@ cyassl.sublime* fips.c fips_test.c fips +src/async.c +wolfssl/async.h ctaocrypt/benchmark/benchmark ctaocrypt/test/testctaocrypt wolfcrypt/benchmark/benchmark @@ -69,6 +71,7 @@ ntru-cert.pem ntru-key.raw key.der key.pem +ecc-public-key.der ecc-key.der ecc-key.pem certreq.der diff --git a/IDE/ARDUINO/sketches/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client.ino index f91f85a4e..6d52690c2 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client.ino @@ -1,8 +1,8 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include #include #include diff --git a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c index cdb8efd26..3b12b6f29 100644 --- a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c +++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c @@ -1,8 +1,8 @@ /* benchmark-main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c index 9a21fd740..1c626f5ef 100644 --- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c +++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c @@ -1,8 +1,8 @@ /* current-time.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c index 0315d577e..030914bfd 100644 --- a/IDE/IAR-EWARM/Projects/common/minimum-startup.c +++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c @@ -1,8 +1,8 @@ /* minimum-startup.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include #pragma language=extended diff --git a/IDE/IAR-EWARM/Projects/test/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c index ad78746d5..5d0930b71 100644 --- a/IDE/IAR-EWARM/Projects/test/test-main.c +++ b/IDE/IAR-EWARM/Projects/test/test-main.c @@ -1,8 +1,8 @@ /* test-main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + typedef struct func_args { int argc; char** argv; diff --git a/IDE/IAR-EWARM/README b/IDE/IAR-EWARM/README index 2731104ea..2b5f80d77 100644 --- a/IDE/IAR-EWARM/README +++ b/IDE/IAR-EWARM/README @@ -4,6 +4,11 @@ This directory contains project files for IAR EWARM IDE. These projects have been set up to generic ARM Cortex-M MPUs. In order to generate project for specific target MPU, take following steps. +** Note ** regarding Segger Embedded Operating System (embOS) + The directory embOS contains projects specifically for embOS on IAR-EWARM. + Only use this directory if you are building an IAR Workbench project that + uses embOS + Included Project Files ----------------------- diff --git a/IDE/IAR-EWARM/embOS/.gitignore b/IDE/IAR-EWARM/embOS/.gitignore new file mode 100644 index 000000000..426cd0c04 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/.gitignore @@ -0,0 +1,6 @@ +*.bat +*.xcl +*.crun +*.dbgdt +*.dni + diff --git a/IDE/IAR-EWARM/embOS/README b/IDE/IAR-EWARM/embOS/README new file mode 100644 index 000000000..4fac7ca47 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/README @@ -0,0 +1,28 @@ +#-----------------------------------------------------------------------------# +wolfSSL + embOS + IAR Workbench +#-----------------------------------------------------------------------------# + +#-----------------------------------------------------------------------------# +For building the existing examples on a SAMV71_Explained_Ultra with Cortex M7 +#-----------------------------------------------------------------------------# + + See SAMV71_XULT\\README_ + + I.E. SAMV71_XULT\embOS_wolfcrypt_lib_SAMV71_XULT\README_wolfcrypt_lib + +#-----------------------------------------------------------------------------# +For building wolfssl on a new CPU that is supported by embOS in IAR Workbench +#-----------------------------------------------------------------------------# + + See custom_port\README_custom_port + +#-----------------------------------------------------------------------------# +#-----------------------------------------------------------------------------# + +Thank you for choosing wolfSSL if you ever have any questions please contact us! + +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/README_SAMV71 b/IDE/IAR-EWARM/embOS/SAMV71_XULT/README_SAMV71 new file mode 100644 index 000000000..ddfaac0c1 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/README_SAMV71 @@ -0,0 +1,14 @@ +Each example project here has it's own README please follow them in detail. + +embOS_wolfcrypt_benchmark_SAMV71_XULT\README_wolfcrypt_benchmark +embOS_wolfcrypt_lib_SAMV71_XULT\README_wolfcrypt_lib +embOS_wolfcrypt_test_SAMV71_XULT\README_wolfcrypt_test + + +Thank you for using this guide and we hope this is helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_Linker_Script/samv71q21_wolfssl.icf b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_Linker_Script/samv71q21_wolfssl.icf new file mode 100644 index 000000000..ad309b4d1 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_Linker_Script/samv71q21_wolfssl.icf @@ -0,0 +1,33 @@ +/* + * A simple example for evaluation purposes written from scratch by wolfSSL Inc + */ + +/*###ICF### ****/ +/*-Editor annotation file-*/ +/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */ +/*-Specials-*/ +define symbol __ICFEDIT_intvec_start__ = 0x00400000; +/*-Memory Regions-*/ +define symbol __ICFEDIT_region_RAM_start__ = 0x20400000; +define symbol __ICFEDIT_region_RAM_end__ = 0x20459999; +define symbol __ICFEDIT_region_ROM_start__ = 0x00400000; +define symbol __ICFEDIT_region_ROM_end__ = 0x00599999; +/*-Sizes-*/ +define symbol __ICFEDIT_size_cstack__ = 0x400; +define symbol __ICFEDIT_size_heap__ = 0x13000; +/**** ###ICF###*/ + +define memory mem with size = 4G; +define region RAM_region = mem:[from __ICFEDIT_region_RAM_start__ to __ICFEDIT_region_RAM_end__]; +define region ROM_region = mem:[from __ICFEDIT_region_ROM_start__ to __ICFEDIT_region_ROM_end__]; + +define block CSTACK with alignment = 8, size = __ICFEDIT_size_cstack__ { }; +define block HEAP with alignment = 8, size = __ICFEDIT_size_heap__ { }; + +initialize by copy { readwrite }; +do not initialize { section .noinit }; + +place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec }; +place in ROM_region { readonly }; +place in RAM_region { readwrite, block CSTACK, block HEAP }; + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h new file mode 100644 index 000000000..3a124c7bb --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h @@ -0,0 +1,67 @@ +#ifndef _EMBOS_USER_SETTINGS_H_ +#define _EMBOS_USER_SETTINGS_H_ + + #undef WOLFSSL_EMBOS + #define WOLFSSL_EMBOS + + #undef WOLFCRYPT_ONLY + #define WOLFCRYPT_ONLY + + #undef NO_64BIT + #define NO_64BIT + + #undef SIZEOF_LONG + #define SIZEOF_LONG 4 + + #undef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + + #undef USE_FAST_MATH + #define USE_FAST_MATH + + #undef HAVE_CHACHA + #define HAVE_CHACHA + + #undef HAVE_POLY1305 + #define HAVE_POLY1305 + + #undef ECC_SHAMIR + #define ECC_SHAMIR + + #undef HAVE_ECC + #define HAVE_ECC + + #undef ECC_USER_CURVES + #define ECC_USER_CURVES + + #undef ECC_ALT_SIZE + #define ECC_ALT_SIZE + + #undef FP_MAX_BITS_ECC + #define FP_MAX_BITS_ECC 528 + + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + #undef WOLFSSL_SHA512 + #define WOLFSSL_SHA512 + + #undef WOLFSSL_SHA384 + #define WOLFSSL_SHA384 + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + #undef NO_INLINE + #define NO_INLINE + + #undef BENCH_EMBEDDED + #define BENCH_EMBEDDED + + #undef WOLFSSL_SMALL_STACK + #define WOLFSSL_SMALL_STACK + + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + +#endif /* _EMBOS_USER_SETTINGS_H_ */ diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_simple_example.h b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_simple_example.h new file mode 100644 index 000000000..7679f0492 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_simple_example.h @@ -0,0 +1,43 @@ +#ifndef _EMBOS_USER_SETTINGS_H_ +#define _EMBOS_USER_SETTINGS_H_ + + #undef WOLFCRYPT_ONLY + #define WOLFCRYPT_ONLY + + #undef NO_64BIT + #define NO_64BIT + + #undef SIZEOF_LONG + #define SIZEOF_LONG 4 + + #undef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + + #undef HAVE_CHACHA + #define HAVE_CHACHA + + #undef HAVE_POLY1305 + #define HAVE_POLY1305 + + #undef ECC_SHAMIR + #define ECC_SHAMIR + + #undef HAVE_ECC + #define HAVE_ECC + + #undef WOLFSSL_SHA512 + #define WOLFSSL_SHA512 + + #undef WOLFSSL_SHA384 + #define WOLFSSL_SHA384 + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + #undef NO_INLINE + #define NO_INLINE + + #undef BENCH_EMBEDDED + #define BENCH_EMBEDDED + +#endif /* _EMBOS_USER_SETTINGS_H_ */ diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h new file mode 100644 index 000000000..3819e6cfc --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h @@ -0,0 +1,191 @@ +#ifndef _EMBOS_USER_SETTINGS_H_ +#define _EMBOS_USER_SETTINGS_H_ + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#undef NO_INLINE +#define NO_INLINE + +#undef SINGLE_THREADED +#define SINGLE_THREADED + +#undef WOLFSSL_SMALL_STACK +#define WOLFSSL_SMALL_STACK + + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +#undef NO_64BIT +#define NO_64BIT + +#ifndef SIZEOF_LONG +#define SIZEOF_LONG 4 +#endif +#ifndef SIZEOF_LONG_LONG +#define SIZEOF_LONG_LONG 8 +#endif + +#undef USE_FAST_MATH +#define USE_FAST_MATH + +#ifdef USE_FAST_MATH + #undef TFM_TIMING_RESISTANT +// #define TFM_TIMING_RESISTANT + + /* Optimizations (TFM_ARM, TFM_ASM or none) */ + #undef TFM_ARM +// #define TFM_ARM + + #undef TFM_ASM + //#define TFM_ASM +#endif + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +#undef WOLFCRYPT_ONLY +#define WOLFCRYPT_ONLY + +/* ECC */ +#if 1 + #undef HAVE_ECC + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + #define ECC_USER_CURVES + + #define HAVE_ECC192 + #define HAVE_ECC224 + #undef NO_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef USE_FAST_MATH + /* Max ECC bits (curve size * 8). ECC521 is (66*8) = 528. */ + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + #undef FP_MAX_BITS_ECC + #define FP_MAX_BITS_ECC 528 + + /* Enable TFM optimizations for ECC */ + #define TFM_ECC192 + #define TFM_ECC224 + #define TFM_ECC256 + #define TFM_ECC384 + #define TFM_ECC521 + #endif +#endif + +/* RSA */ +#undef NO_RSA +#if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 4096 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM +#else + #define NO_RSA +#endif + +/* AES */ +#undef NO_AES +#if 1 + #undef HAVE_AESGCM + #define HAVE_AESGCM + + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + #undef GCM_SMALL + #define GCM_SMALL +#else + #define NO_AES +#endif + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if 1 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha */ +#undef NO_SHA +#if 1 +#else + #define NO_SHA +#endif + +/* Sha256 */ +#undef NO_SHA256 +#if 1 + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA2 +#else + #define NO_SHA256 +#endif + +/* Sha512 */ +#undef WOLFSSL_SHA512 +#if 1 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif +#endif + +/* MD5 */ +#undef NO_MD5 +#if 1 + #define NO_MD5 +#endif + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#undef BENCH_EMBEDDED +#define BENCH_EMBEDDED + +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 + +#endif /* _EMBOS_USER_SETTINGS_H_ */ diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/Application/runBenchmarks.c b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/Application/runBenchmarks.c new file mode 100644 index 000000000..3f36707e9 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/Application/runBenchmarks.c @@ -0,0 +1,29 @@ +#include "RTOS.h" +#include "BSP.h" +#include +#include + +static OS_STACKPTR int WLFSTACK[20000]; /* Stack Size for Task */ +static OS_TASK WLFTASK; /* Task */ + +static void wolfTask(void) { + printf("Begin Benchmark Tests\n"); + benchmark_test(NULL); + printf("Benchmark Tests Complete\n"); + while (1) { + BSP_ToggleLED(1); + OS_Delay(200); + } +} + + +int main(void) { + OS_IncDI(); /* Disable interrupts */ + OS_InitKern(); /* Initialize OS */ + OS_InitHW(); /* Initialize Hardware */ + BSP_Init(); /* Initialize LED ports */ + /* You need to create at least one task before calling OS_Start() */ + OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK); + OS_Start(); /* Start the OS */ + return 0; +} diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/README_wolfcrypt_benchmark b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/README_wolfcrypt_benchmark new file mode 100644 index 000000000..fe85473d0 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/README_wolfcrypt_benchmark @@ -0,0 +1,70 @@ +Steps taken to evaluate wolfSSL with the following: + +Required Software for this guide: +IAR Embedded Workbench IDE - ARM v7.60.1 (or similar version) +embOS v4.16 (for Cortex-M and IAR compiler) +wolfssl (latest version) + +Required items (Hardware) for this guide: +Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board) + Note: Must have J-Trace adapter (SWD or SWD + ETM) +j-Trace for ARM Cortex-M Processors + Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html + Note: You can also purchase other models, we used one from IAR v3.2 +20 pin target ribbon cable +USB Cable with j-Trace adapter end +Micro usb cable + +#--!! NOTE !!--# +For this guide "**SAMV71_DIR" will signify the directory: +C:\\wolfssl\IDE\IAR-EWARM\embOS\SAMV71_XULT\ + +#----------------------------------------------------------------------------# +# Setup file system to evaluate wolfssl in embOS project: +# (If you have not already done so) +#----------------------------------------------------------------------------# + +1. In wolfssl you will notice the directory: + wolfssl\IDE\IAR-EWARM\embOS\extract_trial_here + +2. go to embOS website and download a trial for your platform + https://www.segger.com/downloads/embos -> + embOS trial for Cortex-M and IAR compiler + +3. Extract (unzip) the download to + C:\\wolfssl\IDE\IAR-EWARM\embOS\extract_trial_here\ + (Note: you do not need to do anything further in this directory, the + wolfSSL evaluation projects will simply link against it) + +#----------------------------------------------------------------------------# +# Evaluate wolfcrypt_benchmarks in embOS project: +#----------------------------------------------------------------------------# + +1. In IAR Workbench go to Project -> Add Existing Project + a. Browse to **SAMV71_DIR\embOS_wolfcrypt_benchmark_SAMV71_XULT\ + b. Choose wolfcrypt_benchmark.ewp and click "Open" + +2. Go to Project -> Rebuild All + +3. Connect your SAMV71 Xplained Ultra to your PC with micro USB in the "Debug" + port for power and the J-Link hooked up to SWD pins and your PC + +4. Go to Project -> Download and Debug + +5. Once the "Debug" environment has loaded go to: View -> Terminal I/O + (This is where the printf's will be directed to) + +6. Hit "Go" (Debug option with 3 right arrows "→→→") + +7. You should observe the benchmark times for the configured algorithms. + +#----------------------------------------------------------------------------# +#----------------------------------------------------------------------------# + +Thank you for using this guide and we hope this was helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink new file mode 100644 index 000000000..3a2fb4743 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/settings/wolfcrypt_benchmark_Debug.jlink @@ -0,0 +1,39 @@ +[BREAKPOINTS] +ForceImpTypeAny = 0 +ShowInfoWin = 1 +EnableFlashBP = 2 +BPDuringExecution = 0 +[CFI] +CFISize = 0x00 +CFIAddr = 0x00 +[CPU] +MonModeVTableAddr = 0xFFFFFFFF +MonModeDebug = 0 +MaxNumAPs = 0 +LowPowerHandlingMode = 0 +OverrideMemMap = 0 +AllowSimulation = 1 +ScriptFile="" +[FLASH] +CacheExcludeSize = 0x00 +CacheExcludeAddr = 0x00 +MinNumBytesFlashDL = 0 +SkipProgOnCRCMatch = 1 +VerifyDownload = 1 +AllowCaching = 1 +EnableFlashDL = 2 +Override = 1 +Device="ATSAMV71Q21" +[GENERAL] +WorkRAMSize = 0x00 +WorkRAMAddr = 0x00 +RAMUsageLimit = 0x00 +[SWO] +SWOLogFile="" +[MEM] +RdOverrideOrMask = 0x00 +RdOverrideAndMask = 0xFFFFFFFF +RdOverrideAddr = 0xFFFFFFFF +WrOverrideOrMask = 0x00 +WrOverrideAndMask = 0xFFFFFFFF +WrOverrideAddr = 0xFFFFFFFF diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewd b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewd new file mode 100644 index 000000000..f71f565f6 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewd @@ -0,0 +1,3163 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-SPY + 2 + + 28 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 1 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 1 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 1 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 1 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 1 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + Release + + ARM + + 0 + + C-SPY + 2 + + 28 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 0 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 0 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 0 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 0 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 0 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp new file mode 100644 index 000000000..979e36637 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp @@ -0,0 +1,1995 @@ + + + + 2 + + Debug + + ARM + + 1 + + General + 3 + + 24 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 1 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 1 + + + + + + + BILINK + 0 + + + + + Release + + ARM + + 0 + + General + 3 + + 24 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 0 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 0 + + + + + + + BILINK + 0 + + + + + Application + + $PROJ_DIR$\Application\runBenchmarks.c + + + + benchmark + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c + + + + Device_Support + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c + + + + Setup + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt new file mode 100644 index 000000000..86013a043 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewt @@ -0,0 +1,2382 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + Release + + ARM + + 0 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + Application + + $PROJ_DIR$\Application\runBenchmarks.c + + + + benchmark + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\benchmark\benchmark.c + + + + Device_Support + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c + + + + Setup + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/README_wolfcrypt_lib b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/README_wolfcrypt_lib new file mode 100644 index 000000000..21da8397b --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/README_wolfcrypt_lib @@ -0,0 +1,44 @@ +Steps taken to evaluate wolfSSL with the following: + +Required Software for this guide: +IAR Embedded Workbench IDE - ARM v7.60.1 (or similar version) +embOS v4.16 (for Cortex-M and IAR compiler) +wolfssl (latest version) + +Required items (Hardware) for this guide: +Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board) + Note: Must have J-Trace adapter (SWD or SWD + ETM) +j-Trace for ARM Cortex-M Processors + Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html + Note: You can also purchase other models, we used one from IAR v3.2 +20 pin target ribbon cable +USB Cable with j-Trace adapter end +Micro usb cable + +#--!! NOTE !!--# +For this guide "**SAMV71_DIR" will signify the directory: +C:\\wolfssl\IDE\IAR-EWARM\embOS\SAMV71_XULT\ + + +#----------------------------------------------------------------------------# +# Create wolfcrypt_lib.a +#----------------------------------------------------------------------------# + +1. Open IAR Workbench -> Project -> Add Existing Project + a. Browse to **SAMV71_DIR\embOS_wolfcrypt_lib + c. Choose wolfcrypt_lib.ewp and click "Open" + +2. Go to Project -> Rebuild All + +3. Verify the library built, you should now have: + **SAMV71_DIR\embOS_wolfcrypt_lib\Debug\Bin\wolfcrypt_lib.a + +#----------------------------------------------------------------------------# +#----------------------------------------------------------------------------# + +Thank you for using this guide and we hope this was helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. \ No newline at end of file diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewd b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewd new file mode 100644 index 000000000..e4e3878a4 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewd @@ -0,0 +1,3163 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-SPY + 2 + + 28 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 1 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 1 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 1 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 1 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 1 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + Release + + ARM + + 0 + + C-SPY + 2 + + 28 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 0 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 0 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 0 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 0 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 0 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp new file mode 100644 index 000000000..3dd4eac93 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp @@ -0,0 +1,2010 @@ + + + + 2 + + Debug + + ARM + + 1 + + General + 3 + + 24 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 1 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 1 + + + + + + + BILINK + 0 + + + + + Release + + ARM + + 0 + + General + 3 + + 24 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 0 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 0 + + + + + + + BILINK + 0 + + + + + wolfcrypt_sources + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\aes.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\asn.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\coding.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\des3.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dh.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dsa.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\ecc.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md4.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md5.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\memory.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\misc.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\poly1305.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\pwdbased.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rabbit.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\random.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rsa.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha256.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha512.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\tfm.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_encrypt.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_port.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt new file mode 100644 index 000000000..8dfc682f0 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt @@ -0,0 +1,2400 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + Release + + ARM + + 0 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + wolfcrypt_sources + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\aes.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\asn.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\coding.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\des3.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dh.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\dsa.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\ecc.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md4.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\md5.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\memory.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\misc.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\poly1305.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\pwdbased.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rabbit.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\random.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\rsa.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha256.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\sha512.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\tfm.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_encrypt.c + + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\wc_port.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c new file mode 100644 index 000000000..36937deef --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c @@ -0,0 +1,29 @@ +#include "RTOS.h" +#include "BSP.h" +#include +#include + +static OS_STACKPTR int WLFSTACK[20000]; /* Stack Size for Task */ +static OS_TASK WLFTASK; /* Task */ + +static void wolfTask(void) { + printf("Begin wolfcrypt tests\n"); + wolfcrypt_test(NULL); + printf("wolfcrypt tests complete.\n"); + while (1) { + BSP_ToggleLED(1); + OS_Delay(200); + } +} + + +int main(void) { + OS_IncDI(); /* Disable interrupts */ + OS_InitKern(); /* Initialize OS */ + OS_InitHW(); /* Initialize Hardware for OS */ + BSP_Init(); /* Initialize LED ports */ + /* You need to create at least one task before calling OS_Start() */ + OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK); + OS_Start(); /* Start the OS */ + return 0; +} \ No newline at end of file diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/README_wolfcrypt_test b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/README_wolfcrypt_test new file mode 100644 index 000000000..15a236deb --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/README_wolfcrypt_test @@ -0,0 +1,69 @@ +Steps taken to evaluate wolfSSL with the following: + +Required Software for this guide: +IAR Embedded Workbench IDE - ARM v7.60.1 (or similar version) +embOS v4.16 (for Cortex-M and IAR compiler) +wolfssl (latest version) + +Required items (Hardware) for this guide: +Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board) + Note: Must have J-Trace adapter (SWD or SWD + ETM) +j-Trace for ARM Cortex-M Processors + Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html + Note: You can also purchase other models, we used one from IAR v3.2 +20 pin target ribbon cable +USB Cable with j-Trace adapter end +Micro usb cable + +#--!! NOTE !!--# +For this guide "**SAMV71_DIR" will signify the directory: +C:\\wolfssl\IDE\IAR-EWARM\embOS\SAMV71_XULT\ + +#----------------------------------------------------------------------------# +# Setup file system to evaluate wolfssl in embOS project: +# (If you have not already done so) +#----------------------------------------------------------------------------# + +1. In wolfssl you will notice the directory: + wolfssl\IDE\IAR-EWARM\embOS\extract_trial_here + +2. go to embOS website and download a trial for your platform + https://www.segger.com/downloads/embos -> + embOS trial for Cortex-M and IAR compiler + +3. Extract (unzip) the download to + C:\\wolfssl\IDE\IAR-EWARM\embOS\extract_trial_here\ + (Note: you do not need to do anything further in this directory, the + wolfSSL evaluation projects will simply link against it) + +#----------------------------------------------------------------------------# +# Evaluate wolfcrypt_tests in embOS project: +#----------------------------------------------------------------------------# + +1. In IAR Workbench go to Project -> Add Existing Project + a. Browse to **SAMV71_DIR\embOS_wolfcrypt_test_SAMV71_XULT\ + b. Choose wolfcrypt_test.ewp and click "Open" + +2. Go to Project -> Rebuild All + +3. Connect your SAMV71 Xplained Ultra to your PC with micro USB in the "Debug" + port for power and the J-Link hooked up to SWD pins and your PC + +4. Go to Project -> Download and Debug + +5. Once the "Debug" environment has loaded go to: View -> Terminal I/O + (This is where the printf's will be directed to) + +6. Hit "Go" (Debug option with 3 right arrows "→→→") + +7. You should observe the tests run and pass. + +#----------------------------------------------------------------------------# +#----------------------------------------------------------------------------# + +Thank you for using this guide and we hope this was helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink new file mode 100644 index 000000000..3a2fb4743 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/settings/wolfcrypt_test_Debug.jlink @@ -0,0 +1,39 @@ +[BREAKPOINTS] +ForceImpTypeAny = 0 +ShowInfoWin = 1 +EnableFlashBP = 2 +BPDuringExecution = 0 +[CFI] +CFISize = 0x00 +CFIAddr = 0x00 +[CPU] +MonModeVTableAddr = 0xFFFFFFFF +MonModeDebug = 0 +MaxNumAPs = 0 +LowPowerHandlingMode = 0 +OverrideMemMap = 0 +AllowSimulation = 1 +ScriptFile="" +[FLASH] +CacheExcludeSize = 0x00 +CacheExcludeAddr = 0x00 +MinNumBytesFlashDL = 0 +SkipProgOnCRCMatch = 1 +VerifyDownload = 1 +AllowCaching = 1 +EnableFlashDL = 2 +Override = 1 +Device="ATSAMV71Q21" +[GENERAL] +WorkRAMSize = 0x00 +WorkRAMAddr = 0x00 +RAMUsageLimit = 0x00 +[SWO] +SWOLogFile="" +[MEM] +RdOverrideOrMask = 0x00 +RdOverrideAndMask = 0xFFFFFFFF +RdOverrideAddr = 0xFFFFFFFF +WrOverrideOrMask = 0x00 +WrOverrideAndMask = 0xFFFFFFFF +WrOverrideAddr = 0xFFFFFFFF diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewd b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewd new file mode 100644 index 000000000..9dbb61443 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewd @@ -0,0 +1,3163 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-SPY + 2 + + 28 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 1 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 1 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 1 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 1 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 1 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 1 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 1 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + Release + + ARM + + 0 + + C-SPY + 2 + + 28 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ARMSIM_ID + 2 + + 1 + 1 + 0 + + + + + + + + ANGEL_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + + CMSISDAP_ID + 2 + + 4 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GDBSERVER_ID + 2 + + 0 + 1 + 0 + + + + + + + + + + + IARROM_ID + 2 + + 1 + 1 + 0 + + + + + + + + + IJET_ID + 2 + + 8 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + JLINK_ID + 2 + + 16 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + LMIFTDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + MACRAIGOR_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + PEMICRO_ID + 2 + + 3 + 1 + 0 + + + + + + + + RDI_ID + 2 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + STLINK_ID + 2 + + 3 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + THIRDPARTY_ID + 2 + + 0 + 1 + 0 + + + + + + + + TIFET_ID + 2 + + 1 + 1 + 0 + + + + + + + + + + + + + + + + + + + XDS100_ID + 2 + + 5 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\middleware\PercepioTraceExporter\PercepioTraceExportPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin + 0 + + + $TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin + 0 + + + $EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin + 1 + + + $EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin + 0 + + + $EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin + 0 + + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp new file mode 100644 index 000000000..9ed45e93a --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp @@ -0,0 +1,1995 @@ + + + + 2 + + Debug + + ARM + + 1 + + General + 3 + + 24 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 1 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 1 + + + + + + + BILINK + 0 + + + + + Release + + ARM + + 0 + + General + 3 + + 24 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ICCARM + 2 + + 31 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AARM + 2 + + 9 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OBJCOPY + 0 + + 1 + 1 + 0 + + + + + + + + + CUSTOM + 3 + + + + 0 + + + + BICOMP + 0 + + + + BUILDACTION + 1 + + + + + + + ILINK + 0 + + 17 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + IARCHIVE + 0 + + 0 + 1 + 0 + + + + + + + BILINK + 0 + + + + + Application + + $PROJ_DIR$\Application\runWolfcryptTests.c + + + + Device_Support + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c + + + + Setup + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c + + + + wolfcrypt_test + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\test\test.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt new file mode 100644 index 000000000..2847ab531 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewt @@ -0,0 +1,2382 @@ + + + + 2 + + Debug + + ARM + + 1 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 1 + + + + + + + + + + + + + + + + + + + + + + Release + + ARM + + 0 + + C-STAT + 259 + + 259 + + 0 + + 1 + 600 + 0 + 2 + 0 + 1 + 100 + + + 1.3.2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RuntimeChecking + 0 + + 2 + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + Application + + $PROJ_DIR$\Application\runWolfcryptTests.c + + + + Device_Support + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\startup_sam.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\DeviceSupport\system_sam.c + + + + Setup + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\BSP.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\HardFaultHandler.S + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\JLINKMEM_Process.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\OS_Error.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\RTOSInit_SAMV71_CMSIS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_HardFaultHandler.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_RTT_printf.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_Config_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\SEGGER_SYSVIEW_embOS.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx.c + + + $PROJ_DIR$\..\..\extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup\xmtx2.c + + + + wolfcrypt_test + + $PROJ_DIR$\..\..\..\..\..\wolfcrypt\test\test.c + + + + + diff --git a/IDE/IAR-EWARM/embOS/custom_port/README_custom_port b/IDE/IAR-EWARM/embOS/custom_port/README_custom_port new file mode 100644 index 000000000..b45b75109 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/custom_port/README_custom_port @@ -0,0 +1,222 @@ +Steps taken to evaluate wolfSSL with the following: + +Required Software for this guide: +IAR Embedded Workbench IDE - ARM v7.60.1 (or similar version) +embOS (version that supports your CPU) +wolfssl (latest version) + +#----------------------------------------------------------------------------# +# SECTION 1: +# Setting up the file system +#----------------------------------------------------------------------------# + +1. Browse to wolfssl/IDE/IAR-EWARM/embOS/ + a. copy/paste the directory custom_port and re-name it to the CPU + you intend to target. For now we will just use the term CUSTOM_DIR + to signify a copy of the custom_port directory + +#----------------------------------------------------------------------------# +# SECTION 2: +# Create wolfcrypt_lib.a +#----------------------------------------------------------------------------# + +1. Open IAR Workbench -> Project -> Create New Project -> Empty Project + c. Browse to CUSTOM_DIR/wolfcrypt_lib_custom_port/ (from section 1) + d. Called it "wolfcrypt_lib" and hit "Save" + +2. Go to Project -> Add Group... + a. call group wolfcrypt_sources + +3. Right click on wolfcrypt_sources group -> Add -> Add Files... + +4. Browse to wolfssl/wolfcrypt/src directory and select the following files: + + #---------------------------------------------# + # aes.c memory.c # + # asn.c misc.c # + # chacha.c poly1305.c # + # chacha20_poly1305.c pwdbased.c # + # coding.c rabbit.c # + # des3.c random.c # + # dh.c rsa.c # + # dsa.c sha.c # + # ecc.c sha256.c # + # hash.c sha512.c # + # hmac.c tfm.c # + # md4.c wc_encrypt.c # + # md5.c wc_port.c # + #---------------------------------------------# + +5. Once those are all added go to + Project -> Properties C/C++ Compiler -> Preprocessor (Tab) + a. In the field "Defined symbols:" add WOLFSSL_USER_SETTINGS + b. In the field "Additional include directories:" + put in this line: $PROJ_DIR$\..\..\..\..\..\ + and this line: $PROJ_DIR$\..\custom_port_user_settings + #--------------------------------------------- + #(Or alternately you can use the browse option to navigate to + #C:\\wolfssl and + #C:\\wolfssl\IDE\IAR-EWARM\CUSTOM_DIR\ + # custom_port_user_settings\) + #(If you ever need to change or customize your build settings this + #is the file that should be modified: + #CUSTOM_DIR\custom_port_user_settings\user_settings.h) + #--------------------------------------------- + +7. In Project -> Options -> General Options -> Output (Tab) + Check the option for "Library" instead of "Executable" + Click "OK" + +8. Go to Project -> Rebuild all (The library should build) + +9. Confirm the library is now located here: + C:\\wolfssl\IDE\IAR-EWARM\CUSTOM_DIR\wolfcrypt_lib_custom_port\ + Debug\Exe\wolfcrypt_lib.a + +We are now set to link to this library in the evaluation project + +#----------------------------------------------------------------------------# +# SECTION 3: +# Evaluate wolfcrypt tests in embOS project: +#----------------------------------------------------------------------------# + + +1. go to embOS website and download a trial for your platform + https://www.segger.com/downloads/embos -> + embOS trial for Cortex-M and IAR compiler + +2. After downloading, extract the zip to: + C:\\wolfssl\IDE\IAR-EWARM\embOS\extract_trial_here\ + +3. Open IAR Workbench -> Project -> Create New Project -> Empty Project + c. Browse to CUSTOM_DIR\wolfcrypt_test_custom_port\ (from section 1) + d. Called it "wolfcrypt_test" and hit "Save" + +4. Go to Project -> Options -> C/C++ Compiler -> Preprocessor (Tab) + a. Add these to the field "Defined symbols:" + DEBUG=1 + __CPU-YOU-ARE-TARGETING__ (For example: __SAMV71Q21__) + WOLFSSL_USER_SETTINGS + + b. Now in the field "Additional include directories:" + $PROJ_DIR$\..\..\..\..\..\ + $PROJ_DIR$\..\custom_port_user_settings + #--------------------------------------------- + #(Or alternately you can use the browse option to navigate to + #C:\\wolfssl and + #C:\\wolfssl\IDE\IAR-EWARM\CUSTOM_DIR\ + # custom_port_user_settings\) + #--------------------------------------------- + +5. Go to Project -> Options -> Linker -> Library (Tab) + Add to the field "Additonal libraries:" + $PROJ_DIR$\..\embOS_wolfcrypt_lib_SAMV71_XULT\Debug\Exe\wolfcrypt_lib.a + $PROJ_DIR$\..\..\extract_trial_here\Start\Lib\os7m_tlv_dp.a + +6. The main project file is located here: + CUSTOM_DIR\wolfcrypt_test_custom_port\Application\runWolfcryptTests.c + +7. Right Click the project name: Add -> Add Group + add a group called "Application" +8. Right Click that group and Add -> Add files + browse to the main project file in step 5 above + +9. Create Groups and add files for your CPU's support. These will be .c + files found in the extracted directory in two places: + + extract_trial_here\Start\BoardSupport\\\DeviceSupport + extract_trial_here\Start\BoardSupport\\\Setup + #--------------------------------------------- + # For example: + # extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\ + # DeviceSupport + # extract_trial_here\Start\BoardSupport\Atmel\SAMV71_XPlainedUltra\Setup + #--------------------------------------------- + +10. To get Logging working for seeing test results: + a. Go to Project -> Options -> General Options -> Library Configuration + b. In the field "Library low-level interface implementation" + Check the radio button for Semihosted + Then in the inner field marked "stdout/stderr" + Check the radio button for "Via semihosting" and click "OK" + +11. Now we're ready to build and debug the project. + a. Project -> Options -> Debugger + In the field marked "Driver" Select drop-down and choose J-Link/J-Trace + Click "OK" + b. Project -> Rebuild All + c. Connect your Cortex-M evaluation board to j-Trace and j-Trace to PC + d. Connect the micro-USB to the debug port of the Cortex-M and PC for power + e. Project -> Download and Debug + +12. Once the Debug environment spawns go to View -> Terminal I/O + This is where the "printf" to stdout will be directed + +13. In the Debug Menu bar look for the little square with three arrows pointing + to the right. When you mouse over it should say "GO" + Click this option and in the Terminal I/O Window you should see something + like this (depends on which functionality you set in user_settings.h) + + SEE NOTE 1 BELOW IF YOU OBSERVE AN ERROR (-40) IN RSA TEST + +Begin wolfcrypt tests +MD5 test passed! +MD4 test passed! +SHA test passed! +SHA-256 test passed! +SHA-384 test passed! +SHA-512 test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HMAC-SHA256 test passed! +HMAC-SHA384 test passed! +HMAC-SHA512 test passed! +GMAC test passed! +HC-128 test passed! +Rabbit test passed! +Chacha test passed! +POLY1305 test passed! +ChaCha20-Poly1305 AEAD test passed! +DES test passed! +DES3 test passed! +AES test passed! +AES-GCM test passed! +RANDOM test passed! +RSA test passed! +DH test passed! +DSA test passed! +PWDBASED test passed! +ECC test passed! +wolfcrypt tests complete. + +#----------------------------------------------------------------------------# +# SECTION 4: +# Evaluate benchmark tests in embOS project: +#----------------------------------------------------------------------------# + +Follow the steps from section 3 only using +CUSTOM_DIR\wolfcrypt_benchmark_custom_port\ + +#----------------------------------------------------------------------------# +#----------------------------------------------------------------------------# + +Thank you for using this guide and we hope this was helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +/* --------------------------------------------------------------------------*/ +#### NOTE 1: #### + +If you are working off of a base example project and you observe memory errors +when malloc is called, make sure that the linker script has set the HEAP high +enough. +Project -> Options -> Linker -> (Config Tab) -> Linker configuration file + +Check this file for __size_heap__ it is typically set to 0x200 by default. +There are places in wolfSSL that malloc as much as 4k at a time and peak usage +can be as high as 29K if using full functionality. +/* --------------------------------------------------------------------------*/ + +Copyright © 2016 wolfSSL Inc. All rights reserved. + diff --git a/IDE/IAR-EWARM/embOS/custom_port/custom_port_Linker_Script/samv71q21_wolfssl.icf b/IDE/IAR-EWARM/embOS/custom_port/custom_port_Linker_Script/samv71q21_wolfssl.icf new file mode 100644 index 000000000..ad309b4d1 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/custom_port/custom_port_Linker_Script/samv71q21_wolfssl.icf @@ -0,0 +1,33 @@ +/* + * A simple example for evaluation purposes written from scratch by wolfSSL Inc + */ + +/*###ICF### ****/ +/*-Editor annotation file-*/ +/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */ +/*-Specials-*/ +define symbol __ICFEDIT_intvec_start__ = 0x00400000; +/*-Memory Regions-*/ +define symbol __ICFEDIT_region_RAM_start__ = 0x20400000; +define symbol __ICFEDIT_region_RAM_end__ = 0x20459999; +define symbol __ICFEDIT_region_ROM_start__ = 0x00400000; +define symbol __ICFEDIT_region_ROM_end__ = 0x00599999; +/*-Sizes-*/ +define symbol __ICFEDIT_size_cstack__ = 0x400; +define symbol __ICFEDIT_size_heap__ = 0x13000; +/**** ###ICF###*/ + +define memory mem with size = 4G; +define region RAM_region = mem:[from __ICFEDIT_region_RAM_start__ to __ICFEDIT_region_RAM_end__]; +define region ROM_region = mem:[from __ICFEDIT_region_ROM_start__ to __ICFEDIT_region_ROM_end__]; + +define block CSTACK with alignment = 8, size = __ICFEDIT_size_cstack__ { }; +define block HEAP with alignment = 8, size = __ICFEDIT_size_heap__ { }; + +initialize by copy { readwrite }; +do not initialize { section .noinit }; + +place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec }; +place in ROM_region { readonly }; +place in RAM_region { readwrite, block CSTACK, block HEAP }; + diff --git a/IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h b/IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h new file mode 100644 index 000000000..1c4cadf38 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h @@ -0,0 +1,64 @@ +#ifndef _EMBOS_USER_SETTINGS_H_ +#define _EMBOS_USER_SETTINGS_H_ + + #undef WOLFSSL_EMBOS + #define WOLFSSL_EMBOS + + #undef WOLFCRYPT_ONLY + #define WOLFCRYPT_ONLY + + #undef NO_64BIT + #define NO_64BIT + + #undef SIZEOF_LONG + #define SIZEOF_LONG 4 + + #undef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + + #undef HAVE_CHACHA + #define HAVE_CHACHA + + #undef HAVE_POLY1305 + #define HAVE_POLY1305 + + #undef ECC_SHAMIR + #define ECC_SHAMIR + + #undef HAVE_ECC + #define HAVE_ECC + + #undef ECC_USER_CURVES + #define ECC_USER_CURVES + + #undef ECC_ALT_SIZE + #define ECC_ALT_SIZE + + #undef FP_MAX_BITS_ECC + #define FP_MAX_BITS_ECC 528 + + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + #undef WOLFSSL_SHA512 + #define WOLFSSL_SHA512 + + #undef WOLFSSL_SHA384 + #define WOLFSSL_SHA384 + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + #undef NO_INLINE + #define NO_INLINE + + #undef BENCH_EMBEDDED + #define BENCH_EMBEDDED + + #undef WOLFSSL_SMALL_STACK + #define WOLFSSL_SMALL_STACK + + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + +#endif /* _EMBOS_USER_SETTINGS_H_ */ diff --git a/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_benchmark_custom_port/Application/runBenchmarks.c b/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_benchmark_custom_port/Application/runBenchmarks.c new file mode 100644 index 000000000..bd2456178 --- /dev/null +++ b/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_benchmark_custom_port/Application/runBenchmarks.c @@ -0,0 +1,29 @@ +#include "RTOS.h" +#include "BSP.h" +#include +#include + +static OS_STACKPTR int WLFSTACK[20000]; /* Stack Size for Task */ +static OS_TASK WLFTASK; /* Task */ + +static void wolfTask(void) { + printf("Begin benchmark tests\n"); + wolfcrypt_test(NULL); + printf("benchmark tests complete.\n"); + while (1) { + BSP_ToggleLED(1); + OS_Delay(200); + } +} + + +int main(void) { + OS_IncDI(); /* Disable interrupts */ + OS_InitKern(); /* Initialize OS */ + OS_InitHW(); /* Initialize Hardware */ + BSP_Init(); /* Initialize LED ports */ + /* You need to create at least one task before calling OS_Start() */ + OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK); + OS_Start(); /* Start the OS */ + return 0; +} diff --git a/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_test_custom_port/Application/runWolfcryptTests.c b/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_test_custom_port/Application/runWolfcryptTests.c new file mode 100644 index 000000000..8d20bdd2e --- /dev/null +++ b/IDE/IAR-EWARM/embOS/custom_port/wolfcrypt_test_custom_port/Application/runWolfcryptTests.c @@ -0,0 +1,30 @@ +#include "RTOS.h" +#include "BSP.h" +#include +#include + +static OS_STACKPTR int WLFSTACK[20000]; /* Stack Size for Task */ +static OS_TASK WLFTASK; /* Task */ + +static void wolfTask(void) { + printf("Begin wolfcrypt tests\n"); + wolfcrypt_test(NULL); + printf("wolfcrypt tests complete.\n"); + while (1) { + BSP_ToggleLED(1); + OS_Delay(200); + } +} + + +int main(void) { + OS_IncDI(); /* Disable interrupts */ + OS_InitKern(); /* Initialize OS */ + OS_InitHW(); /* Initialize Hardware for OS */ + BSP_Init(); /* Initialize LED ports */ + /* You need to create at least one task before calling OS_Start() */ + OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK); + OS_Start(); /* Start the OS */ + return 0; +} + diff --git a/IDE/IAR-EWARM/embOS/extract_trial_here/README_extract_trial_here b/IDE/IAR-EWARM/embOS/extract_trial_here/README_extract_trial_here new file mode 100644 index 000000000..848b4445e --- /dev/null +++ b/IDE/IAR-EWARM/embOS/extract_trial_here/README_extract_trial_here @@ -0,0 +1,32 @@ +An empty directory used when extracting segger trial. + + + +*** For SAMV71_XULT project *** +This trial can be found here: + +https://www.segger.com/downloads/embos + +Look for the Download for IAR compiler and Cortex M + +The title should be: "embOS trial for Cortex-M and IAR compiler" + + + +*** For custom port *** +The trial will still be located at: https://www.segger.com/downloads/embos + +However you will need to identify and download the correct project for your +target CPU + + + + +Thank you for using this guide and we hope this is helpful to you. If you have +any suggestions / feedback for us please contact us: +support@wolfssl.com +info@wolfssl.com + +Copyright © 2016 wolfSSL Inc. All rights reserved. + + diff --git a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c index 600173913..12fe6ff44 100644 --- a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c +++ b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c @@ -1,8 +1,8 @@ /* lpc_18xx_port.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "board.h" #include "otp_18xx_43xx.h" /* For RNG */ #include "timer_18xx_43xx.h" diff --git a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c index 893704285..5b5006eae 100644 --- a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c +++ b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c @@ -1,8 +1,8 @@ /* lpc_18xx_startup.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "board.h" #include #include diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c index 8db219671..c481e177b 100644 --- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c +++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c @@ -1,8 +1,8 @@ /* time.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c index a29e8fcbb..313e64f64 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c @@ -1,8 +1,8 @@ /* certs_test.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h index 5ce08dc3d..e0f8ab925 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h @@ -1,8 +1,8 @@ /* config-BEREFOOT.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /**** wolfSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h index 37c92f446..c3a746ae2 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h @@ -1,8 +1,8 @@ /* config-FS.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /**** wolfSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h index 454b86bce..bd04e62e4 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h @@ -1,8 +1,8 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,11 +16,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /**** wolfSSL for MDK-RTX-TCP-FS Configuration ****/ #define __CORTEX_M3__ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h index 3f5c11191..19260198e 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h @@ -1,8 +1,8 @@ /* config.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef MDK_CONFIG_H__ #define MDK_CONFIG_H__ /**** wolfSSL for KEIL-RL Configuration ****/ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c index a12d16249..178ff93cd 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c index 446efbe20..39d97db73 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c @@ -1,8 +1,8 @@ /*shell.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /*** tiny Shell for wolfSSL apps ***/ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c index ca5046138..2171fa629 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c @@ -1,8 +1,8 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c index ba1a6a734..55cd2e0c9 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c index ab71b87ab..40984aca2 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c @@ -1,23 +1,23 @@ /* wolfssl_KEIL_RL.c - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ /***************************************************************************************/ diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h index 665fc62c0..7ad930a24 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h @@ -1,8 +1,8 @@ /* wolfssl_KEIL_RL.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /******************************************************************************/ /** This file is for defining types, values for specific to KEIL-MDK-ARM. **/ /******************************************************************************/ diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c index 969fda07d..03e2153d5 100644 --- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c +++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Conf/config-Crypt.h b/IDE/MDK5-ARM/Conf/config-Crypt.h index baaf43f2e..6950af981 100644 --- a/IDE/MDK5-ARM/Conf/config-Crypt.h +++ b/IDE/MDK5-ARM/Conf/config-Crypt.h @@ -1,8 +1,8 @@ /* config-Crypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + // <<< Use Configuration Wizard in Context Menu >>> // wolfCrypt Configuration diff --git a/IDE/MDK5-ARM/Inc/config.h b/IDE/MDK5-ARM/Inc/config.h index 39986dd95..9010d13be 100644 --- a/IDE/MDK5-ARM/Inc/config.h +++ b/IDE/MDK5-ARM/Inc/config.h @@ -1,8 +1,8 @@ /* config.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #define __CORTEX_M3__ #if defined(MDK_CONF_full) diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/settings.h index 965388788..3eb9d28b8 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c index a120dfe34..d1c6e194b 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/time-CortexM3-4.c index ca5046138..2171fa629 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/time-CortexM3-4.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/time-CortexM3-4.c @@ -1,8 +1,8 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/time-dummy.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/settings.h index 86a57a0db..3eb9d28b8 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c index 36954c661..f2072a9da 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/main.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/CryptTest/time-dummy.c b/IDE/MDK5-ARM/Projects/CryptTest/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/settings.h index 5cfe60dfe..147c19869 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/EchoClient/config-EchoClient.h b/IDE/MDK5-ARM/Projects/EchoClient/config-EchoClient.h index 43e39026f..01bdb25e2 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/config-EchoClient.h +++ b/IDE/MDK5-ARM/Projects/EchoClient/config-EchoClient.h @@ -1,8 +1,8 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,11 +16,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + // <<< Use Configuration Wizard in Context Menu >>> // Build Target: Simple Client // Callee IP Address diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c index f2f7da985..434165986 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/main.c +++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/EchoClient/time-dummy.c b/IDE/MDK5-ARM/Projects/EchoClient/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/EchoClient/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/settings.h index 5cfe60dfe..147c19869 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c index b11946403..5f5715597 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/main.c +++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/EchoServer/time-dummy.c b/IDE/MDK5-ARM/Projects/EchoServer/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/EchoServer/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/settings.h index 86a57a0db..3eb9d28b8 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/config-SimpleClient.h b/IDE/MDK5-ARM/Projects/SimpleClient/config-SimpleClient.h index f6171d165..54902f480 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/config-SimpleClient.h +++ b/IDE/MDK5-ARM/Projects/SimpleClient/config-SimpleClient.h @@ -1,8 +1,8 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /**** CyaSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c index a882c24ca..bf6a2ab5b 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/SimpleClient/time-CortexM3-4.c index ca5046138..2171fa629 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/time-CortexM3-4.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/time-CortexM3-4.c @@ -1,8 +1,8 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/time-STM32F2xx.c b/IDE/MDK5-ARM/Projects/SimpleClient/time-STM32F2xx.c index 367029387..4b2606e2a 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/time-STM32F2xx.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/time-STM32F2xx.c @@ -1,8 +1,8 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/time-dummy.c b/IDE/MDK5-ARM/Projects/SimpleClient/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/settings.h b/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/settings.h index 5cfe60dfe..147c19869 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/settings.h +++ b/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/config-SimpleServer.h b/IDE/MDK5-ARM/Projects/SimpleServer/config-SimpleServer.h index eda721c87..cb37a99eb 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/config-SimpleServer.h +++ b/IDE/MDK5-ARM/Projects/SimpleServer/config-SimpleServer.h @@ -1,8 +1,8 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,11 +16,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + // <<< Use Configuration Wizard in Context Menu >>> // Build Target: Simple Server // Listen Port Number diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c index 9fd78f019..8024d99b9 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/time-dummy.c b/IDE/MDK5-ARM/Projects/SimpleServer/time-dummy.c index 8f98da46a..3463d57f0 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/time-dummy.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/time-dummy.c @@ -1,8 +1,8 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c index 2ee3de735..eaf711e25 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c index f9550c2a6..b24693767 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c @@ -1,8 +1,8 @@ /*shell.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /*** tiny Shell for wolfSSL apps ***/ diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c index c825387dd..0f6b02bbe 100644 --- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c +++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c @@ -1,8 +1,8 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c index 1ddc843e6..8b5cba869 100644 --- a/IDE/MDK5-ARM/Src/ssl-dummy.c +++ b/IDE/MDK5-ARM/Src/ssl-dummy.c @@ -1,8 +1,8 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt index 62184780b..49953507a 100644 --- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt +++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt @@ -27,7 +27,7 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c src/camellia.c src/chacha.c src/coding.c src/compress.c src/des3.c src/dh.c src/dsa.c src/ecc.c src/error.c src/hc128.c src/hmac.c src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c - src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c + src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c ../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h @@ -39,6 +39,7 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h ../wolfssl/wolfcrypt/hash.h ) +# misc.c is not compiled in since using INLINE ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES}) RESTRICT_SYMBOL_EXPORTS(wolfcrypt) diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c index faab65705..358c0f2d7 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c @@ -1,8 +1,8 @@ /* arm_startup.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "hw.h" #include diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c index 9d3891e62..cdeda8570 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c @@ -1,8 +1,8 @@ /* benchmark_main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/hw.h b/IDE/ROWLEY-CROSSWORKS-ARM/hw.h index 134193ca8..5a7a7b359 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/hw.h +++ b/IDE/ROWLEY-CROSSWORKS-ARM/hw.h @@ -15,6 +15,9 @@ void hw_uart_printchar(int c); void hw_watchdog_disable(void); uint32_t hw_rand(void); +// Delay functions +void delay_us(uint32_t microseconds); + #endif /* WOLFSSL_ROWLEY_HW_H */ diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c index 7dab09433..961e181d8 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c @@ -1,8 +1,8 @@ /* kinetis_hw.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "hw.h" #if defined(FREESCALE) && defined(K_SERIES) @@ -44,17 +45,29 @@ #define FLASH_CLK_DIV 4 /* Flash clock divisor */ // UART TX Port, Pin, Mux and Baud -#define UART_PORT UART5 /* UART Port */ +#define UART_PORT UART4 /* UART Port */ #define UART_TX_PORT PORTE /* UART TX Port */ -#define UART_TX_PIN 8 /* UART TX Pin */ +#define UART_TX_PIN 24 /* UART TX Pin */ #define UART_TX_MUX 0x3 /* Kinetis UART pin mux */ #define UART_BAUD 115200 /* UART Baud Rate */ /* Note: You will also need to update the UART clock gate in hw_uart_init (SIM_SCGC1_UART5_MASK) */ /* Note: TWR-K60 is UART3, PTC17 */ +/* Note: FRDM-K64 is UART4, PTE24 */ +/* Note: TWR-K64 is UART5, PTE8 */ /***********************************************/ // Private functions +static uint32_t mDelayCyclesPerUs = 0; +#define NOP_FOR_LOOP_INSTRUCTION_COUNT 6 +static void delay_nop(uint32_t count) +{ + int i; + for(i=0; iSCGC1 |= SIM_SCGC1_UART5_MASK; + SIM->SCGC1 |= SIM_SCGC1_UART4_MASK; /* Configure UART TX pin */ UART_TX_PORT->PCR[UART_TX_PIN] = PORT_PCR_MUX(UART_TX_MUX); @@ -116,9 +129,37 @@ static void hw_uart_init(void) static void hw_rtc_init(void) { + /* Init nop delay */ + mDelayCyclesPerUs = (SYS_CLK_KHZ / 1000 / NOP_FOR_LOOP_INSTRUCTION_COUNT); + /* Enable RTC clock and oscillator */ SIM->SCGC6 |= SIM_SCGC6_RTC_MASK; - RTC->CR |= RTC_CR_OSCE_MASK; + + if (RTC->SR & RTC_SR_TIF_MASK) { + /* Resets the RTC registers except for the SWR bit */ + RTC->CR |= RTC_CR_SWR_MASK; + RTC->CR &= ~RTC_CR_SWR_MASK; + + /* Set TSR register to 0x1 to avoid the TIF bit being set in the SR register */ + RTC->TSR = 1; + } + + /* Disable RTC Interrupts */ + RTC_IER = 0; + + /* Enable OSC */ + if ((RTC->CR & RTC_CR_OSCE_MASK) == 0) { + int i; + + /* Turn on */ + RTC->CR |= RTC_CR_OSCE_MASK; + + /* Wait RTC startup delay 1000 us */ + delay_us(1000); + } + + /* Enable counter */ + RTC->SR |= RTC_SR_TCE_MASK; } static void hw_rand_init(void) @@ -173,6 +214,12 @@ uint32_t hw_rand(void) return RNG->OR; /* Return next value in FIFO output register */ } +void delay_us(uint32_t microseconds) +{ + delay_nop(mDelayCyclesPerUs * microseconds); +} + + // Watchdog void hw_watchdog_disable(void) { diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c index 8f524b841..6a4dac38f 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c @@ -1,8 +1,8 @@ /* retarget.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,24 +16,50 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "hw.h" +#include "user_settings.h" double current_time(int reset) { double time; + (void)reset; time = hw_get_time_sec(); time += (double)hw_get_time_msec() / 1000; return time; } -uint32_t custom_rand_generate(void) +unsigned int custom_rand_generate(void) { return hw_rand(); } +int custom_rand_generate_block(unsigned char* output, unsigned int sz) +{ + uint32_t i = 0; + + while (i < sz) + { + /* If not aligned or there is odd/remainder */ + if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz || + ((uint32_t)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0 + ) { + /* Single byte at a time */ + output[i++] = (unsigned char)custom_rand_generate(); + } + else { + /* Use native 8, 16, 32 or 64 copy instruction */ + *((CUSTOM_RAND_TYPE*)&output[i]) = custom_rand_generate(); + i += sizeof(CUSTOM_RAND_TYPE); + } + } + + return 0; +} + // Debug print handler int __putchar(int c, __printf_tag_ptr ctx) { diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c index 632adcb98..aad67b819 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c +++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c @@ -1,8 +1,8 @@ /* test_main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h index 0f648c1a3..f8d751ff0 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h +++ b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h @@ -1,29 +1,369 @@ -/* Configuration */ -#define SINGLE_THREADED -#define WOLFSSL_SMALL_STACK -#define WOLFSSL_GENERAL_ALIGNMENT 4 -#define NO_MAIN_DRIVER -#define NO_FILESYSTEM -#define NO_WRITEV -#define NO_DEV_RANDOM -#define NO_WOLFSSL_MEMORY +/* Example custom user settings for wolfSSL */ +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_GENERAL_ALIGNMENT +#define WOLFSSL_GENERAL_ALIGNMENT 4 + +#undef SINGLE_THREADED +#define SINGLE_THREADED + +#undef WOLFSSL_SMALL_STACK +#define WOLFSSL_SMALL_STACK + + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +#undef USE_FAST_MATH +#define USE_FAST_MATH + +#ifdef USE_FAST_MATH + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + /* Optimizations (TFM_ARM, TFM_ASM or none) */ + #define TFM_ARM + //#define TFM_ASM +#endif + +/* Math debugging (adds support for mp_dump) */ +#undef WOLFSSL_DEBUG_MATH +//#define WOLFSSL_DEBUG_MATH + + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* ECC */ +#if 1 + #undef HAVE_ECC + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + #define ECC_USER_CURVES + + #define HAVE_ECC192 + #define HAVE_ECC224 + #undef NO_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef USE_FAST_MATH + /* use reduced size math buffers for ecc points */ + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + + /* optionally override the default max ecc bits */ + #undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC 512 + + /* Enable TFM optimizations for ECC */ + #define TFM_ECC192 + #define TFM_ECC224 + #define TFM_ECC256 + #define TFM_ECC384 + #define TFM_ECC521 + #endif +#endif + +/* RSA */ +#undef NO_RSA +#if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 4096 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM +#else + #define NO_RSA +#endif + +/* AES */ +#undef NO_AES +#if 1 + #undef HAVE_AESGCM + #define HAVE_AESGCM + + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + #undef GCM_SMALL + #define GCM_SMALL +#else + #define NO_AES +#endif + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if 1 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif + +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if 0 + #define HAVE_CURVE25519 + #define HAVE_ED25519 + + /* Optionally use small math (less flash usage, but much slower) */ + #if 0 + #define CURVED25519_SMALL + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha */ +#undef NO_SHA +#if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif + +/* Sha256 */ +#undef NO_SHA256 +#if 1 +#else + #define NO_SHA256 +#endif + +/* Sha512 */ +#undef WOLFSSL_SHA512 +#if 1 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif + + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA2 +#endif + +/* MD5 */ +#undef NO_MD5 +#if 1 + #define NO_MD5 +#endif + + +/* ------------------------------------------------------------------------- */ /* HW Crypto Acceleration */ +/* ------------------------------------------------------------------------- */ // See README.md for instructions //#define FREESCALE_MMCAU 1 -/* Benchmark */ + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#undef BENCH_EMBEDDED #define BENCH_EMBEDDED + +#undef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 -/* Custom functions */ -extern int custom_rand_generate(void); -#define CUSTOM_RAND_GENERATE custom_rand_generate -#define CUSTOM_RAND_TYPE word32 + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_DEBUG +//#define WOLFSSL_DEBUG + +#ifdef WOLFSSL_DEBUG + #define fprintf(file, format, ...) printf(format, ##__VA_ARGS__) + + /* Use this to measure / print heap usage */ + #if 0 + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + + #undef WOLFSSL_TRACK_MEMORY + #define WOLFSSL_TRACK_MEMORY + #endif +#else + #undef NO_WOLFSSL_MEMORY + #define NO_WOLFSSL_MEMORY + + #undef NO_ERROR_STRINGS + #define NO_ERROR_STRINGS +#endif + + +/* ------------------------------------------------------------------------- */ +/* Port */ +/* ------------------------------------------------------------------------- */ + +/* Override Current Time */ +/* Allows custom "custom_time()" function to be used for benchmark */ #define WOLFSSL_USER_CURRTIME -/* Debugging - Optional */ -#if 0 -#define fprintf(file, format, ...) printf(format, ##__VA_ARGS__) -#define DEBUG_WOLFSSL + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ +/* Size of returned HW RNG value */ +#define CUSTOM_RAND_TYPE unsigned int + +/* Choose RNG method */ +#if 1 + /* Use built-in P-RNG (SHA256 based) with HW RNG */ + /* P-RNG + HW RNG (P-RNG is ~8K) */ + #undef HAVE_HASHDRBG + #define HAVE_HASHDRBG + + extern unsigned int custom_rand_generate(void); + #undef CUSTOM_RAND_GENERATE + #define CUSTOM_RAND_GENERATE custom_rand_generate +#else + /* Bypass P-RNG and use only HW RNG */ + extern int custom_rand_generate_block(unsigned char* output, unsigned int sz); + #undef CUSTOM_RAND_GENERATE_BLOCK + #define CUSTOM_RAND_GENERATE_BLOCK custom_rand_generate_block #endif + + +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ +#undef KEEP_PEER_CERT +//#define KEEP_PEER_CERT + +#undef HAVE_COMP_KEY +//#define HAVE_COMP_KEY + +#undef HAVE_TLS_EXTENSIONS +//#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SUPPORTED_CURVES +//#define HAVE_SUPPORTED_CURVES + +#undef WOLFSSL_BASE64_ENCODE +//#define WOLFSSL_BASE64_ENCODE + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +#undef NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_SERVER + +#undef NO_WOLFSSL_CLIENT +//#define NO_WOLFSSL_CLIENT + +#undef NO_CRYPT_TEST +//#define NO_CRYPT_TEST + +#undef NO_CRYPT_BENCHMARK +//#define NO_CRYPT_BENCHMARK + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +#undef NO_INLINE +//#define NO_INLINE + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef NO_WRITEV +#define NO_WRITEV + +#undef NO_MAIN_DRIVER +#define NO_MAIN_DRIVER + +#undef NO_DEV_RANDOM +#define NO_DEV_RANDOM + +#undef NO_DSA +#define NO_DSA + +#undef NO_DH +#define NO_DH + +#undef NO_DES3 +#define NO_DES3 + +#undef NO_RC4 +#define NO_RC4 + +#undef NO_OLD_TLS +#define NO_OLD_TLS + +#undef NO_HC128 +#define NO_HC128 + +#undef NO_RABBIT +#define NO_RABBIT + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef NO_PWDBASED +#define NO_PWDBASED + +#undef NO_CODING +#define NO_CODING + + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp index 7468f7e55..74a4eeaff 100644 --- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp +++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp @@ -11,14 +11,100 @@ - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -45,9 +131,9 @@ Placement="Flash" Target="MK64FN1M0xxx12" arm_linker_fiq_stack_size="0" - arm_linker_heap_size="102800" + arm_linker_heap_size="91136" arm_linker_irq_stack_size="0" - arm_linker_stack_size="4096" + arm_linker_stack_size="30720" arm_simulator_memory_simulation_filename="$(TargetsDir)/Kinetis/KinetisSimulatorMemory.dll" arm_simulator_memory_simulation_parameter="MK64FN1M0xxx12;0x100000;0x0;0x0;0x40000" arm_target_loader_applicable_loaders="Flash" @@ -84,9 +170,9 @@ Placement="Flash" Target="MK64FN1M0xxx12" arm_linker_fiq_stack_size="0" - arm_linker_heap_size="102800" + arm_linker_heap_size="91136" arm_linker_irq_stack_size="0" - arm_linker_stack_size="4096" + arm_linker_stack_size="30720" arm_simulator_memory_simulation_filename="$(TargetsDir)/Kinetis/KinetisSimulatorMemory.dll" arm_simulator_memory_simulation_parameter="MK64FN1M0xxx12;0x100000;0x0;0x0;0x40000" arm_target_loader_applicable_loaders="Flash" diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md index c225f40b7..576e3b6af 100644 --- a/IDE/WORKBENCH/README.md +++ b/IDE/WORKBENCH/README.md @@ -27,6 +27,8 @@ then "Browse" and select: #define WOLFSSL_VXWORKS +Note: pthreads defined by default + 5. If using the VxWorks simulator add the following to EXTRA\_DEFINE: -DVXWORKS_SIM /* only if using the VxWorks simulator */ @@ -154,9 +156,7 @@ Note: The wolfSSL example server and client cannot run at the same time on the V 5. There is an example client in ```/wolfssl/examples``` . Again, wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on how to set up the client. From within ```/wolfssl``` , the following command can be used to run the client on the host machine: - ./examples/client/client -h 192.168.200.1 -d - - The -d option disables peer checks. + ./examples/client/client -h 192.168.200.1 6. The following output should be expected in the simulator terminal: diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj index ab88276a0..92c863b4e 100644 --- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj @@ -7,6 +7,155 @@ objects = { /* Begin PBXBuildFile section */ + 30B060541C6DDB2B00D46008 /* crl.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646011A89928E0062516A /* crl.c */; }; + 30B060551C6DDB2B00D46008 /* internal.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646021A89928E0062516A /* internal.c */; }; + 30B060561C6DDB2B00D46008 /* io.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646031A89928E0062516A /* io.c */; }; + 30B060571C6DDB2B00D46008 /* keys.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646041A89928E0062516A /* keys.c */; }; + 30B060581C6DDB2B00D46008 /* ocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646051A89928E0062516A /* ocsp.c */; }; + 30B060591C6DDB2B00D46008 /* sniffer.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646061A89928E0062516A /* sniffer.c */; }; + 30B0605A1C6DDB2B00D46008 /* ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646071A89928E0062516A /* ssl.c */; }; + 30B0605B1C6DDB2B00D46008 /* tls.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646081A89928E0062516A /* tls.c */; }; + 30B0605C1C6DDB2B00D46008 /* aes.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646111A8992CC0062516A /* aes.c */; }; + 30B0605D1C6DDB2B00D46008 /* arc4.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646121A8992CC0062516A /* arc4.c */; }; + 30B0605E1C6DDB2B00D46008 /* asn.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646131A8992CC0062516A /* asn.c */; }; + 30B0605F1C6DDB2B00D46008 /* blake2b.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646141A8992CC0062516A /* blake2b.c */; }; + 30B060601C6DDB2B00D46008 /* camellia.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646151A8992CC0062516A /* camellia.c */; }; + 30B060611C6DDB2B00D46008 /* chacha.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646161A8992CC0062516A /* chacha.c */; }; + 30B060621C6DDB2B00D46008 /* coding.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646171A8992CC0062516A /* coding.c */; }; + 30B060631C6DDB2B00D46008 /* des3.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646181A8992CC0062516A /* des3.c */; }; + 30B060641C6DDB2B00D46008 /* dh.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646191A8992CC0062516A /* dh.c */; }; + 30B060651C6DDB2B00D46008 /* dsa.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461A1A8992CC0062516A /* dsa.c */; }; + 30B060661C6DDB2B00D46008 /* ecc.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461B1A8992CC0062516A /* ecc.c */; }; + 30B060671C6DDB2B00D46008 /* error.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461C1A8992CC0062516A /* error.c */; }; + 30B060681C6DDB2B00D46008 /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; }; + 30B060691C6DDB2B00D46008 /* hc128.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461D1A8992CC0062516A /* hc128.c */; }; + 30B0606A1C6DDB2B00D46008 /* hmac.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461E1A8992CC0062516A /* hmac.c */; }; + 30B0606B1C6DDB2B00D46008 /* integer.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461F1A8992CC0062516A /* integer.c */; }; + 30B0606C1C6DDB2B00D46008 /* logging.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646201A8992CC0062516A /* logging.c */; }; + 30B0606D1C6DDB2B00D46008 /* md2.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646211A8992CC0062516A /* md2.c */; }; + 30B0606E1C6DDB2B00D46008 /* md4.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646221A8992CC0062516A /* md4.c */; }; + 30B0606F1C6DDB2B00D46008 /* md5.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646231A8992CC0062516A /* md5.c */; }; + 30B060701C6DDB2B00D46008 /* memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646241A8992CC0062516A /* memory.c */; }; + 30B060721C6DDB2B00D46008 /* pkcs7.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646261A8992CC0062516A /* pkcs7.c */; }; + 30B060731C6DDB2B00D46008 /* poly1305.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646271A8992CC0062516A /* poly1305.c */; }; + 30B060741C6DDB2B00D46008 /* pwdbased.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646281A8992CC0062516A /* pwdbased.c */; }; + 30B060751C6DDB2B00D46008 /* rabbit.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646291A8992CC0062516A /* rabbit.c */; }; + 30B060761C6DDB2B00D46008 /* random.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462A1A8992CC0062516A /* random.c */; }; + 30B060771C6DDB2B00D46008 /* ripemd.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462B1A8992CC0062516A /* ripemd.c */; }; + 30B060781C6DDB2B00D46008 /* rsa.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462C1A8992CC0062516A /* rsa.c */; }; + 30B060791C6DDB2B00D46008 /* sha.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462D1A8992CC0062516A /* sha.c */; }; + 30B0607A1C6DDB2B00D46008 /* sha256.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462E1A8992CC0062516A /* sha256.c */; }; + 30B0607B1C6DDB2B00D46008 /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462F1A8992CC0062516A /* sha512.c */; }; + 30B0607C1C6DDB2B00D46008 /* tfm.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646301A8992CC0062516A /* tfm.c */; }; + 30B0607D1C6DDB2B00D46008 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; }; + 30B0607E1C6DDB2B00D46008 /* wc_port.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646311A8992CC0062516A /* wc_port.c */; }; + 30B0607F1C6DDB4600D46008 /* callbacks.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646531A8993290062516A /* callbacks.h */; }; + 30B060801C6DDB4600D46008 /* certs_test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646541A8993290062516A /* certs_test.h */; }; + 30B060811C6DDB4600D46008 /* crl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646551A8993290062516A /* crl.h */; }; + 30B060821C6DDB4600D46008 /* error-ssl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646561A8993290062516A /* error-ssl.h */; }; + 30B060831C6DDB4600D46008 /* internal.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646571A8993290062516A /* internal.h */; }; + 30B060841C6DDB4600D46008 /* ocsp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646581A8993290062516A /* ocsp.h */; }; + 30B060851C6DDB4600D46008 /* ssl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216465B1A8993290062516A /* ssl.h */; }; + 30B060861C6DDB4600D46008 /* test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216465C1A8993290062516A /* test.h */; }; + 30B060871C6DDB4600D46008 /* version.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216465D1A8993290062516A /* version.h */; }; + 30B0608B1C6DDB6200D46008 /* aes.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216465E1A8993770062516A /* aes.h */; }; + 30B0608C1C6DDB6200D46008 /* arc4.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216465F1A8993770062516A /* arc4.h */; }; + 30B0608D1C6DDB6200D46008 /* asn_public.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646601A8993770062516A /* asn_public.h */; }; + 30B0608E1C6DDB6200D46008 /* asn.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646611A8993770062516A /* asn.h */; }; + 30B0608F1C6DDB6200D46008 /* blake2-impl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646621A8993770062516A /* blake2-impl.h */; }; + 30B060901C6DDB6200D46008 /* blake2-int.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646631A8993770062516A /* blake2-int.h */; }; + 30B060911C6DDB6200D46008 /* blake2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646641A8993770062516A /* blake2.h */; }; + 30B060921C6DDB6200D46008 /* camellia.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646651A8993770062516A /* camellia.h */; }; + 30B060931C6DDB6200D46008 /* chacha.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646661A8993770062516A /* chacha.h */; }; + 30B060941C6DDB6200D46008 /* coding.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646671A8993770062516A /* coding.h */; }; + 30B060951C6DDB6200D46008 /* compress.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646681A8993770062516A /* compress.h */; }; + 30B060961C6DDB6200D46008 /* des3.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646691A8993770062516A /* des3.h */; }; + 30B060971C6DDB6200D46008 /* dh.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466A1A8993770062516A /* dh.h */; }; + 30B060981C6DDB6200D46008 /* dsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466B1A8993770062516A /* dsa.h */; }; + 30B060991C6DDB6200D46008 /* ecc.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466C1A8993770062516A /* ecc.h */; }; + 30B0609A1C6DDB6200D46008 /* error-crypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466D1A8993770062516A /* error-crypt.h */; }; + 30B0609B1C6DDB6200D46008 /* fips_test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466E1A8993770062516A /* fips_test.h */; }; + 30B0609C1C6DDB6200D46008 /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; }; + 30B0609D1C6DDB6200D46008 /* hc128.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216466F1A8993770062516A /* hc128.h */; }; + 30B0609E1C6DDB6200D46008 /* hmac.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646701A8993770062516A /* hmac.h */; }; + 30B0609F1C6DDB6200D46008 /* integer.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646721A8993770062516A /* integer.h */; }; + 30B060A01C6DDB6200D46008 /* logging.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646731A8993770062516A /* logging.h */; }; + 30B060A11C6DDB6200D46008 /* md2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646741A8993770062516A /* md2.h */; }; + 30B060A21C6DDB6200D46008 /* md4.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646751A8993770062516A /* md4.h */; }; + 30B060A31C6DDB6200D46008 /* md5.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646761A8993770062516A /* md5.h */; }; + 30B060A41C6DDB6200D46008 /* memory.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646771A8993770062516A /* memory.h */; }; + 30B060A51C6DDB6200D46008 /* misc.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646781A8993770062516A /* misc.h */; }; + 30B060A61C6DDB6200D46008 /* mpi_class.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646791A8993770062516A /* mpi_class.h */; }; + 30B060A71C6DDB6200D46008 /* mpi_superclass.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467A1A8993770062516A /* mpi_superclass.h */; }; + 30B060A81C6DDB6200D46008 /* pkcs7.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467B1A8993770062516A /* pkcs7.h */; }; + 30B060A91C6DDB6200D46008 /* poly1305.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467C1A8993770062516A /* poly1305.h */; }; + 30B060AA1C6DDB6200D46008 /* pwdbased.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467D1A8993770062516A /* pwdbased.h */; }; + 30B060AB1C6DDB6200D46008 /* rabbit.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467E1A8993770062516A /* rabbit.h */; }; + 30B060AC1C6DDB6200D46008 /* random.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216467F1A8993770062516A /* random.h */; }; + 30B060AD1C6DDB6200D46008 /* ripemd.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646801A8993770062516A /* ripemd.h */; }; + 30B060AE1C6DDB6200D46008 /* rsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646811A8993770062516A /* rsa.h */; }; + 30B060AF1C6DDB6200D46008 /* settings.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646821A8993770062516A /* settings.h */; }; + 30B060B01C6DDB6200D46008 /* sha.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646831A8993770062516A /* sha.h */; }; + 30B060B11C6DDB6200D46008 /* sha256.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646841A8993770062516A /* sha256.h */; }; + 30B060B21C6DDB6200D46008 /* sha512.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646851A8993770062516A /* sha512.h */; }; + 30B060B31C6DDB6200D46008 /* tfm.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646861A8993770062516A /* tfm.h */; }; + 30B060B41C6DDB6200D46008 /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646871A8993770062516A /* types.h */; }; + 30B060B51C6DDB6200D46008 /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646881A8993770062516A /* visibility.h */; }; + 30B060B61C6DDB6200D46008 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; }; + 30B060B71C6DDB6200D46008 /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646891A8993770062516A /* wc_port.h */; }; + 30B060B81C6DDB7D00D46008 /* callbacks.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468A1A8993BB0062516A /* callbacks.h */; }; + 30B060B91C6DDB7D00D46008 /* certs_test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468B1A8993BB0062516A /* certs_test.h */; }; + 30B060BA1C6DDB7D00D46008 /* crl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468C1A8993BB0062516A /* crl.h */; }; + 30B060BB1C6DDB7D00D46008 /* error-ssl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468D1A8993BB0062516A /* error-ssl.h */; }; + 30B060BC1C6DDB7D00D46008 /* internal.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468E1A8993BB0062516A /* internal.h */; }; + 30B060BD1C6DDB7D00D46008 /* ocsp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216468F1A8993BB0062516A /* ocsp.h */; }; + 30B060BE1C6DDB7D00D46008 /* ssl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646921A8993BB0062516A /* ssl.h */; }; + 30B060BF1C6DDB7D00D46008 /* test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646931A8993BB0062516A /* test.h */; }; + 30B060C01C6DDB7D00D46008 /* version.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646941A8993BB0062516A /* version.h */; }; + 30B060C11C6DDB9800D46008 /* aes.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646951A8993F50062516A /* aes.h */; }; + 30B060C21C6DDB9800D46008 /* arc4.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646961A8993F50062516A /* arc4.h */; }; + 30B060C31C6DDB9800D46008 /* asn_public.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646971A8993F50062516A /* asn_public.h */; }; + 30B060C41C6DDB9800D46008 /* asn.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646981A8993F50062516A /* asn.h */; }; + 30B060C51C6DDB9800D46008 /* blake2-impl.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646991A8993F50062516A /* blake2-impl.h */; }; + 30B060C61C6DDB9800D46008 /* blake2-int.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469A1A8993F50062516A /* blake2-int.h */; }; + 30B060C71C6DDB9800D46008 /* blake2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469B1A8993F50062516A /* blake2.h */; }; + 30B060C81C6DDB9800D46008 /* camellia.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469C1A8993F50062516A /* camellia.h */; }; + 30B060C91C6DDB9800D46008 /* chacha.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469D1A8993F50062516A /* chacha.h */; }; + 30B060CA1C6DDB9800D46008 /* coding.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469E1A8993F50062516A /* coding.h */; }; + 30B060CB1C6DDB9800D46008 /* compress.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 5216469F1A8993F50062516A /* compress.h */; }; + 30B060CC1C6DDB9800D46008 /* des3.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A01A8993F50062516A /* des3.h */; }; + 30B060CD1C6DDB9800D46008 /* dh.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A11A8993F50062516A /* dh.h */; }; + 30B060CE1C6DDB9800D46008 /* dsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A21A8993F50062516A /* dsa.h */; }; + 30B060CF1C6DDB9800D46008 /* ecc.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A31A8993F50062516A /* ecc.h */; }; + 30B060D01C6DDB9800D46008 /* error-crypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A41A8993F50062516A /* error-crypt.h */; }; + 30B060D11C6DDB9800D46008 /* fips_test.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A51A8993F50062516A /* fips_test.h */; }; + 30B060D21C6DDB9800D46008 /* hc128.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A61A8993F50062516A /* hc128.h */; }; + 30B060D31C6DDB9800D46008 /* hmac.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A71A8993F50062516A /* hmac.h */; }; + 30B060D41C6DDB9800D46008 /* integer.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A81A8993F50062516A /* integer.h */; }; + 30B060D51C6DDB9800D46008 /* logging.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646A91A8993F50062516A /* logging.h */; }; + 30B060D61C6DDB9800D46008 /* md2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AA1A8993F50062516A /* md2.h */; }; + 30B060D71C6DDB9800D46008 /* md4.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AB1A8993F50062516A /* md4.h */; }; + 30B060D81C6DDB9800D46008 /* md5.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AC1A8993F50062516A /* md5.h */; }; + 30B060D91C6DDB9800D46008 /* memory.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AD1A8993F50062516A /* memory.h */; }; + 30B060DA1C6DDB9800D46008 /* misc.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AE1A8993F50062516A /* misc.h */; }; + 30B060DB1C6DDB9800D46008 /* mpi_class.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646AF1A8993F50062516A /* mpi_class.h */; }; + 30B060DC1C6DDB9800D46008 /* mpi_superclass.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B01A8993F50062516A /* mpi_superclass.h */; }; + 30B060DD1C6DDB9800D46008 /* pkcs7.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B11A8993F50062516A /* pkcs7.h */; }; + 30B060DE1C6DDB9800D46008 /* poly1305.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B21A8993F50062516A /* poly1305.h */; }; + 30B060DF1C6DDB9800D46008 /* pwdbased.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B31A8993F50062516A /* pwdbased.h */; }; + 30B060E01C6DDB9800D46008 /* rabbit.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B41A8993F50062516A /* rabbit.h */; }; + 30B060E11C6DDB9800D46008 /* random.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B51A8993F50062516A /* random.h */; }; + 30B060E21C6DDB9800D46008 /* ripemd.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B61A8993F50062516A /* ripemd.h */; }; + 30B060E31C6DDB9800D46008 /* rsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B71A8993F50062516A /* rsa.h */; }; + 30B060E41C6DDB9800D46008 /* settings_comp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B81A8993F50062516A /* settings_comp.h */; }; + 30B060E51C6DDB9800D46008 /* settings.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646B91A8993F50062516A /* settings.h */; }; + 30B060E61C6DDB9800D46008 /* sha.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BA1A8993F50062516A /* sha.h */; }; + 30B060E71C6DDB9800D46008 /* sha256.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BB1A8993F50062516A /* sha256.h */; }; + 30B060E81C6DDB9800D46008 /* sha512.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BC1A8993F50062516A /* sha512.h */; }; + 30B060E91C6DDB9800D46008 /* tfm.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BD1A8993F50062516A /* tfm.h */; }; + 30B060EA1C6DDB9800D46008 /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; }; + 30B060EB1C6DDB9800D46008 /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; }; + 30B060EC1C6DDB9800D46008 /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; }; 521646091A89928E0062516A /* crl.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646011A89928E0062516A /* crl.c */; }; 5216460A1A89928E0062516A /* internal.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646021A89928E0062516A /* internal.c */; }; 5216460B1A89928E0062516A /* io.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646031A89928E0062516A /* io.c */; }; @@ -35,7 +184,6 @@ 521646431A8992CC0062516A /* md4.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646221A8992CC0062516A /* md4.c */; }; 521646441A8992CC0062516A /* md5.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646231A8992CC0062516A /* md5.c */; }; 521646451A8992CC0062516A /* memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646241A8992CC0062516A /* memory.c */; }; - 521646461A8992CC0062516A /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646251A8992CC0062516A /* misc.c */; }; 521646471A8992CC0062516A /* pkcs7.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646261A8992CC0062516A /* pkcs7.c */; }; 521646481A8992CC0062516A /* poly1305.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646271A8992CC0062516A /* poly1305.c */; }; 521646491A8992CC0062516A /* pwdbased.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646281A8992CC0062516A /* pwdbased.c */; }; @@ -165,7 +313,6 @@ A4F318551BC58B1700FDF2BB /* camellia.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646151A8992CC0062516A /* camellia.c */; }; A4F318561BC58B1700FDF2BB /* wc_port.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646311A8992CC0062516A /* wc_port.c */; }; A4F318571BC58B1700FDF2BB /* pwdbased.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646281A8992CC0062516A /* pwdbased.c */; }; - A4F318581BC58B1700FDF2BB /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646251A8992CC0062516A /* misc.c */; }; A4F318591BC58B1700FDF2BB /* hc128.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216461D1A8992CC0062516A /* hc128.c */; }; A4F3185A1BC58B1700FDF2BB /* asn.c in Sources */ = {isa = PBXBuildFile; fileRef = 521646131A8992CC0062516A /* asn.c */; }; A4F3185B1BC58B1700FDF2BB /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216462F1A8992CC0062516A /* sha512.c */; }; @@ -310,6 +457,149 @@ /* End PBXBuildFile section */ /* Begin PBXCopyFilesBuildPhase section */ + 30B060491C6DDAEA00D46008 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = include/wolfssl; + dstSubfolderSpec = 7; + files = ( + 30B0607F1C6DDB4600D46008 /* callbacks.h in CopyFiles */, + 30B060801C6DDB4600D46008 /* certs_test.h in CopyFiles */, + 30B060811C6DDB4600D46008 /* crl.h in CopyFiles */, + 30B060821C6DDB4600D46008 /* error-ssl.h in CopyFiles */, + 30B060831C6DDB4600D46008 /* internal.h in CopyFiles */, + 30B060841C6DDB4600D46008 /* ocsp.h in CopyFiles */, + 30B060851C6DDB4600D46008 /* ssl.h in CopyFiles */, + 30B060861C6DDB4600D46008 /* test.h in CopyFiles */, + 30B060871C6DDB4600D46008 /* version.h in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 30B060881C6DDB5200D46008 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = include/wolfssl/wolfcrypt; + dstSubfolderSpec = 7; + files = ( + 30B0608B1C6DDB6200D46008 /* aes.h in CopyFiles */, + 30B0608C1C6DDB6200D46008 /* arc4.h in CopyFiles */, + 30B0608D1C6DDB6200D46008 /* asn_public.h in CopyFiles */, + 30B0608E1C6DDB6200D46008 /* asn.h in CopyFiles */, + 30B0608F1C6DDB6200D46008 /* blake2-impl.h in CopyFiles */, + 30B060901C6DDB6200D46008 /* blake2-int.h in CopyFiles */, + 30B060911C6DDB6200D46008 /* blake2.h in CopyFiles */, + 30B060921C6DDB6200D46008 /* camellia.h in CopyFiles */, + 30B060931C6DDB6200D46008 /* chacha.h in CopyFiles */, + 30B060941C6DDB6200D46008 /* coding.h in CopyFiles */, + 30B060951C6DDB6200D46008 /* compress.h in CopyFiles */, + 30B060961C6DDB6200D46008 /* des3.h in CopyFiles */, + 30B060971C6DDB6200D46008 /* dh.h in CopyFiles */, + 30B060981C6DDB6200D46008 /* dsa.h in CopyFiles */, + 30B060991C6DDB6200D46008 /* ecc.h in CopyFiles */, + 30B0609A1C6DDB6200D46008 /* error-crypt.h in CopyFiles */, + 30B0609B1C6DDB6200D46008 /* fips_test.h in CopyFiles */, + 30B0609C1C6DDB6200D46008 /* hash.h in CopyFiles */, + 30B0609D1C6DDB6200D46008 /* hc128.h in CopyFiles */, + 30B0609E1C6DDB6200D46008 /* hmac.h in CopyFiles */, + 30B0609F1C6DDB6200D46008 /* integer.h in CopyFiles */, + 30B060A01C6DDB6200D46008 /* logging.h in CopyFiles */, + 30B060A11C6DDB6200D46008 /* md2.h in CopyFiles */, + 30B060A21C6DDB6200D46008 /* md4.h in CopyFiles */, + 30B060A31C6DDB6200D46008 /* md5.h in CopyFiles */, + 30B060A41C6DDB6200D46008 /* memory.h in CopyFiles */, + 30B060A51C6DDB6200D46008 /* misc.h in CopyFiles */, + 30B060A61C6DDB6200D46008 /* mpi_class.h in CopyFiles */, + 30B060A71C6DDB6200D46008 /* mpi_superclass.h in CopyFiles */, + 30B060A81C6DDB6200D46008 /* pkcs7.h in CopyFiles */, + 30B060A91C6DDB6200D46008 /* poly1305.h in CopyFiles */, + 30B060AA1C6DDB6200D46008 /* pwdbased.h in CopyFiles */, + 30B060AB1C6DDB6200D46008 /* rabbit.h in CopyFiles */, + 30B060AC1C6DDB6200D46008 /* random.h in CopyFiles */, + 30B060AD1C6DDB6200D46008 /* ripemd.h in CopyFiles */, + 30B060AE1C6DDB6200D46008 /* rsa.h in CopyFiles */, + 30B060AF1C6DDB6200D46008 /* settings.h in CopyFiles */, + 30B060B01C6DDB6200D46008 /* sha.h in CopyFiles */, + 30B060B11C6DDB6200D46008 /* sha256.h in CopyFiles */, + 30B060B21C6DDB6200D46008 /* sha512.h in CopyFiles */, + 30B060B31C6DDB6200D46008 /* tfm.h in CopyFiles */, + 30B060B41C6DDB6200D46008 /* types.h in CopyFiles */, + 30B060B51C6DDB6200D46008 /* visibility.h in CopyFiles */, + 30B060B61C6DDB6200D46008 /* wc_encrypt.h in CopyFiles */, + 30B060B71C6DDB6200D46008 /* wc_port.h in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 30B060891C6DDB5400D46008 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = include/cyassl; + dstSubfolderSpec = 7; + files = ( + 30B060B81C6DDB7D00D46008 /* callbacks.h in CopyFiles */, + 30B060B91C6DDB7D00D46008 /* certs_test.h in CopyFiles */, + 30B060BA1C6DDB7D00D46008 /* crl.h in CopyFiles */, + 30B060BB1C6DDB7D00D46008 /* error-ssl.h in CopyFiles */, + 30B060BC1C6DDB7D00D46008 /* internal.h in CopyFiles */, + 30B060BD1C6DDB7D00D46008 /* ocsp.h in CopyFiles */, + 30B060BE1C6DDB7D00D46008 /* ssl.h in CopyFiles */, + 30B060BF1C6DDB7D00D46008 /* test.h in CopyFiles */, + 30B060C01C6DDB7D00D46008 /* version.h in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 30B0608A1C6DDB5500D46008 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = include/cyassl/ctaocrypt; + dstSubfolderSpec = 7; + files = ( + 30B060C11C6DDB9800D46008 /* aes.h in CopyFiles */, + 30B060C21C6DDB9800D46008 /* arc4.h in CopyFiles */, + 30B060C31C6DDB9800D46008 /* asn_public.h in CopyFiles */, + 30B060C41C6DDB9800D46008 /* asn.h in CopyFiles */, + 30B060C51C6DDB9800D46008 /* blake2-impl.h in CopyFiles */, + 30B060C61C6DDB9800D46008 /* blake2-int.h in CopyFiles */, + 30B060C71C6DDB9800D46008 /* blake2.h in CopyFiles */, + 30B060C81C6DDB9800D46008 /* camellia.h in CopyFiles */, + 30B060C91C6DDB9800D46008 /* chacha.h in CopyFiles */, + 30B060CA1C6DDB9800D46008 /* coding.h in CopyFiles */, + 30B060CB1C6DDB9800D46008 /* compress.h in CopyFiles */, + 30B060CC1C6DDB9800D46008 /* des3.h in CopyFiles */, + 30B060CD1C6DDB9800D46008 /* dh.h in CopyFiles */, + 30B060CE1C6DDB9800D46008 /* dsa.h in CopyFiles */, + 30B060CF1C6DDB9800D46008 /* ecc.h in CopyFiles */, + 30B060D01C6DDB9800D46008 /* error-crypt.h in CopyFiles */, + 30B060D11C6DDB9800D46008 /* fips_test.h in CopyFiles */, + 30B060D21C6DDB9800D46008 /* hc128.h in CopyFiles */, + 30B060D31C6DDB9800D46008 /* hmac.h in CopyFiles */, + 30B060D41C6DDB9800D46008 /* integer.h in CopyFiles */, + 30B060D51C6DDB9800D46008 /* logging.h in CopyFiles */, + 30B060D61C6DDB9800D46008 /* md2.h in CopyFiles */, + 30B060D71C6DDB9800D46008 /* md4.h in CopyFiles */, + 30B060D81C6DDB9800D46008 /* md5.h in CopyFiles */, + 30B060D91C6DDB9800D46008 /* memory.h in CopyFiles */, + 30B060DA1C6DDB9800D46008 /* misc.h in CopyFiles */, + 30B060DB1C6DDB9800D46008 /* mpi_class.h in CopyFiles */, + 30B060DC1C6DDB9800D46008 /* mpi_superclass.h in CopyFiles */, + 30B060DD1C6DDB9800D46008 /* pkcs7.h in CopyFiles */, + 30B060DE1C6DDB9800D46008 /* poly1305.h in CopyFiles */, + 30B060DF1C6DDB9800D46008 /* pwdbased.h in CopyFiles */, + 30B060E01C6DDB9800D46008 /* rabbit.h in CopyFiles */, + 30B060E11C6DDB9800D46008 /* random.h in CopyFiles */, + 30B060E21C6DDB9800D46008 /* ripemd.h in CopyFiles */, + 30B060E31C6DDB9800D46008 /* rsa.h in CopyFiles */, + 30B060E41C6DDB9800D46008 /* settings_comp.h in CopyFiles */, + 30B060E51C6DDB9800D46008 /* settings.h in CopyFiles */, + 30B060E61C6DDB9800D46008 /* sha.h in CopyFiles */, + 30B060E71C6DDB9800D46008 /* sha256.h in CopyFiles */, + 30B060E81C6DDB9800D46008 /* sha512.h in CopyFiles */, + 30B060E91C6DDB9800D46008 /* tfm.h in CopyFiles */, + 30B060EA1C6DDB9800D46008 /* types.h in CopyFiles */, + 30B060EB1C6DDB9800D46008 /* visibility.h in CopyFiles */, + 30B060EC1C6DDB9800D46008 /* wc_port.h in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 521646C11A8A7B380062516A /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; @@ -599,6 +889,7 @@ /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ + 30B0604B1C6DDAEA00D46008 /* libwolfssl_tvos.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl_tvos.a; sourceTree = BUILT_PRODUCTS_DIR; }; 521646011A89928E0062516A /* crl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = crl.c; path = ../../src/crl.c; sourceTree = ""; }; 521646021A89928E0062516A /* internal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = internal.c; path = ../../src/internal.c; sourceTree = ""; }; 521646031A89928E0062516A /* io.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = io.c; path = ../../src/io.c; sourceTree = ""; }; @@ -755,6 +1046,13 @@ /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ + 30B060481C6DDAEA00D46008 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; 52B1344A16F3C9E800C07B32 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; @@ -999,6 +1297,7 @@ children = ( 52B1344D16F3C9E800C07B32 /* libwolfssl_ios.a */, A4F318EE1BC58B1700FDF2BB /* libwolfssl_osx.a */, + 30B0604B1C6DDAEA00D46008 /* libwolfssl_tvos.a */, ); name = Products; sourceTree = ""; @@ -1006,6 +1305,26 @@ /* End PBXGroup section */ /* Begin PBXNativeTarget section */ + 30B0604A1C6DDAEA00D46008 /* wolfssl_tvos */ = { + isa = PBXNativeTarget; + buildConfigurationList = 30B060531C6DDAEA00D46008 /* Build configuration list for PBXNativeTarget "wolfssl_tvos" */; + buildPhases = ( + 30B060471C6DDAEA00D46008 /* Sources */, + 30B060481C6DDAEA00D46008 /* Frameworks */, + 30B060491C6DDAEA00D46008 /* CopyFiles */, + 30B060881C6DDB5200D46008 /* CopyFiles */, + 30B060891C6DDB5400D46008 /* CopyFiles */, + 30B0608A1C6DDB5500D46008 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = wolfssl_tvos; + productName = wolfssl_tvos; + productReference = 30B0604B1C6DDAEA00D46008 /* libwolfssl_tvos.a */; + productType = "com.apple.product-type.library.static"; + }; 52B1344C16F3C9E800C07B32 /* wolfssl_ios */ = { isa = PBXNativeTarget; buildConfigurationList = 52B1347216F3C9E800C07B32 /* Build configuration list for PBXNativeTarget "wolfssl_ios" */; @@ -1054,6 +1373,11 @@ attributes = { LastUpgradeCheck = 0460; ORGANIZATIONNAME = "wolfSSL Inc"; + TargetAttributes = { + 30B0604A1C6DDAEA00D46008 = { + CreatedOnToolsVersion = 7.2.1; + }; + }; }; buildConfigurationList = 52B1344816F3C9E800C07B32 /* Build configuration list for PBXProject "wolfssl" */; compatibilityVersion = "Xcode 3.2"; @@ -1069,11 +1393,61 @@ targets = ( 52B1344C16F3C9E800C07B32 /* wolfssl_ios */, A4F3184E1BC58B1700FDF2BB /* wolfssl_osx */, + 30B0604A1C6DDAEA00D46008 /* wolfssl_tvos */, ); }; /* End PBXProject section */ /* Begin PBXSourcesBuildPhase section */ + 30B060471C6DDAEA00D46008 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 30B060541C6DDB2B00D46008 /* crl.c in Sources */, + 30B060551C6DDB2B00D46008 /* internal.c in Sources */, + 30B060561C6DDB2B00D46008 /* io.c in Sources */, + 30B060571C6DDB2B00D46008 /* keys.c in Sources */, + 30B060581C6DDB2B00D46008 /* ocsp.c in Sources */, + 30B060591C6DDB2B00D46008 /* sniffer.c in Sources */, + 30B0605A1C6DDB2B00D46008 /* ssl.c in Sources */, + 30B0605B1C6DDB2B00D46008 /* tls.c in Sources */, + 30B0605C1C6DDB2B00D46008 /* aes.c in Sources */, + 30B0605D1C6DDB2B00D46008 /* arc4.c in Sources */, + 30B0605E1C6DDB2B00D46008 /* asn.c in Sources */, + 30B0605F1C6DDB2B00D46008 /* blake2b.c in Sources */, + 30B060601C6DDB2B00D46008 /* camellia.c in Sources */, + 30B060611C6DDB2B00D46008 /* chacha.c in Sources */, + 30B060621C6DDB2B00D46008 /* coding.c in Sources */, + 30B060631C6DDB2B00D46008 /* des3.c in Sources */, + 30B060641C6DDB2B00D46008 /* dh.c in Sources */, + 30B060651C6DDB2B00D46008 /* dsa.c in Sources */, + 30B060661C6DDB2B00D46008 /* ecc.c in Sources */, + 30B060671C6DDB2B00D46008 /* error.c in Sources */, + 30B060681C6DDB2B00D46008 /* hash.c in Sources */, + 30B060691C6DDB2B00D46008 /* hc128.c in Sources */, + 30B0606A1C6DDB2B00D46008 /* hmac.c in Sources */, + 30B0606B1C6DDB2B00D46008 /* integer.c in Sources */, + 30B0606C1C6DDB2B00D46008 /* logging.c in Sources */, + 30B0606D1C6DDB2B00D46008 /* md2.c in Sources */, + 30B0606E1C6DDB2B00D46008 /* md4.c in Sources */, + 30B0606F1C6DDB2B00D46008 /* md5.c in Sources */, + 30B060701C6DDB2B00D46008 /* memory.c in Sources */, + 30B060721C6DDB2B00D46008 /* pkcs7.c in Sources */, + 30B060731C6DDB2B00D46008 /* poly1305.c in Sources */, + 30B060741C6DDB2B00D46008 /* pwdbased.c in Sources */, + 30B060751C6DDB2B00D46008 /* rabbit.c in Sources */, + 30B060761C6DDB2B00D46008 /* random.c in Sources */, + 30B060771C6DDB2B00D46008 /* ripemd.c in Sources */, + 30B060781C6DDB2B00D46008 /* rsa.c in Sources */, + 30B060791C6DDB2B00D46008 /* sha.c in Sources */, + 30B0607A1C6DDB2B00D46008 /* sha256.c in Sources */, + 30B0607B1C6DDB2B00D46008 /* sha512.c in Sources */, + 30B0607C1C6DDB2B00D46008 /* tfm.c in Sources */, + 30B0607D1C6DDB2B00D46008 /* wc_encrypt.c in Sources */, + 30B0607E1C6DDB2B00D46008 /* wc_port.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 52B1344916F3C9E800C07B32 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; @@ -1086,7 +1460,6 @@ 521646361A8992CC0062516A /* camellia.c in Sources */, 521646521A8992CC0062516A /* wc_port.c in Sources */, 521646491A8992CC0062516A /* pwdbased.c in Sources */, - 521646461A8992CC0062516A /* misc.c in Sources */, 5216463E1A8992CC0062516A /* hc128.c in Sources */, 521646341A8992CC0062516A /* asn.c in Sources */, 521646501A8992CC0062516A /* sha512.c in Sources */, @@ -1136,7 +1509,6 @@ A4F318551BC58B1700FDF2BB /* camellia.c in Sources */, A4F318561BC58B1700FDF2BB /* wc_port.c in Sources */, A4F318571BC58B1700FDF2BB /* pwdbased.c in Sources */, - A4F318581BC58B1700FDF2BB /* misc.c in Sources */, A4F318591BC58B1700FDF2BB /* hc128.c in Sources */, A4F3185A1BC58B1700FDF2BB /* asn.c in Sources */, A4F3185B1BC58B1700FDF2BB /* sha512.c in Sources */, @@ -1177,6 +1549,74 @@ /* End PBXSourcesBuildPhase section */ /* Begin XCBuildConfiguration section */ + 30B060511C6DDAEA00D46008 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = YES; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + HEADER_SEARCH_PATHS = ( + $SRCROOT, + $PROJECT_DIR/../.., + ); + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_LDFLAGS = "-ObjC"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = appletvos; + SKIP_INSTALL = YES; + TVOS_DEPLOYMENT_TARGET = 9.1; + USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl"; + }; + name = Debug; + }; + 30B060521C6DDAEA00D46008 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = YES; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + HEADER_SEARCH_PATHS = ( + $SRCROOT, + $PROJECT_DIR/../.., + ); + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = "-ObjC"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = appletvos; + SKIP_INSTALL = YES; + TVOS_DEPLOYMENT_TARGET = 9.1; + USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; 52B1347016F3C9E800C07B32 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { @@ -1337,6 +1777,15 @@ /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ + 30B060531C6DDAEA00D46008 /* Build configuration list for PBXNativeTarget "wolfssl_tvos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 30B060511C6DDAEA00D46008 /* Debug */, + 30B060521C6DDAEA00D46008 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; 52B1344816F3C9E800C07B32 /* Build configuration list for PBXProject "wolfssl" */ = { isa = XCConfigurationList; buildConfigurations = ( diff --git a/README b/README index efcab65e7..47b8d4c89 100644 --- a/README +++ b/README @@ -35,6 +35,41 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** + ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) + +Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) Release 3.8.0 of wolfSSL has bug fixes and new features including: @@ -162,8 +197,8 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including: - ECC make key crash fix on RNG failure, ECC users must update. - Improvements to usage of time code. - Improvements to VS solution files. -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS +- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, + to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". - No high level security fixes that requires an update though we always recommend updating to the latest (except note 14, ecc RNG failure) diff --git a/README.md b/README.md index e1f985e59..7e5daf459 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,40 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` +# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2015) + +##Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html # wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) diff --git a/autogen.sh b/autogen.sh index 196764e1f..971878e33 100755 --- a/autogen.sh +++ b/autogen.sh @@ -18,6 +18,10 @@ if test -d .git; then # touch fips files for non fips distribution touch ./ctaocrypt/src/fips.c touch ./ctaocrypt/src/fips_test.c + + # touch async crypt files + touch ./src/async.c + touch ./wolfssl/async.h else WARNINGS="all" fi diff --git a/configure.ac b/configure.ac index b99a9de1d..976478b4e 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.8.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.9.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=4:0:1 +WOLFSSL_LIBRARY_VERSION=5:0:2 # | | | # +------+ | +---+ # | | | @@ -256,6 +256,21 @@ fi AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"]) +# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir) +AC_ARG_ENABLE([leantls], + [ --enable-leantls Enable Lean TLS build (default: disabled)], + [ ENABLED_LEANTLS=$enableval ], + [ ENABLED_LEANTLS=no ] + ) + +if test "$ENABLED_LEANTLS" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_DES3 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY" +fi + +AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"]) + + # big cache AC_ARG_ENABLE([bigcache], [ --enable-bigcache Enable big session cache (default: disabled)], @@ -354,7 +369,7 @@ AC_ARG_ENABLE([sniffer], [ ENABLED_SNIFFER=no ] ) -# sniffer does't work in maxstrength mode +# sniffer doesn't work in maxstrength mode if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes" then AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.]) @@ -380,8 +395,8 @@ AC_ARG_ENABLE([aesgcm], [ ENABLED_AESGCM=yes ] ) -# lean psk does't need gcm -if test "$ENABLED_LEANPSK" = "yes" +# leanpsk and leantls don't need gcm +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then ENABLED_AESGCM=no fi @@ -566,8 +581,8 @@ AC_ARG_ENABLE([sha512], [ ENABLED_SHA512=$SHA512_DEFAULT ] ) -# lean psk does't need sha512 -if test "$ENABLED_LEANPSK" = "yes" +# leanpsk and leantls don't need sha512 +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then ENABLED_SHA512=no fi @@ -716,6 +731,14 @@ then ECC_DEFAULT=yes fi +# ECC Shamir +AC_ARG_ENABLE([eccshamir], + [AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled on x86_64)])], + [ ENABLED_ECC_SHAMIR=$enableval ], + [ ENABLED_ECC_SHAMIR=$ECC_DEFAULT ] + ) + + # ECC AC_ARG_ENABLE([ecc], [AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled on x86_64)])], @@ -723,7 +746,7 @@ AC_ARG_ENABLE([ecc], [ ENABLED_ECC=$ECC_DEFAULT ] ) -# lean psk does't need ecc +# lean psk doesn't need ecc if test "$ENABLED_LEANPSK" = "yes" then ENABLED_ECC=no @@ -736,18 +759,16 @@ fi if test "$ENABLED_ECC" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" + if test "$ENABLED_ECC_SHAMIR" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" + fi fi AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) -if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes" -then - AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.]) -fi - - # for using memory optimization setting on both curve25519 and ed25519 ENABLED_CURVED25519_SMALL=no @@ -874,8 +895,8 @@ if test "$ENABLED_ERROR_STRINGS" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" else - # turn off error strings if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off error strings if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" ENABLED_ERROR_STRINGS=no @@ -894,8 +915,8 @@ if test "$ENABLED_OLD_TLS" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" else - # turn off old if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off old if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" ENABLED_OLD_TLS=no @@ -942,8 +963,8 @@ if test "$ENABLED_MEMORY" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY" else - # turn off memory cb if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off memory cb if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then # but don't turn on NO_WOLFSSL_MEMORY because using own ENABLED_MEMORY=no @@ -964,8 +985,8 @@ if test "$ENABLED_RSA" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_RSA" else - # turn off RSA if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off RSA if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_RSA" ENABLED_RSA=no @@ -991,8 +1012,8 @@ if test "$ENABLED_DH" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_DH" else - # turn off DH if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off DH if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_DH" ENABLED_DH=no @@ -1137,8 +1158,8 @@ if test "$ENABLED_DES3" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_DES3" else - # turn off DES3 if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off DES3 if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_DES3" ENABLED_DES3=no @@ -1180,8 +1201,8 @@ if test "$ENABLED_ARC4" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_RC4" else - # turn off ARC4 if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off ARC4 if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_RC4" ENABLED_ARC4=no @@ -1202,8 +1223,8 @@ if test "$ENABLED_MD5" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" else - # turn off MD5 if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off MD5 if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" ENABLED_MD5=no @@ -1224,8 +1245,8 @@ if test "$ENABLED_SHA" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" else - # turn off SHA if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" + # turn off SHA if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" ENABLED_SHA=no @@ -1332,8 +1353,8 @@ AC_ARG_ENABLE([poly1305], [ ENABLED_POLY1305=$POLY1305_DEFAULT] ) -# lean psk does't need poly1305 -if test "$ENABLED_LEANPSK" = "yes" +# leanpsk and leantls don't need poly1305 +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then ENABLED_POLY1305=no fi @@ -1361,8 +1382,8 @@ AC_ARG_ENABLE([chacha], [ ENABLED_CHACHA=$CHACHA_DEFAULT] ) -# lean psk does't need chacha -if test "$ENABLED_LEANPSK" = "yes" +# leanpsk and leantls don't need chacha +if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" then ENABLED_CHACHA=no fi @@ -1636,10 +1657,49 @@ AC_ARG_WITH([ntru], AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) -if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes" -then - AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) -fi + +# Whitewood netRandom client library +ENABLED_WNR="no" +trywnrdir="" +AC_ARG_WITH([wnr], + [AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])], + [ + AC_MSG_CHECKING([for Whitewood netRandom]) + CPPFLAGS="$CPPFLAGS -DHAVE_WNR" + LIBS="$LIBS -lwnr" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ]) + + if test "x$wnr_linked" == "xno" ; then + if test "x$withval" != "xno" ; then + trywnrdir=$withval + fi + if test "x$withval" == "xyes" ; then + trywnrdir="/usr/local" + fi + + LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib" + CPPFLAGS="$CPPFLAGS -I$trywnrdir/include" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ]) + + if test "x$wnr_linked" == "xno" ; then + AC_MSG_ERROR([Whitewood netRandom isn't found. + If it's already installed, specify its path using --with-wnr=/dir/]) + fi + AC_MSG_RESULT([yes]) + AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib" + else + AC_MSG_RESULT([yes]) + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR" + ENABLED_WNR="yes" + ] +) + +AM_CONDITIONAL([BUILD_WNR], [test "x$ENABLED_WNR" = "xyes"]) + # SNI AC_ARG_ENABLE([sni], @@ -1913,8 +1973,13 @@ then if test "x$ENABLED_ECC" = "xno" then ENABLED_ECC="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) + + if test "$ENABLED_ECC_SHAMIR" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" + fi fi if test "x$ENABLED_OPENSSLEXTRA" = "xno" then @@ -1981,8 +2046,13 @@ then if test "x$ENABLED_ECC" = "xno" then ENABLED_ECC="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) + + if test "$ENABLED_ECC_SHAMIR" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" + fi fi if test "x$ENABLED_PKCALLBACKS" = "xno" then @@ -2074,8 +2144,13 @@ then then ENABLED_OPENSSLEXTRA="yes" ENABLED_ECC="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) + + if test "$ENABLED_ECC_SHAMIR" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" + fi fi AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB" @@ -2237,7 +2312,9 @@ AC_ARG_ENABLE([examples], AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"]) -AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) +AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) +AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS], [test "x$ENABLED_EXAMPLES" = "xyes"]) +AM_CONDITIONAL([BUILD_TESTS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) # Enable wolfCrypt test and benchmark AC_ARG_ENABLE([crypttests], @@ -2498,16 +2575,107 @@ fi AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"]) +# Asynchronous Crypto +AC_ARG_ENABLE([asynccrypt], + [ --enable-asynccrypt Enable Asynchronous Crypto (default: disabled)], + [ ENABLED_ASYNCCRYPT=$enableval ], + [ ENABLED_ASYNCCRYPT=no ] + ) + +if test "$ENABLED_ASYNCCRYPT" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT" + + # if Cavium not enabled the use async simulator for testing + if test "x$ENABLED_CAVIUM" = "xno" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST" + fi +fi + +AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"]) + + +# Session Export +AC_ARG_ENABLE([sessionexport], + [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], + [ ENABLED_SESSIONEXPORT=$enableval ], + [ ENABLED_SESSIONEXPORT=no ] + ) + +if test "$ENABLED_SESSIONEXPORT" = "yes" +then + if test "$ENABLED_DTLS" = "no" + then + AC_MSG_ERROR([Only DTLS supported with session export]) + fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT" +fi + + # check if PSK was enabled for conditionally running psk.test script AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"]) -# Check for build-type conflicts + +# check if should run the trusted peer certs test +# (for now checking both C_FLAGS and C_EXTRA_FLAGS) +case $C_EXTRA_FLAGS in + *WOLFSSL_TRUST_PEER_CERT*) + have_tp=yes + break;; + *) + have_tp=no ;; +esac +if test "$have_tp" = "no"; then + case $C_FLAGS in + *WOLFSSL_TRUST_PEER_CERT*) + have_tp=yes + break;; + *) + have_tp=no ;; + esac +fi +AM_CONDITIONAL([BUILD_TRUST_PEER_CERT], [test "x$have_tp" = "xyes"]) + + +################################################################################ +# Check for build-type conflicts # +################################################################################ + AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_LEANPSK" = "xyes"], [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])]) +AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ + test "x$ENABLED_ASN" = "xno"], + [AC_MSG_ERROR([please enable asn if enabling ocsp.])]) + +AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ + test "x$ENABLED_RSA" = "xno" && \ + test "x$ENABLED_ECC" = "xno"], + [AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])]) + +# checks for pkcs7 needed enables +AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ + test "x$ENABLED_RSA" = "xno"], + [AC_MSG_ERROR([please enable rsa if enabling pkcs7.])]) + +AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ + test "x$ENABLED_SHA" = "xno"], + [AC_MSG_ERROR([please enable sha if enabling pkcs7.])]) + +AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \ + test "x$ENABLED_ECC" = "xno"], + [AC_MSG_ERROR([please enable ecc if enabling leantls.])]) + +AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \ + test "x$ENABLED_RSA" = "xno"], + [AC_MSG_ERROR([please enable rsa if enabling sniffer.])]) + +################################################################################ +# Update CFLAGS based on options # +################################################################################ -# Update CFLAGS based on options AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) @@ -2520,6 +2688,7 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_SSLV3" = "xyes"], [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) +################################################################################ # OPTIMIZE FLAGS if test "$GCC" = "yes" @@ -2556,10 +2725,18 @@ fi LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS -# link to ws2_32 if on mingw +# if mingw then link to ws2_32 for sockets case $host_os in - *mingw32) - LDFLAGS="$LDFLAGS -lws2_32" ;; + mingw*) + LDFLAGS="$LDFLAGS -lws2_32" + if test "$enable_shared" = "yes" + then + AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library]) + if test "$enable_static" = "yes" + then + MINGW_LIB_WARNING="yes" + fi + fi ;; esac # add user C_EXTRA_FLAGS back @@ -2635,7 +2812,7 @@ for option in $OPTION_FLAGS; do noequalsign=`echo $defonly | sed 's/=/ /'` if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG" then - echo "not outputing (N)DEBUG to $OPTION_FILE" + echo "not outputting (N)DEBUG to $OPTION_FILE" continue fi @@ -2685,8 +2862,16 @@ done < $OPTION_FILE # switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h + +# workaround for mingw sed that may get "Permission denied" trying to preserver permissions +case $host_os in + mingw*) + chmod u+w cyassl/options.h ;; +esac + rm cyassl/options.h.bak + # output config summary echo "---" echo "Configuration summary for $PACKAGE_NAME version $VERSION" @@ -2744,6 +2929,7 @@ echo " * MD4: $ENABLED_MD4" echo " * PSK: $ENABLED_PSK" echo " * Poly1305: $ENABLED_POLY1305" echo " * LEANPSK: $ENABLED_LEANPSK" +echo " * LEANTLS: $ENABLED_LEANTLS" echo " * RSA: $ENABLED_RSA" echo " * DSA: $ENABLED_DSA" echo " * DH: $ENABLED_DH" @@ -2773,6 +2959,7 @@ echo " * Persistent cert cache: $ENABLED_SAVECERT" echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS" echo " * NTRU: $ENABLED_NTRU" +echo " * Whitewood netRandom: $ENABLED_WNR" echo " * Server Name Indication: $ENABLED_SNI" echo " * ALPN: $ENABLED_ALPN" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" @@ -2791,5 +2978,34 @@ echo " * LIBZ: $ENABLED_LIBZ" echo " * Examples: $ENABLED_EXAMPLES" echo " * User Crypto: $ENABLED_USER_CRYPTO" echo " * Fast RSA: $ENABLED_FAST_RSA" +echo " * Async Crypto: $ENABLED_ASYNCCRYPT" echo "" echo "---" + +################################################################################ +# Show warnings at bottom so they are noticed +################################################################################ + +if test "$ENABLED_ASYNCCRYPT" = "yes" +then + AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.]) +fi + +# MinGW static vs shared library +# Reference URL from libtool for MinGW is located at +# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross +# this allows for not even having dllimport/dllexport on functions +# with recent libtools, only requiring it with global variables. +# +# The following warning is displayed here because if not using "contemporary GNU +# tools" there is the possibility of export/import issues. +# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the +# case where both static and shared libraries are built. +# +# More can be found about the MinGW linker at +# https://sourceware.org/binutils/docs/ld/WIN32.html +if test "$MINGW_LIB_WARNING" = "yes" +then + AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.]) +fi + diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index dc4198be8..854e45a3d 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -1,8 +1,8 @@ /* misc.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,12 +16,14 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef NO_INLINE #include #else /* for inline includes */ + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/ctaocrypt/src/wolfcrypt_first.c b/ctaocrypt/src/wolfcrypt_first.c index 00e474457..8591f3e4d 100644 --- a/ctaocrypt/src/wolfcrypt_first.c +++ b/ctaocrypt/src/wolfcrypt_first.c @@ -1,8 +1,8 @@ /* wolfcrypt_first.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* This file needs to be linked first in order to work correctly */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/wolfcrypt_last.c b/ctaocrypt/src/wolfcrypt_last.c index 284eb110e..d3924d4d0 100644 --- a/ctaocrypt/src/wolfcrypt_last.c +++ b/ctaocrypt/src/wolfcrypt_last.c @@ -1,8 +1,8 @@ /* wolfcrypt_last.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* This file needs to be linked last in order to work correctly */ #ifdef HAVE_CONFIG_H diff --git a/cyassl/callbacks.h b/cyassl/callbacks.h index f74f7a65e..8608e1ed3 100644 --- a/cyassl/callbacks.h +++ b/cyassl/callbacks.h @@ -1,8 +1,8 @@ /* callbacks.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/crl.h b/cyassl/crl.h index 87e402f38..c19dd8be6 100644 --- a/cyassl/crl.h +++ b/cyassl/crl.h @@ -1,8 +1,8 @@ /* crl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 2bb213589..8ad064f06 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -1,8 +1,8 @@ /* aes.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_AES #ifndef CTAO_CRYPT_AES_H diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index 965b079a0..093d8465b 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -1,8 +1,8 @@ /* arc4.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_ARC4_H #define CTAO_CRYPT_ARC4_H diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index c27c144dd..7e7a9e76d 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -1,8 +1,8 @@ /* asn.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_ASN #ifndef CTAO_CRYPT_ASN_H diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 040734eab..ac36ca476 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -1,8 +1,8 @@ /* asn_public.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_ASN_PUBLIC_H #define CTAO_CRYPT_ASN_PUBLIC_H diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h index de6ed273b..e09bc2990 100644 --- a/cyassl/ctaocrypt/blake2-impl.h +++ b/cyassl/ctaocrypt/blake2-impl.h @@ -12,9 +12,9 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAOCRYPT_BLAKE2_IMPL_H #define CTAOCRYPT_BLAKE2_IMPL_H diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h index 9dadaadcb..f65dda15e 100644 --- a/cyassl/ctaocrypt/blake2-int.h +++ b/cyassl/ctaocrypt/blake2-int.h @@ -12,9 +12,9 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,11 +28,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAOCRYPT_BLAKE2_INT_H #define CTAOCRYPT_BLAKE2_INT_H diff --git a/cyassl/ctaocrypt/blake2.h b/cyassl/ctaocrypt/blake2.h index b7749173c..daa96ce73 100644 --- a/cyassl/ctaocrypt/blake2.h +++ b/cyassl/ctaocrypt/blake2.h @@ -1,8 +1,8 @@ /* blake2.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_BLAKE2 #ifndef CTAOCRYPT_BLAKE2_H diff --git a/cyassl/ctaocrypt/camellia.h b/cyassl/ctaocrypt/camellia.h index bbe7dcf1b..a42b34d06 100644 --- a/cyassl/ctaocrypt/camellia.h +++ b/cyassl/ctaocrypt/camellia.h @@ -1,8 +1,8 @@ /* camellia.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_CAMELLIA_H #define CTAO_CRYPT_CAMELLIA_H diff --git a/cyassl/ctaocrypt/chacha.h b/cyassl/ctaocrypt/chacha.h index 7651d28af..2cb008b1b 100644 --- a/cyassl/ctaocrypt/chacha.h +++ b/cyassl/ctaocrypt/chacha.h @@ -1,8 +1,8 @@ /* chacha.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_CHACHA_H #define CTAO_CRYPT_CHACHA_H diff --git a/cyassl/ctaocrypt/coding.h b/cyassl/ctaocrypt/coding.h index 47f5d2533..f0007eae8 100644 --- a/cyassl/ctaocrypt/coding.h +++ b/cyassl/ctaocrypt/coding.h @@ -1,8 +1,8 @@ /* coding.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_CODING_H #define CTAO_CRYPT_CODING_H diff --git a/cyassl/ctaocrypt/compress.h b/cyassl/ctaocrypt/compress.h index 632af2ec3..a5682eebe 100644 --- a/cyassl/ctaocrypt/compress.h +++ b/cyassl/ctaocrypt/compress.h @@ -1,8 +1,8 @@ /* compress.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_LIBZ #ifndef CTAO_CRYPT_COMPRESS_H diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index c6fbaa8b7..674d96840 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -1,8 +1,8 @@ /* des3.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_DES3 #ifndef CTAO_CRYPT_DES3_H diff --git a/cyassl/ctaocrypt/dh.h b/cyassl/ctaocrypt/dh.h index 4bd7757b5..7dcf5de60 100644 --- a/cyassl/ctaocrypt/dh.h +++ b/cyassl/ctaocrypt/dh.h @@ -1,8 +1,8 @@ /* dh.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_DH #ifndef CTAO_CRYPT_DH_H diff --git a/cyassl/ctaocrypt/dsa.h b/cyassl/ctaocrypt/dsa.h index bdc8cd5ac..33ca045e0 100644 --- a/cyassl/ctaocrypt/dsa.h +++ b/cyassl/ctaocrypt/dsa.h @@ -1,8 +1,8 @@ /* dsa.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_DSA #ifndef CTAO_CRYPT_DSA_H diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 3ae13f76d..09d3db9cb 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -1,8 +1,8 @@ /* ecc.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_ECC #ifndef CTAO_CRYPT_ECC_H diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index f20145543..bbc70f5cd 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -1,8 +1,8 @@ /* error-crypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_ERROR_H #define CTAO_CRYPT_ERROR_H diff --git a/cyassl/ctaocrypt/fips_test.h b/cyassl/ctaocrypt/fips_test.h index 12e1ce0a0..09848cff6 100644 --- a/cyassl/ctaocrypt/fips_test.h +++ b/cyassl/ctaocrypt/fips_test.h @@ -1,8 +1,8 @@ /* fips_test.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_FIPS_TEST_H #define CTAO_CRYPT_FIPS_TEST_H diff --git a/cyassl/ctaocrypt/hc128.h b/cyassl/ctaocrypt/hc128.h index b2c9bc9d3..190f86899 100644 --- a/cyassl/ctaocrypt/hc128.h +++ b/cyassl/ctaocrypt/hc128.h @@ -1,8 +1,8 @@ /* hc128.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_HC128 #ifndef CTAO_CRYPT_HC128_H diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 4625f10ea..b582395e3 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -1,8 +1,8 @@ /* hmac.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_HMAC #ifndef CTAO_CRYPT_HMAC_H diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 97b22822b..e9068288a 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -1,8 +1,8 @@ /* integer.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com diff --git a/cyassl/ctaocrypt/logging.h b/cyassl/ctaocrypt/logging.h index faa85d449..c3a32bd2c 100644 --- a/cyassl/ctaocrypt/logging.h +++ b/cyassl/ctaocrypt/logging.h @@ -1,8 +1,8 @@ /* logging.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* submitted by eof */ diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index cb7633752..3b1ade15e 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -1,8 +1,8 @@ /* md2.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* check for old macro */ #if !defined(CYASSL_MD2) && defined(WOLFSSL_MD2) #define CYASSL_MD2 diff --git a/cyassl/ctaocrypt/md4.h b/cyassl/ctaocrypt/md4.h index 458465621..16e4f5f46 100644 --- a/cyassl/ctaocrypt/md4.h +++ b/cyassl/ctaocrypt/md4.h @@ -1,8 +1,8 @@ /* md4.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_MD4 #ifndef CTAO_CRYPT_MD4_H diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index 3f5d01756..6e36fe9ce 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -1,8 +1,8 @@ /* md5.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_MD5 #ifndef CTAO_CRYPT_MD5_H diff --git a/cyassl/ctaocrypt/memory.h b/cyassl/ctaocrypt/memory.h index 285005350..683fac98d 100644 --- a/cyassl/ctaocrypt/memory.h +++ b/cyassl/ctaocrypt/memory.h @@ -1,8 +1,8 @@ /* memory.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* submitted by eof */ diff --git a/cyassl/ctaocrypt/misc.h b/cyassl/ctaocrypt/misc.h index a640044e5..828d29964 100644 --- a/cyassl/ctaocrypt/misc.h +++ b/cyassl/ctaocrypt/misc.h @@ -1,8 +1,8 @@ /* misc.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_MISC_H #define CTAO_CRYPT_MISC_H diff --git a/cyassl/ctaocrypt/mpi_class.h b/cyassl/ctaocrypt/mpi_class.h index 0ce92a64c..46855e9e4 100644 --- a/cyassl/ctaocrypt/mpi_class.h +++ b/cyassl/ctaocrypt/mpi_class.h @@ -1,8 +1,8 @@ /* mpi_class.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/ctaocrypt/mpi_superclass.h b/cyassl/ctaocrypt/mpi_superclass.h index 68cd0a6e3..bee878425 100644 --- a/cyassl/ctaocrypt/mpi_superclass.h +++ b/cyassl/ctaocrypt/mpi_superclass.h @@ -1,8 +1,8 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* super class file for PK algos */ #include diff --git a/cyassl/ctaocrypt/pkcs7.h b/cyassl/ctaocrypt/pkcs7.h index dfb7c2fd3..afac3e9a0 100644 --- a/cyassl/ctaocrypt/pkcs7.h +++ b/cyassl/ctaocrypt/pkcs7.h @@ -1,8 +1,8 @@ /* pkcs7.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -10,16 +10,17 @@ * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, - * * but WITHOUT ANY WARRANTY; without even the implied warranty of + * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_PKCS7 #ifndef CTAO_CRYPT_PKCS7_H diff --git a/cyassl/ctaocrypt/poly1305.h b/cyassl/ctaocrypt/poly1305.h index bceb772a5..46e9bd64f 100644 --- a/cyassl/ctaocrypt/poly1305.h +++ b/cyassl/ctaocrypt/poly1305.h @@ -1,8 +1,8 @@ /* poly1305.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_POLY1305 #ifndef CTAO_CRYPT_POLY1305_H diff --git a/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h b/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h index a5dca8904..2bbf5ce6c 100644 --- a/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h +++ b/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h @@ -1,8 +1,8 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef PIC32MZ_CRYPT_H #define PIC32MZ_CRYPT_H diff --git a/cyassl/ctaocrypt/pwdbased.h b/cyassl/ctaocrypt/pwdbased.h index 7d6dced51..304287f13 100644 --- a/cyassl/ctaocrypt/pwdbased.h +++ b/cyassl/ctaocrypt/pwdbased.h @@ -1,8 +1,8 @@ /* pwdbased.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_PWDBASED #ifndef CTAO_CRYPT_PWDBASED_H diff --git a/cyassl/ctaocrypt/rabbit.h b/cyassl/ctaocrypt/rabbit.h index a6e92ec2e..8918962c2 100644 --- a/cyassl/ctaocrypt/rabbit.h +++ b/cyassl/ctaocrypt/rabbit.h @@ -1,8 +1,8 @@ /* rabbit.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_RABBIT #ifndef CTAO_CRYPT_RABBIT_H diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 6d3a96fea..f9b35d039 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -1,8 +1,8 @@ /* random.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_RANDOM_H #define CTAO_CRYPT_RANDOM_H diff --git a/cyassl/ctaocrypt/ripemd.h b/cyassl/ctaocrypt/ripemd.h index 4458fcc44..ffc6815d6 100644 --- a/cyassl/ctaocrypt/ripemd.h +++ b/cyassl/ctaocrypt/ripemd.h @@ -1,8 +1,8 @@ /* ripemd.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,11 +16,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_RIPEMD_H #define CTAO_CRYPT_RIPEME_H diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index 72f8dc5d0..3c8a9f23b 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -1,8 +1,8 @@ /* rsa.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_RSA #ifndef CTAO_CRYPT_RSA_H diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index b880be666..5db9f3c4a 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ diff --git a/cyassl/ctaocrypt/settings_comp.h b/cyassl/ctaocrypt/settings_comp.h index f1832c3f0..d8384d3e3 100644 --- a/cyassl/ctaocrypt/settings_comp.h +++ b/cyassl/ctaocrypt/settings_comp.h @@ -1,8 +1,8 @@ /* settings_comp.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_SETTINGS_C_H #define CTAO_CRYPT_SETTINGS_C_H diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index 56927e2de..768acfcb5 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -1,8 +1,8 @@ /* sha.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_SHA #ifndef CTAO_CRYPT_SHA_H diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index b8b1f2465..d875e3138 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -1,8 +1,8 @@ /* sha256.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* code submitted by raphael.huck@efixo.com */ diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index 3eab76005..7b3f646a1 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -1,8 +1,8 @@ /* sha512.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_SHA512_H #define CTAO_CRYPT_SHA512_H diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 0b16b5189..903e07939 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -1,8 +1,8 @@ /* tfm.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 95bfb45e0..a8a24d589 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -1,8 +1,8 @@ /* types.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_TYPES_H #define CTAO_CRYPT_TYPES_H @@ -33,7 +34,6 @@ #define CYASSL_MAX_16BIT WOLFSSL_MAX_16BIT #define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ #define cyassl_word wolfssl_word -#define CYASSL_MAX_ERROR_SZ WOLFSSL_MAX_ERROR_SZ #endif /* CTAO_CRYPT_TYPES_H */ diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index 6bb4953a3..4c9b2612d 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -1,8 +1,8 @@ /* visibility.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Visibility control macros */ #ifndef CTAO_CRYPT_VISIBILITY_H diff --git a/cyassl/ctaocrypt/wc_port.h b/cyassl/ctaocrypt/wc_port.h index f35a451ca..332c02cfa 100644 --- a/cyassl/ctaocrypt/wc_port.h +++ b/cyassl/ctaocrypt/wc_port.h @@ -1,8 +1,8 @@ /* port.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CTAO_CRYPT_PORT_H #define CTAO_CRYPT_PORT_H diff --git a/cyassl/error-ssl.h b/cyassl/error-ssl.h index 8eab84354..006bb774b 100644 --- a/cyassl/error-ssl.h +++ b/cyassl/error-ssl.h @@ -1,8 +1,8 @@ /* error-ssl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/internal.h b/cyassl/internal.h index c0ba722e8..a2c665482 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1,8 +1,8 @@ /* internal.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h index 1ad9efe04..3741caa43 100644 --- a/cyassl/ocsp.h +++ b/cyassl/ocsp.h @@ -1,8 +1,8 @@ /* ocsp.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/openssl/des.h b/cyassl/openssl/des.h index 0c8d55c11..2416cea27 100644 --- a/cyassl/openssl/des.h +++ b/cyassl/openssl/des.h @@ -1,8 +1,8 @@ /* des.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* des.h defines mini des openssl compatibility layer * */ diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index a0715587c..54335170e 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -1,8 +1,8 @@ /* evp.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* evp.h defines mini evp openssl compatibility layer * */ diff --git a/cyassl/openssl/hmac.h b/cyassl/openssl/hmac.h index f35fd7542..9de057682 100644 --- a/cyassl/openssl/hmac.h +++ b/cyassl/openssl/hmac.h @@ -1,8 +1,8 @@ /* hmac.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* hmac.h defines mini hamc openssl compatibility layer * */ diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index ebf8dfa3b..bbaacd7f2 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -1,8 +1,8 @@ /* ssl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -15,11 +15,12 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * a with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* ssl.h defines openssl compatibility layer * */ diff --git a/cyassl/options.h.in b/cyassl/options.h.in index 523be8c57..c3f8012ac 100644 --- a/cyassl/options.h.in +++ b/cyassl/options.h.in @@ -1,8 +1,8 @@ /* options.h.in * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* default blank options for autoconf */ #ifndef CYASSL_OPTIONS_H diff --git a/cyassl/sniffer.h b/cyassl/sniffer.h index 2ae674409..6de2d64c4 100644 --- a/cyassl/sniffer.h +++ b/cyassl/sniffer.h @@ -1,8 +1,8 @@ /* sniffer.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 8b3e00346..ae5f6f075 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -1,8 +1,8 @@ /* sniffer_error.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/cyassl/ssl.h b/cyassl/ssl.h index eadf29681..de7c1990a 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,8 +1,8 @@ /* ssl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -15,10 +15,11 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * a with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * ssl.h makes wolfssl backwards compatibile with cyassl */ diff --git a/cyassl/version.h b/cyassl/version.h index 79bcc1793..f0d119781 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -1,8 +1,8 @@ /* cyassl/version.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include #define LIBCYASSL_VERSION_STRING LIBWOLFSSL_VERSION_STRING diff --git a/cyassl/version.h.in b/cyassl/version.h.in index a999a9238..f94e815e5 100644 --- a/cyassl/version.h.in +++ b/cyassl/version.h.in @@ -1,8 +1,8 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,8 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include diff --git a/examples/client/client.c b/examples/client/client.c index 021e97958..70167fb86 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,8 +1,8 @@ /* client.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -80,13 +81,20 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl) int select_ret; while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || - error == SSL_ERROR_WANT_WRITE)) { + error == SSL_ERROR_WANT_WRITE || + error == WC_PENDING_E)) { int currTimeout = 1; if (error == SSL_ERROR_WANT_READ) printf("... client would read block\n"); - else + else if (error == SSL_ERROR_WANT_WRITE) printf("... client would write block\n"); +#ifdef WOLFSSL_ASYNC_CRYPT + else if (error == WC_PENDING_E) { + ret = AsyncCryptPoll(ssl); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } +#endif #ifdef WOLFSSL_DTLS currTimeout = wolfSSL_dtls_get_current_timeout(ssl); @@ -95,11 +103,11 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl) if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)) { - #ifndef WOLFSSL_CALLBACKS - ret = wolfSSL_connect(ssl); - #else - ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout); - #endif + #ifndef WOLFSSL_CALLBACKS + ret = wolfSSL_connect(ssl); + #else + ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout); + #endif error = wolfSSL_get_error(ssl, 0); } else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) { @@ -107,7 +115,7 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl) } #ifdef WOLFSSL_DTLS else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) && - wolfSSL_dtls_got_timeout(ssl) >= 0) { + wolfSSL_dtls_got_timeout(ssl) >= 0) { error = SSL_ERROR_WANT_READ; } #endif @@ -149,11 +157,16 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, int times = benchmark; int loops = resumeSession ? 2 : 1; int i = 0; +#ifndef NO_SESSION_CACHE WOLFSSL_SESSION* benchSession = NULL; +#endif + (void)resumeSession; while (loops--) { + #ifndef NO_SESSION_CACHE int benchResume = resumeSession && loops == 0; - double start = current_time(), avg; + #endif + double start = current_time(1), avg; for (i = 0; i < times; i++) { SOCKET_T sockfd; @@ -163,25 +176,33 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, tcp_connect(&sockfd, host, port, doDTLS, ssl); + #ifndef NO_SESSION_CACHE if (benchResume) wolfSSL_set_session(ssl, benchSession); - wolfSSL_set_fd(ssl, sockfd); + #endif + if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) { + err_sys("error in setting fd"); + } if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); wolfSSL_shutdown(ssl); + #ifndef NO_SESSION_CACHE if (i == (times-1) && resumeSession) { benchSession = wolfSSL_get_session(ssl); } + #endif wolfSSL_free(ssl); CloseSocket(sockfd); } - avg = current_time() - start; + avg = current_time(0) - start; avg /= times; avg *= 1000; /* milliseconds */ + #ifndef NO_SESSION_CACHE if (benchResume) printf("wolfSSL_resume avg took: %8.3f milliseconds\n", avg); else + #endif printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg); } @@ -196,18 +217,20 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, WOLFSSL* ssl; int ret; - start = current_time(); + start = current_time(1); ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); tcp_connect(&sockfd, host, port, doDTLS, ssl); - wolfSSL_set_fd(ssl, sockfd); + if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) { + err_sys("error in setting fd"); + } if (wolfSSL_connect(ssl) == SSL_SUCCESS) { /* Perform throughput test */ char *tx_buffer, *rx_buffer; /* Record connection time */ - conn_time = current_time() - start; + conn_time = current_time(0) - start; /* Allocate TX/RX buffers */ tx_buffer = (char*)malloc(TEST_BUFFER_SIZE); @@ -236,18 +259,18 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes); /* Perform TX */ - start = current_time(); + start = current_time(1); if (wolfSSL_write(ssl, tx_buffer, len) != len) { int writeErr = wolfSSL_get_error(ssl, 0); printf("wolfSSL_write error %d!\n", writeErr); err_sys("wolfSSL_write failed"); } - tx_time += current_time() - start; + tx_time += current_time(0) - start; /* Perform RX */ select_ret = tcp_select(sockfd, 1); /* Timeout=1 second */ if (select_ret == TEST_RECV_READY) { - start = current_time(); + start = current_time(1); rx_pos = 0; while(rx_pos < len) { ret = wolfSSL_read(ssl, &rx_buffer[rx_pos], len - rx_pos); @@ -262,7 +285,7 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, rx_pos += ret; } } - rx_time += current_time() - start; + rx_time += current_time(0) - start; } /* Compare TX and RX buffers */ @@ -305,6 +328,101 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, return EXIT_SUCCESS; } +const char* starttlsCmd[6] = { + "220", + "EHLO mail.example.com\r\n", + "250", + "STARTTLS\r\n", + "220", + "QUIT\r\n", +}; + +int StartTLS_Init(SOCKET_T* sockfd) +{ + char tmpBuf[256]; + + if (sockfd == NULL) + return BAD_FUNC_ARG; + + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + + /* S: 220 SMTP service ready */ + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0) + err_sys("failed to read STARTTLS command\n"); + + if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) { + printf("%s\n", tmpBuf); + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + } else { + err_sys("incorrect STARTTLS command received"); + } + + /* C: EHLO mail.example.com */ + if (send(*sockfd, starttlsCmd[1], (int)XSTRLEN(starttlsCmd[1]), 0) != + (int)XSTRLEN(starttlsCmd[1])) + err_sys("failed to send STARTTLS EHLO command\n"); + + /* S: 250 offers a warm hug of welcome */ + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0) + err_sys("failed to read STARTTLS command\n"); + + if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) { + printf("%s\n", tmpBuf); + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + } else { + err_sys("incorrect STARTTLS command received"); + } + + /* C: STARTTLS */ + if (send(*sockfd, starttlsCmd[3], (int)XSTRLEN(starttlsCmd[3]), 0) != + (int)XSTRLEN(starttlsCmd[3])) { + err_sys("failed to send STARTTLS command\n"); + } + + /* S: 220 Go ahead */ + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0) + err_sys("failed to read STARTTLS command\n"); + + if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) { + printf("%s\n", tmpBuf); + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + } else { + err_sys("incorrect STARTTLS command received, expected 220"); + } + + return SSL_SUCCESS; +} + +int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) +{ + int ret; + char tmpBuf[256]; + + if (ssl == NULL) + return BAD_FUNC_ARG; + + printf("\nwolfSSL client shutting down SMTP connection\n"); + + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + + /* C: QUIT */ + if (wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5])) != + (int)XSTRLEN(starttlsCmd[5])) + err_sys("failed to send SMTP QUIT command\n"); + + /* S: 221 2.0.0 Service closing transmission channel */ + if (wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)) < 0) + err_sys("failed to read SMTP closing down response\n"); + + printf("%s\n", tmpBuf); + + ret = wolfSSL_shutdown(ssl); + if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) + wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + + return SSL_SUCCESS; +} + static void Usage(void) { @@ -341,6 +459,7 @@ static void Usage(void) printf("-N Use Non-blocking sockets\n"); printf("-r Resume session\n"); printf("-w Wait for bidirectional shutdown\n"); + printf("-M Use STARTTLS, using protocol (smtp)\n"); #ifdef HAVE_SECURE_RENEGOTIATION printf("-R Allow Secure Renegotiation\n"); printf("-i Force client Initiated Secure Renegotiation\n"); @@ -380,6 +499,12 @@ static void Usage(void) #ifdef HAVE_CRL printf("-C Disable CRL\n"); #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + printf("-E Path to load trusted peer cert\n"); +#endif +#ifdef HAVE_WNR + printf("-q Whitewood config file, default %s\n", wnrConfig); +#endif } THREAD_RETURN WOLFSSL_THREAD client_test(void* args) @@ -422,6 +547,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int disableCRL = 0; int externalTest = 0; int ret; + int err = 0; int scr = 0; /* allow secure renegotiation */ int forceScr = 0; /* force client initiaed scr */ int trackMemory = 0; @@ -438,6 +564,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) const char* ourCert = cliCert; const char* ourKey = cliKey; + int doSTARTTLS = 0; + char* starttlsProt = NULL; + +#ifdef WOLFSSL_TRUST_PEER_CERT + const char* trustCert = NULL; +#endif + #ifdef HAVE_SNI char* sniHostName = NULL; #endif @@ -458,6 +591,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) char* ocspUrl = NULL; #endif +#ifdef HAVE_WNR + const char* wnrConfigFile = wnrConfig; +#endif + int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; @@ -490,7 +627,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS while ((ch = mygetopt(argc, argv, - "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:")) != -1) { + "?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:E:M:q:")) + != -1) { switch (ch) { case '?' : Usage(); @@ -532,6 +670,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif break; + #ifdef WOLFSSL_TRUST_PEER_CERT + case 'E' : + trustCert = myoptarg; + break; + #endif + case 'm' : matchName = 1; break; @@ -725,6 +869,23 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif break; + case 'M' : + doSTARTTLS = 1; + starttlsProt = myoptarg; + + if (XSTRNCMP(starttlsProt, "smtp", 4) != 0) { + Usage(); + exit(MY_EX_USAGE); + } + + break; + + case 'q' : + #ifdef HAVE_WNR + wnrConfigFile = myoptarg; + #endif + break; + default: Usage(); exit(MY_EX_USAGE); @@ -824,6 +985,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) InitMemoryTracker(); #endif +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) + err_sys("can't load whitewood net random config file"); +#endif + switch (version) { #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 @@ -880,11 +1046,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #ifdef WOLFSSL_LEANPSK - usePsk = 1; + if (!usePsk) { + usePsk = 1; + } #endif #if defined(NO_RSA) && !defined(HAVE_ECC) - usePsk = 1; + if (!usePsk) { + usePsk = 1; + } #endif if (fewerPackets) @@ -911,7 +1081,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("client can't set cipher list 2"); } #endif - useClientCert = 0; + if (useClientCert) { + useClientCert = 0; + } } if (useAnon) { @@ -922,7 +1094,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("client can't set cipher list 4"); } #endif - useClientCert = 0; + if (useClientCert) { + useClientCert = 0; + } } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) @@ -977,6 +1151,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) err_sys("can't load ecc ca file, Please run from wolfSSL home dir"); #endif /* HAVE_ECC */ +#ifdef WOLFSSL_TRUST_PEER_CERT + if (trustCert) { + if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + SSL_FILETYPE_PEM)) != SSL_SUCCESS) { + err_sys("can't load trusted peer cert file"); + } + } +#endif /* WOLFSSL_TRUST_PEER_CERT */ } #endif /* !NO_FILESYSTEM && !NO_CERTS */ #if !defined(NO_CERTS) @@ -1107,7 +1289,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif tcp_connect(&sockfd, host, port, doDTLS, ssl); - wolfSSL_set_fd(ssl, sockfd); + if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) { + err_sys("error in setting fd"); + } + + /* STARTTLS */ + if (doSTARTTLS) { + if (StartTLS_Init(&sockfd) != SSL_SUCCESS) { + err_sys("error during STARTTLS protocol"); + } + } + #ifdef HAVE_CRL if (disableCRL == 0) { if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) @@ -1140,25 +1332,54 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } - else if (wolfSSL_connect(ssl) != SSL_SUCCESS) { - /* see note at top of README */ - int err = wolfSSL_get_error(ssl, 0); - char buffer[WOLFSSL_MAX_ERROR_SZ]; - printf("err = %d, %s\n", err, - wolfSSL_ERR_error_string(err, buffer)); - err_sys("SSL_connect failed"); - /* if you're getting an error here */ + else { + do { +#ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = AsyncCryptPoll(ssl); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } +#endif + err = 0; /* Reset error */ + ret = wolfSSL_connect(ssl); + if (ret != SSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + } + } while (ret != SSL_SUCCESS && err == WC_PENDING_E); + + if (ret != SSL_SUCCESS) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + err_sys("wolfSSL_connect failed"); + /* see note at top of README */ + /* if you're getting an error here */ + } } #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); + if (doSTARTTLS) { + if (XSTRNCMP(starttlsProt, "smtp", 4) == 0) { + if (SMTP_Shutdown(ssl, wc_shutdown) != SSL_SUCCESS) { + err_sys("error closing STARTTLS connection"); + } + } + + wolfSSL_free(ssl); + CloseSocket(sockfd); + + wolfSSL_CTX_free(ctx); + + ((func_args*)args)->return_code = 0; + return 0; + } + #ifdef HAVE_ALPN if (alpnList != NULL) { - int err; char *protocol_name = NULL; word16 protocol_nameSz = 0; @@ -1180,7 +1401,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) " nonblocking yet"); } else { if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) { - int err = wolfSSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, 0); char buffer[WOLFSSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); @@ -1200,6 +1421,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) strncpy(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz); resumeMsg[resumeSz] = '\0'; } + +/* allow some time for exporting the session */ +#ifdef WOLFSSL_SESSION_EXPORT_DEBUG + #ifdef USE_WINDOWS_API + Sleep(500); + #elif defined(WOLFSSL_TIRTOS) + Task_sleep(1); + #else + sleep(1); + #endif +#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); @@ -1259,7 +1491,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif } tcp_connect(&sockfd, host, port, doDTLS, sslResume); - wolfSSL_set_fd(sslResume, sockfd); + if (wolfSSL_set_fd(sslResume, sockfd) != SSL_SUCCESS) { + err_sys("error in setting fd"); + } #ifdef HAVE_ALPN if (alpnList != NULL) { printf("ALPN accepted protocols list : %s\n", alpnList); @@ -1290,7 +1524,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #else timeout.tv_sec = 2; timeout.tv_usec = 0; - NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ + NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */ #endif showPeer(sslResume); @@ -1301,7 +1535,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_ALPN if (alpnList != NULL) { - int err; char *protocol_name = NULL; word16 protocol_nameSz = 0; @@ -1317,6 +1550,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) printf("Getting ALPN protocol name failed\n"); } #endif + + /* allow some time for exporting the session */ + #ifdef WOLFSSL_SESSION_EXPORT_DEBUG + #ifdef USE_WINDOWS_API + Sleep(500); + #elif defined(WOLFSSL_TIRTOS) + Task_sleep(1); + #else + sleep(1); + #endif + #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ + if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); @@ -1375,6 +1620,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ShowMemoryTracker(); #endif /* USE_WOLFSSL_MEMORY */ + /* There are use cases when these assignments are not read. To avoid + * potential confusion those warnings have been handled here. + */ + (void) overrideDateErrors; + (void) useClientCert; + (void) verifyCert; + (void) ourCert; + (void) ourKey; + #if !defined(WOLFSSL_TIRTOS) return 0; #endif @@ -1415,6 +1669,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + return args.return_code; } diff --git a/examples/client/client.h b/examples/client/client.h index 5efefe993..913339ac0 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,8 +1,8 @@ /* client.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_CLIENT_H #define WOLFSSL_CLIENT_H @@ -34,6 +35,12 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, int doDTLS, int throughput); +/* Initiates the STARTTLS command sequence over TCP */ +int StartTLS_Init(SOCKET_T* sockfd); + +/* Closes down the SMTP connection */ +int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown); + #endif /* WOLFSSL_CLIENT_H */ diff --git a/examples/client/include.am b/examples/client/include.am index 862cdfa08..876f6a28e 100644 --- a/examples/client/include.am +++ b/examples/client/include.am @@ -1,7 +1,7 @@ # vim:ft=automake # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/client/client noinst_HEADERS += examples/client/client.h examples_client_client_SOURCES = examples/client/client.c diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 37670f20e..132b0260c 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,8 +1,8 @@ /* echoclient.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -68,6 +69,7 @@ void echoclient_test(void* args) SSL_CTX* ctx = 0; SSL* ssl = 0; + int ret = 0, err = 0; int doDTLS = 0; int doPSK = 0; int sendSz; @@ -132,7 +134,7 @@ void echoclient_test(void* args) #endif #elif !defined(NO_CERTS) if (!doPSK) - load_buffer(ctx, caCert, CYASSL_CA); + load_buffer(ctx, caCert, WOLFSSL_CA); #endif #if defined(CYASSL_SNIFFER) @@ -173,7 +175,25 @@ void echoclient_test(void* args) Sleep(100); #endif - if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); + do { +#ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = AsyncCryptPoll(ssl); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } +#endif + err = 0; /* Reset error */ + ret = SSL_connect(ssl); + if (ret != SSL_SUCCESS) { + err = SSL_get_error(ssl, 0); + } + } while (ret != SSL_SUCCESS && err == WC_PENDING_E); + + if (ret != SSL_SUCCESS) { + char buffer[CYASSL_MAX_ERROR_SZ]; + printf("err = %d, %s\n", err, ERR_error_string(err, buffer)); + err_sys("SSL_connect failed"); + } while (fgets(msg, sizeof(msg), fin) != 0) { @@ -252,6 +272,11 @@ void echoclient_test(void* args) err_sys("Cavium OpenNitroxDevice failed"); #endif /* HAVE_CAVIUM */ +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) + err_sys("Whitewood netRandom global config failed"); +#endif + StartTCP(); args.argc = argc; @@ -271,6 +296,12 @@ void echoclient_test(void* args) #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + return args.return_code; } diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 0498c69ed..113b80021 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,8 +1,8 @@ /* echoclient.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_ECHOCLIENT_H #define WOLFSSL_ECHOCLIENT_H diff --git a/examples/echoclient/include.am b/examples/echoclient/include.am index f0d5868c2..7f0bc47d1 100644 --- a/examples/echoclient/include.am +++ b/examples/echoclient/include.am @@ -3,7 +3,7 @@ # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/echoclient/echoclient noinst_HEADERS += examples/echoclient/echoclient.h examples_echoclient_echoclient_SOURCES = examples/echoclient/echoclient.c diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 25e6cd5c0..e3937615d 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,8 +1,8 @@ /* echoserver.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -77,12 +78,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; + int ret = 0; int doDTLS = 0; int doPSK = 0; int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; - word16 port = wolfSSLPort; + word16 port; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; @@ -112,14 +114,21 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) doPSK = 1; #endif - #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ - !defined(CYASSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ - !defined(CYASSL_TIRTOS) - port = 0; - #endif - #if defined(USE_ANY_ADDR) - useAnyAddr = 1; - #endif +#if defined(USE_WINDOWS_API) + /* Generate random port for testing */ + port = GetRandomPort(); +#elif defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(CYASSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + +#if defined(USE_ANY_ADDR) + useAnyAddr = 1; +#endif #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); @@ -191,8 +200,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) } /* doPSK */ #elif !defined(NO_CERTS) if (!doPSK) { - load_buffer(ctx, svrCert, CYASSL_CERT); - load_buffer(ctx, svrKey, CYASSL_KEY); + load_buffer(ctx, svrCert, WOLFSSL_CERT); + load_buffer(ctx, svrKey, WOLFSSL_KEY); } #endif @@ -228,6 +237,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) int clientfd; int firstRead = 1; int gotFirstG = 0; + int err = 0; SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); #ifndef CYASSL_DTLS @@ -260,7 +270,25 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif - if (CyaSSL_accept(ssl) != SSL_SUCCESS) { + + do { +#ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = AsyncCryptPoll(ssl); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } +#endif + err = 0; /* Reset error */ + ret = CyaSSL_accept(ssl); + if (ret != SSL_SUCCESS) { + err = CyaSSL_get_error(ssl, 0); + } + } while (ret != SSL_SUCCESS && err == WC_PENDING_E); + + if (ret != SSL_SUCCESS) { + char buffer[CYASSL_MAX_ERROR_SZ]; + err = CyaSSL_get_error(ssl, 0); + printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); printf("SSL_accept failed\n"); CyaSSL_free(ssl); CloseSocket(clientfd); @@ -383,6 +411,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) err_sys("Cavium OpenNitroxDevice failed"); #endif /* HAVE_CAVIUM */ +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) + err_sys("Whitewood netRandom global config failed"); +#endif + StartTCP(); args.argc = argc; @@ -399,6 +432,12 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + return args.return_code; } diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index 6fc153564..f245eb09b 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,8 +1,8 @@ /* echoserver.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_ECHOSERVER_H #define WOLFSSL_ECHOSERVER_H diff --git a/examples/echoserver/include.am b/examples/echoserver/include.am index 767da6c46..516c40441 100644 --- a/examples/echoserver/include.am +++ b/examples/echoserver/include.am @@ -3,7 +3,7 @@ # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/echoserver/echoserver noinst_HEADERS += examples/echoserver/echoserver.h examples_echoserver_echoserver_SOURCES = examples/echoserver/echoserver.c diff --git a/examples/server/include.am b/examples/server/include.am index f42490591..8a3d75119 100644 --- a/examples/server/include.am +++ b/examples/server/include.am @@ -3,7 +3,7 @@ # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/server/server noinst_HEADERS += examples/server/server.h examples_server_server_SOURCES = examples/server/server.c diff --git a/examples/server/server.c b/examples/server/server.c index 0bea91863..f6e1006c7 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,8 +1,8 @@ /* server.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -71,7 +72,7 @@ -static void NonBlockingSSL_Accept(SSL* ssl) +static int NonBlockingSSL_Accept(SSL* ssl) { #ifndef CYASSL_CALLBACKS int ret = SSL_accept(ssl); @@ -120,8 +121,8 @@ static void NonBlockingSSL_Accept(SSL* ssl) error = SSL_FATAL_ERROR; } } - if (ret != SSL_SUCCESS) - err_sys("SSL_accept failed"); + + return ret; } /* Echo number of bytes specified by -e arg */ @@ -138,7 +139,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput) int len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes); int rx_pos = 0; if(throughput) { - start = current_time(); + start = current_time(1); } while(rx_pos < len) { ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos); @@ -154,14 +155,14 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput) } } if(throughput) { - rx_time += current_time() - start; - start = current_time(); + rx_time += current_time(0) - start; + start = current_time(1); } if (SSL_write(ssl, buffer, len) != len) { err_sys("SSL_write failed"); } if(throughput) { - tx_time += current_time() - start; + tx_time += current_time(0) - start; } xfer_bytes += len; @@ -238,6 +239,12 @@ static void Usage(void) printf("-n Use NTRU key (needed for NTRU suites)\n"); #endif printf("-B Benchmark throughput using bytes and print stats\n"); +#ifdef WOLFSSL_TRUST_PEER_CERT + printf("-E Path to load trusted peer cert\n"); +#endif +#ifdef HAVE_WNR + printf("-q Whitewood config file, default %s\n", wnrConfig); +#endif } THREAD_RETURN CYASSL_THREAD server_test(void* args) @@ -272,10 +279,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int loopIndefinitely = 0; int echoData = 0; int throughput = 0; - int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; + int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; + short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS; + short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS; int doListen = 1; int crlFlags = 0; int ret; + int err = 0; char* serverReadyFile = NULL; char* alpnList = NULL; unsigned char alpn_opt = 0; @@ -288,6 +298,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; +#ifdef WOLFSSL_TRUST_PEER_CERT + const char* trustCert = NULL; +#endif + #ifndef NO_PSK int sendPskIdentityHint = 1; #endif @@ -301,6 +315,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) char* ocspUrl = NULL; #endif +#ifdef HAVE_WNR + const char* wnrConfigFile = wnrConfig; +#endif + ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA @@ -318,6 +336,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) (void)useNtruKey; (void)doCliCertCheck; (void)minDhKeyBits; + (void)minRsaKeyBits; + (void)minEccKeyBits; (void)alpnList; (void)alpn_opt; (void)crlFlags; @@ -330,8 +350,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef WOLFSSL_VXWORKS useAnyAddr = 1; #else - while ((ch = mygetopt(argc, argv, "?dbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:j")) - != -1) { + while ((ch = mygetopt(argc, argv, + "?jdbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) { switch (ch) { case '?' : Usage(); @@ -389,10 +409,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) case 'p' : port = (word16)atoi(myoptarg); - #if defined(USE_WINDOWS_API) - if (port == 0) - err_sys("port number cannot be 0"); - #endif break; case 'w' : @@ -507,6 +523,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } break; + #ifdef WOLFSSL_TRUST_PEER_CERT + case 'E' : + trustCert = myoptarg; + break; + #endif + + case 'q' : + #ifdef HAVE_WNR + wnrConfigFile = myoptarg; + #endif + break; + default: Usage(); exit(MY_EX_USAGE); @@ -537,6 +565,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) InitMemoryTracker(); #endif +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) + err_sys("can't load whitewood net random config file"); +#endif + switch (version) { #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 @@ -599,11 +632,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("server can't set cipher list 1"); #ifdef CYASSL_LEANPSK - usePsk = 1; + if (!usePsk) { + usePsk = 1; + } #endif #if defined(NO_RSA) && !defined(HAVE_ECC) - usePsk = 1; + if (!usePsk) { + usePsk = 1; + } #endif if (fewerPackets) @@ -623,7 +660,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif #ifndef NO_DH - wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); + if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != SSL_SUCCESS) { + err_sys("Error setting minimum DH key size"); + } +#endif +#ifndef NO_RSA + if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){ + err_sys("Error setting minimum RSA key size"); + } +#endif +#ifdef HAVE_ECC + if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != SSL_SUCCESS){ + err_sys("Error setting minimum ECC key size"); + } #endif #ifdef HAVE_NTRU @@ -685,6 +734,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); + #ifdef WOLFSSL_TRUST_PEER_CERT + if (trustCert) { + if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + SSL_FILETYPE_PEM)) != SSL_SUCCESS) { + err_sys("can't load trusted peer cert file"); + } + } + #endif /* WOLFSSL_TRUST_PEER_CERT */ } #endif @@ -703,6 +760,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("UseSNI failed"); #endif +#ifdef USE_WINDOWS_API + if (port == 0) { + /* Generate random port for testing */ + port = GetRandomPort(); + } +#endif /* USE_WINDOWS_API */ + while (1) { /* allow resume option */ if(resumeCount > 1) { @@ -775,7 +839,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) doDTLS, serverReadyFile ? 1 : 0, doListen); doListen = 0; /* Don't listen next time */ - SSL_set_fd(ssl, clientfd); + if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) { + err_sys("error in setting fd"); + } #ifdef HAVE_ALPN if (alpnList != NULL) { @@ -815,21 +881,44 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&clientfd); - NonBlockingSSL_Accept(ssl); - } else if (SSL_accept(ssl) != SSL_SUCCESS) { - int err = SSL_get_error(ssl, 0); + } +#endif + + do { +#ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = AsyncCryptPoll(ssl); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } +#endif + + err = 0; /* Reset error */ +#ifndef CYASSL_CALLBACKS + if (nonBlocking) { + ret = NonBlockingSSL_Accept(ssl); + } + else { + ret = SSL_accept(ssl); + } +#else + ret = NonBlockingSSL_Accept(ssl); +#endif + if (ret != SSL_SUCCESS) { + err = SSL_get_error(ssl, 0); + } + } while (ret != SSL_SUCCESS && err == WC_PENDING_E); + + if (ret != SSL_SUCCESS) { char buffer[CYASSL_MAX_ERROR_SZ]; + err = SSL_get_error(ssl, 0); printf("error = %d, %s\n", err, ERR_error_string(err, buffer)); err_sys("SSL_accept failed"); } -#else - NonBlockingSSL_Accept(ssl); -#endif + showPeer(ssl); #ifdef HAVE_ALPN if (alpnList != NULL) { - int err; char *protocol_name = NULL, *list = NULL; word16 protocol_nameSz = 0, listSz = 0; @@ -923,6 +1012,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) TicketCleanup(); #endif + /* There are use cases when these assignments are not read. To avoid + * potential confusion those warnings have been handled here. + */ + (void) ourKey; + (void) verifyCert; + (void) doCliCertCheck; + (void) useNtruKey; + (void) ourDhParam; + (void) ourCert; #ifndef CYASSL_TIRTOS return 0; #endif @@ -967,6 +1065,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + return args.return_code; } diff --git a/examples/server/server.h b/examples/server/server.h index bfd6a14f1..fe37c36c5 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,8 +1,8 @@ /* server.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_SERVER_H #define WOLFSSL_SERVER_H diff --git a/input b/input index 06dbbf076..a8cdf06c1 100644 --- a/input +++ b/input @@ -48,7 +48,9 @@ int main(int argc, char** argv) ssl = SSL_new(ctx); - SSL_set_fd(ssl, sockfd); + if (SSL_set_fd(ssl, sockfd) != SSL_SUCCESS) + err_sys("can't set ssl fd"); + if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); while (fgets(send, sizeof(send), fin)) { diff --git a/m4/visibility.m4 b/m4/visibility.m4 index 75c34b6e1..757154f33 100644 --- a/m4/visibility.m4 +++ b/m4/visibility.m4 @@ -1,5 +1,5 @@ -# visibility.m4 serial 4 (gettext-0.18.2) -dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc. +# visibility.m4 serial 5 (gettext-0.18.2) +dnl Copyright (C) 2005, 2008, 2010-2014 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -12,7 +12,7 @@ dnl __attribute__((__visibility__("hidden"))) and dnl __attribute__((__visibility__("default"))). dnl Does *not* test for __visibility__("protected") - which has tricky dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on -dnl MacOS X. +dnl Mac OS X. dnl Does *not* test for __visibility__("internal") - which has processor dnl dependent semantics. dnl Does *not* test for #pragma GCC visibility push(hidden) - which is @@ -58,7 +58,7 @@ AC_DEFUN([gl_VISIBILITY], extern __attribute__((__visibility__("default"))) int exportedvar; extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void); extern __attribute__((__visibility__("default"))) int exportedfunc (void); - void dummyfunc (void) {} + int hiddenfunc (void) { return 0; } ]], [[]])], [gl_cv_cc_visibility=yes], diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 4cb890c48..b73ff2772 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -1,8 +1,8 @@ /* crypto.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Implements Microchip CRYPTO API layer */ diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 82b4d0249..5db03299d 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -1,8 +1,8 @@ /* crypto.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Defines Microchip CRYPTO API layer */ diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index b7bf06292..a34834d17 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1,8 +1,8 @@ /* test.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Tests Microchip CRYPTO API layer */ diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c index d25c8bf40..5c4c8651e 100644 --- a/mplabx/benchmark_main.c +++ b/mplabx/benchmark_main.c @@ -1,8 +1,8 @@ /* benchmark_main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/mplabx/test_main.c b/mplabx/test_main.c index 1ed008a3d..258200697 100644 --- a/mplabx/test_main.c +++ b/mplabx/test_main.c @@ -1,8 +1,8 @@ /* main.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/mqx/wolfssl_client/Sources/main.c b/mqx/wolfssl_client/Sources/main.c index f641f13d2..51f5538e2 100644 --- a/mqx/wolfssl_client/Sources/main.c +++ b/mqx/wolfssl_client/Sources/main.c @@ -254,7 +254,9 @@ void client_test(void) if ( (ssl = wolfSSL_new(ctx)) == NULL) err_sys("wolfSSL_new failed"); - wolfSSL_set_fd(ssl, sockfd); + ret = wolfSSL_set_fd(ssl, sockfd); + if (ret != SSL_SUCCESS) + err_sys("wolfSSL_set_fd failed"); ret = wolfSSL_connect(ssl); if (ret != SSL_SUCCESS) diff --git a/rpm/spec.in b/rpm/spec.in index 8fde26c02..c86ea6bf0 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.3 -%{_libdir}/libwolfssl.so.3.1.0 +%{_libdir}/libwolfssl.so.3.2.0 %files devel %defattr(-,root,root,-) @@ -223,6 +223,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_includedir}/wolfssl/wolfcrypt/wc_encrypt.h %{_includedir}/wolfssl/error-ssl.h %{_includedir}/wolfssl/ocsp.h +%{_includedir}/wolfssl/mem_track.h %{_includedir}/wolfssl/openssl/asn1.h %{_includedir}/wolfssl/openssl/bio.h %{_includedir}/wolfssl/openssl/bn.h @@ -267,6 +268,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Thu Mar 17 2016 Jacob Barthelmeh +- Added header for mem_track.h * Wed Dec 30 2015 Jacob Barthelmeh - Added headers for curve25519 and ed25519 openssl compatibility - Added headers for Idea, srp, signature, and wc_encrypt diff --git a/scripts/external.test b/scripts/external.test index f2ba8d125..9681677d9 100755 --- a/scripts/external.test +++ b/scripts/external.test @@ -16,9 +16,9 @@ else fi # is our desired server there? -ping -c 2 $server +./scripts/ping.test $server 2 RESULT=$? -[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 +[ $RESULT -ne 0 ] && exit 0 # client test against the server ./examples/client/client -X -C -h $server -p 443 -g -A $ca diff --git a/scripts/google.test b/scripts/google.test index 8a3ca3750..ecc126836 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -7,9 +7,9 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 # is our desired server there? -ping -c 2 $server +./scripts/ping.test $server 2 RESULT=$? -[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 +[ $RESULT -ne 0 ] && exit 0 # client test against the server ./examples/client/client -X -C -h $server -p 443 -g -d diff --git a/scripts/include.am b/scripts/include.am index 5866a554e..0e1bffe52 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -8,7 +8,7 @@ if BUILD_SNIFFTEST dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test endif -if BUILD_EXAMPLES +if BUILD_EXAMPLE_SERVERS dist_noinst_SCRIPTS+= scripts/resume.test EXTRA_DIST+= scripts/benchmark.test @@ -19,12 +19,6 @@ dist_noinst_SCRIPTS+= scripts/crl-revoked.test scripts/crl-revoked.log: scripts/resume.log endif -if !BUILD_IPV6 -dist_noinst_SCRIPTS+= scripts/external.test -dist_noinst_SCRIPTS+= scripts/google.test -#dist_noinst_SCRIPTS+= scripts/openssl.test -endif - if BUILD_OCSP dist_noinst_SCRIPTS+= scripts/ocsp.test endif @@ -45,12 +39,26 @@ endif endif -endif - if BUILD_PSK dist_noinst_SCRIPTS+= scripts/psk.test endif -EXTRA_DIST += scripts/testsuite.pcap +if BUILD_TRUST_PEER_CERT +dist_noinst_SCRIPTS+= scripts/trusted_peer.test +endif + +endif # end of BUILD_EXAMPLE_SERVERS + +if BUILD_EXAMPLE_CLIENTS +if !BUILD_IPV6 +dist_noinst_SCRIPTS+= scripts/external.test +dist_noinst_SCRIPTS+= scripts/google.test +#dist_noinst_SCRIPTS+= scripts/openssl.test +endif +endif + +EXTRA_DIST += scripts/testsuite.pcap \ + scripts/ping.test + # leave openssl.test as extra until non bash works EXTRA_DIST += scripts/openssl.test diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 7d711d417..572310a01 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -10,9 +10,7 @@ ca=certs/external/ca-verisign-g5.pem [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 # is our desired server there? - login.live.com doesn't answers PING -# ping -c 2 $server -# RESULT=$? -# [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 +#./scripts/ping.test $server 2 # client test against the server ./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1 diff --git a/scripts/ocsp.test b/scripts/ocsp.test index 66d4488ad..97a8af1bc 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -8,9 +8,9 @@ ca=certs/external/ca-globalsign-root-r2.pem [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 # is our desired server there? -ping -c 2 $server +./scripts/ping.test $server 2 RESULT=$? -[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0 +[ $RESULT -ne 0 ] && exit 0 # client test against the server ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o diff --git a/scripts/ping.test b/scripts/ping.test new file mode 100755 index 000000000..f1049d48e --- /dev/null +++ b/scripts/ping.test @@ -0,0 +1,29 @@ +#!/bin/sh + +# ping.test + +# defaults +server=www.wolfssl.com +tries=2 + +# populate args +if [ "$#" -gt 1 ]; then + tries=$2 +fi +if [ "$#" -gt 0 ]; then + server=$1 +fi + +# determine os +OS="`uname`" +case $OS in + MINGW* | MSYS*) PINGSW=-n ;; + *) PINGSW=-c ;; +esac + +# is our desired server there? +ping $PINGSW $tries $server +RESULT=$? +[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 1 + +exit 0 diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test new file mode 100755 index 000000000..a4faf1c18 --- /dev/null +++ b/scripts/trusted_peer.test @@ -0,0 +1,286 @@ +#!/bin/sh + +# trusted_peer.test +# copyright wolfSSL 2016 + +# getting unique port is modeled after resume.test script +# need a unique port since may run the same time as testsuite +# use server port zero hack to get one +port=0 +no_pid=-1 +server_pid=$no_pid +counter=0 +# let's use absolute path to a local dir (make distcheck may be in sub dir) +# also let's add some randomness by adding pid in case multiple 'make check's +# per source tree +ready_file=`pwd`/wolfssl_tp_ready$$ + +# variables for certs so can use RSA or ECC +client_cert=`pwd`/certs/client-cert.pem +client_ca=`pwd`/certs/ca-cert.pem +client_key=`pwd`/certs/client-key.pem +ca_key=`pwd`/certs/ca-key.pem +server_cert=`pwd`/certs/server-cert.pem +server_key=`pwd`/certs/server-key.pem +combined_cert=`pwd`/certs/client_combined.pem +wrong_ca=`pwd`/certs/wolfssl-website-ca.pem +wrong_cert=`pwd`/certs/server-revoked-cert.pem + +echo "ready file $ready_file" + +create_port() { + while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $ready_file; then + echo -e "found ready file, starting client..." + + # get created port 0 ephemeral port + port=`cat $ready_file` + else + echo -e "NO ready file ending test..." + do_cleanup + fi +} + +remove_ready_file() { + if test -e $ready_file; then + echo -e "removing existing ready file" + rm $ready_file + fi +} + +do_cleanup() { + echo "in cleanup" + + if [ $server_pid != $no_pid ] + then + echo "killing server" + kill -9 $server_pid + fi + remove_ready_file +} + +do_trap() { + echo "got trap" + do_cleanup + exit -1 +} + +trap do_trap INT TERM + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# Look for if RSA and/or ECC is enabled and adjust certs/keys +ciphers=`./examples/client/client -e` +if [[ $ciphers != *"RSA"* ]]; then + if [[ $ciphers == *"ECDSA"* ]]; then + client_cert=`pwd`/certs/client-ecc-cert.pem + client_ca=`pwd`/certs/server-ecc.pem + client_key=`pwd`/certs/ecc-client-key.pem + ca_key=`pwd`/certs/ecc-key.pem + server_cert=`pwd`/certs/server-ecc.pem + server_key=`pwd`/certs/ecc-key.pem + wrong_ca=`pwd`/certs/server-ecc-comp.pem + wrong_cert=`pwd`/certs/server-ecc-comp.pem + else + echo "configure options not set up for test. No RSA or ECC" + exit 0 + fi +fi + +# CRL list not set up for tests +crl_test=`./examples/client/client -h` +if [[ $crl_test == *"-C "* ]]; then + echo "test not set up to run with CRL" + exit 0 +fi + +# Test for trusted peer certs build +echo "" +echo "Checking built with trusted peer certs " +echo "-----------------------------------------------------" +port=0 +remove_ready_file +./examples/server/server -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -p $port +RESULT=$? +remove_ready_file +# if fail here then is a settings issue so return 0 +if [ $RESULT -ne 0 ]; then + echo -e "\n\nTrusted peer certs not enabled \"WOLFSSL_TRUST_PEER_CERT\"" + do_cleanup + exit 0 +fi +echo "" + +# Test that using no CA's and only trusted peer certs works +echo "Server and Client relying on trusted peer cert loaded" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $wrong_ca -E $server_cert -c $client_cert -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\nServer and Client trusted peer cert failed!" + do_cleanup + exit 1 +fi +echo "" + +# Test that using server trusted peer certs works +echo "Server relying on trusted peer cert loaded" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -c $client_cert -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\nServer trusted peer cert test failed!" + do_cleanup + exit 1 +fi +echo "" + +# Test that using client trusted peer certs works +echo "Client relying on trusted peer cert loaded" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $wrong_ca -E $server_cert -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\nClient trusted peer cert test failed!" + do_cleanup + exit 1 +fi +echo "" + +# Test that client fall through to CA works +echo "Client fall through to loaded CAs" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -E $wrong_cert -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\nClient trusted peer cert fall through to CA test failed!" + do_cleanup + exit 1 +fi +echo "" + +# Test that client can fail +# check if using ECC client example is hard coded to load correct ECC ca so skip +if [[ $wrong_ca != *"ecc"* ]]; then +echo "Client wrong CA and wrong trusted peer cert loaded" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $wrong_ca -E $wrong_cert -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -eq 0 ]; then + echo -e "\nClient trusted peer cert test failed!" + do_cleanup + exit 1 +fi +echo "" +fi + +# Test that server can fail +echo "Server wrong CA and wrong trusted peer cert loaded" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -A $wrong_ca -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -eq 0 ]; then + echo -e "\nServer trusted peer cert test failed!" + do_cleanup + exit 1 +fi +echo "" + +# Test that server fall through to CA works +echo "Server fall through to loaded CAs" +echo "-----------------------------------------------------" +port=0 +./examples/server/server -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\nServer trusted peer cert fall through to CA test failed!" + do_cleanup + exit 1 +fi +echo "" + +# test loading multiple certs +echo "Server loading multiple trusted peer certs" +echo "Test two success cases and one fail case" +echo "-----------------------------------------------------" +port=0 +cat $client_cert $client_ca > $combined_cert +./examples/server/server -i -A $wrong_ca -E $combined_cert -c $server_cert -k $server_key -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -A $client_ca -c $client_cert -k $client_key -p $port +RESULT=$? +if [ $RESULT -ne 0 ]; then + echo -e "\nServer load multiple trusted peer certs failed!" + do_cleanup + exit 1 +fi +./examples/client/client -A $client_ca -c $client_ca -k $ca_key -p $port +RESULT=$? +if [ $RESULT -ne 0 ]; then + echo -e "\nServer load multiple trusted peer certs failed!" + do_cleanup + exit 1 +fi +./examples/client/client -A $client_ca -c $wrong_cert -k $client_key -p $port +RESULT=$? +if [ $RESULT -eq 0 ]; then + echo -e "\nServer load multiple trusted peer certs failed!" + do_cleanup + exit 1 +fi + +do_cleanup # kill PID of server running in infinit loop +rm $combined_cert +remove_ready_file +echo "" + +echo "-----------------------------------------------------" +echo "ALL TESTS PASSED" +echo "-----------------------------------------------------" + +exit 0 + + diff --git a/src/crl.c b/src/crl.c index 0143dd789..6653110dc 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,8 +1,8 @@ /* crl.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Name change compatibility layer no longer needs included here */ #ifdef HAVE_CONFIG_H @@ -96,7 +97,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl) /* Free all CRL Entry resources */ static void FreeCRL_Entry(CRL_Entry* crle) { - RevokedCert* tmp = crle->certs; + RevokedCert* tmp = crle->certs; WOLFSSL_ENTER("FreeCRL_Entry"); @@ -195,7 +196,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) ret = CRL_CERT_REVOKED; break; } - rc = rc->next; + rc = rc->next; } } @@ -221,7 +222,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) } - return ret; + return ret; } @@ -263,15 +264,13 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) { int ret = SSL_SUCCESS; const byte* myBuffer = buff; /* if DER ok, otherwise switch */ - buffer der; + DerBuffer* der = NULL; #ifdef WOLFSSL_SMALL_STACK DecodedCRL* dcrl; #else DecodedCRL dcrl[1]; #endif - der.buffer = NULL; - WOLFSSL_ENTER("BufferLoadCRL"); if (crl == NULL || buff == NULL || sz == 0) @@ -284,11 +283,12 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey); if (ret == 0) { - myBuffer = der.buffer; - sz = der.length; + myBuffer = der->buffer; + sz = der->length; } else { WOLFSSL_MSG("Pem to Der failed"); + FreeDer(&der); return -1; } } @@ -296,9 +296,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) #ifdef WOLFSSL_SMALL_STACK dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dcrl == NULL) { - if (der.buffer) - XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL); - + FreeDer(&der); return MEMORY_E; } #endif @@ -321,8 +319,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (der.buffer) - XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL); + FreeDer(&der); return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */ } @@ -360,16 +357,16 @@ static int SwapLists(WOLFSSL_CRL* crl) int ret; CRL_Entry* newList; #ifdef WOLFSSL_SMALL_STACK - WOLFSSL_CRL* tmp; + WOLFSSL_CRL* tmp; #else WOLFSSL_CRL tmp[1]; #endif - + #ifdef WOLFSSL_SMALL_STACK tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return MEMORY_E; -#endif +#endif if (InitCRL(tmp, crl->cm) < 0) { WOLFSSL_MSG("Init tmp CRL failed"); @@ -540,7 +537,7 @@ static void* DoMonitor(void* arg) for (;;) { struct kevent event; int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL); - + WOLFSSL_MSG("Got kevent"); if (numEvents == -1) { @@ -682,7 +679,7 @@ static void* DoMonitor(void* arg) FD_SET(crl->mfd, &readfds); result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL); - + WOLFSSL_MSG("Got notify event"); if (result < 0) { @@ -699,7 +696,7 @@ static void* DoMonitor(void* arg) if (length < 0) { WOLFSSL_MSG("notify read problem, continue"); continue; - } + } if (SwapLists(crl) < 0) { WOLFSSL_MSG("SwapLists problem, continue"); @@ -793,7 +790,7 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) #ifndef NO_FILESYSTEM -/* Load CRL path files of type, SSL_SUCCESS on ok */ +/* Load CRL path files of type, SSL_SUCCESS on ok */ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) { struct dirent* entry; @@ -836,14 +833,14 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) if (s.st_mode & S_IFREG) { if (type == SSL_FILETYPE_PEM) { - if (strstr(entry->d_name, ".pem") == NULL) { + if (XSTRSTR(entry->d_name, ".pem") == NULL) { WOLFSSL_MSG("not .pem file, skipping"); continue; } } else { - if (strstr(entry->d_name, ".der") == NULL && - strstr(entry->d_name, ".crl") == NULL) { + if (XSTRSTR(entry->d_name, ".der") == NULL && + XSTRSTR(entry->d_name, ".crl") == NULL) { WOLFSSL_MSG("not .der or .crl file, skipping"); continue; @@ -862,27 +859,36 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) #endif if (monitor & WOLFSSL_CRL_MONITOR) { + word32 pathLen; + char* pathBuf; + WOLFSSL_MSG("monitor path requested"); - if (type == SSL_FILETYPE_PEM) { - crl->monitors[0].path = strdup(path); - crl->monitors[0].type = SSL_FILETYPE_PEM; - if (crl->monitors[0].path == NULL) - ret = MEMORY_E; - } else { - crl->monitors[1].path = strdup(path); - crl->monitors[1].type = SSL_FILETYPE_ASN1; - if (crl->monitors[1].path == NULL) - ret = MEMORY_E; + pathLen = (word32)XSTRLEN(path); + pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR); + if (pathBuf) { + XSTRNCPY(pathBuf, path, pathLen); + pathBuf[pathLen] = '\0'; /* Null Terminate */ + + if (type == SSL_FILETYPE_PEM) { + crl->monitors[0].path = pathBuf; + crl->monitors[0].type = SSL_FILETYPE_PEM; + } else { + crl->monitors[1].path = pathBuf; + crl->monitors[1].type = SSL_FILETYPE_ASN1; + } + + if (monitor & WOLFSSL_CRL_START_MON) { + WOLFSSL_MSG("start monitoring requested"); + + ret = StartMonitorCRL(crl); + } + } + else { + ret = MEMORY_E; } - - if (monitor & WOLFSSL_CRL_START_MON) { - WOLFSSL_MSG("start monitoring requested"); - - ret = StartMonitorCRL(crl); - } } - + closedir(dir); return ret; diff --git a/src/include.am b/src/include.am index cdb6ff59b..8efd9c9c9 100644 --- a/src/include.am +++ b/src/include.am @@ -252,4 +252,8 @@ if BUILD_SNIFFER src_libwolfssl_la_SOURCES += src/sniffer.c endif +if BUILD_ASYNCCRYPT +src_libwolfssl_la_SOURCES += src/async.c +endif + endif # !BUILD_CRYPTONLY diff --git a/src/internal.c b/src/internal.c old mode 100644 new mode 100755 index cb8b39bd2..305abda6c --- a/src/internal.c +++ b/src/internal.c @@ -1,8 +1,8 @@ /* internal.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -37,6 +38,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -48,7 +50,8 @@ #include "libntruencrypt/ntru_crypto.h" #endif -#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) +#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || \ + defined(CHACHA_AEAD_TEST) || defined(WOLFSSL_SESSION_EXPORT_DEBUG) #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include @@ -71,6 +74,8 @@ #define FALSE 0 #endif +#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } + #ifdef _MSC_VER /* disable for while(0) cases at the .c level for now */ #pragma warning(disable:4127) @@ -146,9 +151,6 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); #endif -static void PickHashSigAlgo(WOLFSSL* ssl, - const byte* hashSigAlgo, word32 hashSigAlgoSz); - #ifdef HAVE_QSH int QSH_Init(WOLFSSL* ssl); #endif @@ -347,7 +349,7 @@ static INLINE void c16toa(word16 u16, byte* c) #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ - || defined(HAVE_AESGCM) + || defined(HAVE_AESGCM) || defined(WOLFSSL_SESSION_EXPORT) /* convert 32 bit integer to opaque */ static INLINE void c32toa(word32 u32, byte* c) { @@ -356,6 +358,21 @@ static INLINE void c32toa(word32 u32, byte* c) c[2] = (u32 >> 8) & 0xff; c[3] = u32 & 0xff; } + +#if defined(WOLFSSL_SESSION_EXPORT) +/* convert 64 bit integer to opaque */ +static INLINE void c64toa(word64 u64, byte* c) +{ + c[0] = (u64 >> 56) & 0xff; + c[1] = (u64 >> 48) & 0xff; + c[2] = (u64 >> 40) & 0xff; + c[3] = (u64 >> 32) & 0xff; + c[4] = (u64 >> 24) & 0xff; + c[5] = (u64 >> 16) & 0xff; + c[6] = (u64 >> 8) & 0xff; + c[7] = u64 & 0xff; +} +#endif /* WOLFSSL_SESSION_EXPORT */ #endif @@ -373,7 +390,8 @@ static INLINE void ato16(const byte* c, word16* u16) } -#if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET) +#if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET) || \ + defined(WOLFSSL_SESSION_EXPORT) /* convert opaque to 32 bit integer */ static INLINE void ato32(const byte* c, word32* u32) @@ -381,6 +399,21 @@ static INLINE void ato32(const byte* c, word32* u32) *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; } +#if defined(WOLFSSL_SESSION_EXPORT) +/* convert opaque to word64 type */ +static INLINE void ato64(const byte* c, word64* u64) +{ + /* when doing cast to allow for shift, mask the values */ + *u64 = (((word64)c[0] << 56) & 0xff00000000000000) | + (((word64)c[1] << 48) & 0x00ff000000000000) | + (((word64)c[2] << 40) & 0x0000ff0000000000) | + (((word64)c[3] << 32) & 0x000000ff00000000) | + (((word64)c[4] << 24) & 0x00000000ff000000) | + (((word64)c[5] << 16) & 0x0000000000ff0000) | + (((word64)c[6] << 8) & 0x000000000000ff00) | + ((word64)c[7] & 0x00000000000000ff); +} +#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_DTLS */ @@ -470,6 +503,781 @@ static INLINE void ato32(const byte* c, word32* u32) #endif /* HAVE_LIBZ */ +#ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS +/* serializes the cipher specs struct for exporting */ +static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + word32 idx = 0; + CipherSpecs* specs; + + WOLFSSL_ENTER("ExportCipherSpecState"); + + if (exp == NULL || ssl == NULL) { + return BAD_FUNC_ARG; + } + + specs= &(ssl->specs); + + if (DTLS_EXPORT_SPC_SZ > len) { + return BUFFER_E; + } + + XMEMSET(exp, 0, DTLS_EXPORT_SPC_SZ); + + c16toa(specs->key_size, exp + idx); idx += OPAQUE16_LEN; + c16toa(specs->iv_size, exp + idx); idx += OPAQUE16_LEN; + c16toa(specs->block_size, exp + idx); idx += OPAQUE16_LEN; + c16toa(specs->aead_mac_size, exp + idx); idx += OPAQUE16_LEN; + exp[idx++] = specs->bulk_cipher_algorithm; + exp[idx++] = specs->cipher_type; + exp[idx++] = specs->mac_algorithm; + exp[idx++] = specs->kea; + exp[idx++] = specs->sig_algo; + exp[idx++] = specs->hash_size; + exp[idx++] = specs->pad_size; + exp[idx++] = specs->static_ecdh; + + if (idx != DTLS_EXPORT_SPC_SZ) { + WOLFSSL_MSG("DTLS_EXPORT_SPC_SZ needs updated and export version"); + return DTLS_EXPORT_VER_E; + } + + WOLFSSL_LEAVE("ExportCipherSpecState", idx); + (void)ver; + return idx; +} + + +/* serializes the key struct for exporting */ +static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + word32 idx = 0; + byte sz; + Keys* keys; + + WOLFSSL_ENTER("ExportKeyState"); + + if (exp == NULL || ssl == NULL) { + return BAD_FUNC_ARG; + } + + keys = &(ssl->keys); + + if (DTLS_EXPORT_KEY_SZ > len) { + return BUFFER_E; + } + + XMEMSET(exp, 0, DTLS_EXPORT_KEY_SZ); + + c32toa(keys->peer_sequence_number, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->peer_sequence_number, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->sequence_number, exp + idx); idx += OPAQUE32_LEN; + + c16toa(keys->dtls_state.nextEpoch, exp + idx); idx += OPAQUE16_LEN; + c32toa(keys->dtls_state.nextSeq, exp + idx); idx += OPAQUE32_LEN; + c16toa(keys->dtls_state.curEpoch, exp + idx); idx += OPAQUE16_LEN; + c32toa(keys->dtls_state.curSeq, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->dtls_state.prevSeq, exp + idx); idx += OPAQUE32_LEN; + + c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN; + c16toa(keys->dtls_expected_peer_handshake_number, exp + idx); + idx += OPAQUE16_LEN; + + c32toa(keys->dtls_sequence_number, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->dtls_prev_sequence_number, exp + idx); idx += OPAQUE32_LEN; + c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN; + c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN; + c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN; + exp[idx++] = keys->encryptionOn; + exp[idx++] = keys->decryptedCur; + + #ifdef WORD64_AVAILABLE + c64toa(keys->dtls_state.window, exp + idx); idx += OPAQUE64_LEN; + c64toa(keys->dtls_state.prevWindow, exp + idx); idx += OPAQUE64_LEN; + #else + c32toa(keys->dtls_state.window, exp + idx); idx += OPAQUE32_LEN; + c32toa(0, exp + idx); idx += OPAQUE32_LEN; + c32toa(keys->dtls_state.prevWindow, exp + idx); idx += OPAQUE32_LEN; + c32toa(0, exp + idx); idx += OPAQUE32_LEN; + #endif + +#ifdef HAVE_TRUNCATED_HMAC + sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size; + exp[idx++] = ssl->truncated_hmac; +#else + sz = ssl->specs.hash_size; + exp[idx++] = 0; /* no truncated hmac */ +#endif + exp[idx++] = sz; + XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz; + XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz; + + sz = ssl->specs.key_size; + exp[idx++] = sz; + XMEMCPY(exp + idx, keys->client_write_key, sz); idx += sz; + XMEMCPY(exp + idx, keys->server_write_key, sz); idx += sz; + + sz = ssl->specs.iv_size; + exp[idx++] = sz; + XMEMCPY(exp + idx, keys->client_write_IV, sz); idx += sz; + XMEMCPY(exp + idx, keys->server_write_IV, sz); idx += sz; + XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ); + idx += AEAD_MAX_EXP_SZ; + + sz = AEAD_MAX_IMP_SZ; + exp[idx++] = sz; + XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz; + XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz; + + if (idx > DTLS_EXPORT_KEY_SZ) { + WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version"); + return DTLS_EXPORT_VER_E; + } + + WOLFSSL_LEAVE("ExportKeyState", idx); + (void)ver; + return idx; +} + +static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + word32 idx = 0; + CipherSpecs* specs; + + WOLFSSL_ENTER("ImportCipherSpecState"); + + if (exp == NULL || ssl == NULL) { + return BAD_FUNC_ARG; + } + + specs= &(ssl->specs); + + if (DTLS_EXPORT_SPC_SZ > len) { + return BUFFER_E; + } + + ato16(exp + idx, &specs->key_size); idx += OPAQUE16_LEN; + ato16(exp + idx, &specs->iv_size); idx += OPAQUE16_LEN; + ato16(exp + idx, &specs->block_size); idx += OPAQUE16_LEN; + ato16(exp + idx, &specs->aead_mac_size); idx += OPAQUE16_LEN; + specs->bulk_cipher_algorithm = exp[idx++]; + specs->cipher_type = exp[idx++]; + specs->mac_algorithm = exp[idx++]; + specs->kea = exp[idx++]; + specs->sig_algo = exp[idx++]; + specs->hash_size = exp[idx++]; + specs->pad_size = exp[idx++]; + specs->static_ecdh = exp[idx++]; + + WOLFSSL_LEAVE("ImportCipherSpecState", idx); + (void)ver; + return idx; +} + + +static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + word32 idx = 0; + byte sz; + Keys* keys; + + WOLFSSL_ENTER("ImportKeyState"); + + if (exp == NULL || ssl == NULL) { + return BAD_FUNC_ARG; + } + + keys = &(ssl->keys); + + /* check minimum length -- includes byte used for size indicators */ + if (len < DTLS_EXPORT_MIN_KEY_SZ) { + return BUFFER_E; + } + ato32(exp + idx, &keys->peer_sequence_number); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->peer_sequence_number); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->sequence_number); idx += OPAQUE32_LEN; + + ato16(exp + idx, &keys->dtls_state.nextEpoch); idx += OPAQUE16_LEN; + ato32(exp + idx, &keys->dtls_state.nextSeq); idx += OPAQUE32_LEN; + ato16(exp + idx, &keys->dtls_state.curEpoch); idx += OPAQUE16_LEN; + ato32(exp + idx, &keys->dtls_state.curSeq); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->dtls_state.prevSeq); idx += OPAQUE32_LEN; + + ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN; + ato16(exp + idx, &keys->dtls_expected_peer_handshake_number); + idx += OPAQUE16_LEN; + + ato32(exp + idx, &keys->dtls_sequence_number); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->dtls_prev_sequence_number); idx += OPAQUE32_LEN; + ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN; + ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN; + ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN; + keys->encryptionOn = exp[idx++]; + keys->decryptedCur = exp[idx++]; + + #ifdef WORD64_AVAILABLE + ato64(exp + idx, &keys->dtls_state.window); idx += OPAQUE64_LEN; + ato64(exp + idx, &keys->dtls_state.prevWindow); idx += OPAQUE64_LEN; + #else + ato32(exp + idx, &keys->dtls_state.window); idx += OPAQUE32_LEN; + ato32(exp + idx, 0); idx += OPAQUE32_LEN; + ato32(exp + idx, &keys->dtls_state.prevWindow); idx += OPAQUE32_LEN; + ato32(exp + idx, 0); idx += OPAQUE32_LEN; + #endif + +#ifdef HAVE_TRUNCATED_HMAC + ssl->truncated_hmac = exp[idx++]; +#else + idx++; /* no truncated hmac */ +#endif + sz = exp[idx++]; + if (sz > MAX_DIGEST_SIZE || sz + idx > len) { + return BUFFER_E; + } + XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz; + XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz; + + sz = exp[idx++]; + if (sz > AES_256_KEY_SIZE || sz + idx > len) { + return BUFFER_E; + } + XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz; + XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz; + + sz = exp[idx++]; + if (sz > MAX_WRITE_IV_SZ || sz + idx > len) { + return BUFFER_E; + } + XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz; + XMEMCPY(keys->server_write_IV, exp + idx, sz); idx += sz; + XMEMCPY(keys->aead_exp_IV, exp + idx, AEAD_MAX_EXP_SZ); + idx += AEAD_MAX_EXP_SZ; + + sz = exp[idx++]; + if (sz > AEAD_MAX_IMP_SZ || sz + idx > len) { + return BUFFER_E; + } + XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz; + XMEMCPY(keys->aead_dec_imp_IV, exp + idx, sz); idx += sz; + + WOLFSSL_LEAVE("ImportKeyState", idx); + (void)ver; + return idx; +} + + +/* copy over necessary information from Options struct to buffer + * On success returns size of buffer used on failure returns a negative value */ +static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + int idx = 0; + word16 zero = 0; + Options* options = &ssl->options; + + WOLFSSL_ENTER("dtls_export_new"); + + if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) { + return BAD_FUNC_ARG; + } + + XMEMSET(exp, 0, DTLS_EXPORT_OPT_SZ); + + /* these options are kept and sent to indicate verify status and strength + * of handshake */ + exp[idx++] = options->sendVerify; + exp[idx++] = options->verifyPeer; + exp[idx++] = options->verifyNone; + exp[idx++] = options->downgrade; +#ifndef NO_DH + c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN; + c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN; +#else + c16toa(zero, exp + idx); idx += OPAQUE16_LEN; + c16toa(zero, exp + idx); idx += OPAQUE16_LEN; +#endif +#ifndef NO_RSA + c16toa((word16)(options->minRsaKeySz), exp + idx); idx += OPAQUE16_LEN; +#else + c16toa(zero, exp + idx); idx += OPAQUE16_LEN; +#endif +#ifdef HAVE_ECC + c16toa((word16)(options->minEccKeySz), exp + idx); idx += OPAQUE16_LEN; +#else + c16toa(zero, exp + idx); idx += OPAQUE16_LEN; +#endif + + /* these options are kept to indicate state and behavior */ +#ifndef NO_PSK + exp[idx++] = options->havePSK; +#else + exp[idx++] = 0; +#endif + exp[idx++] = options->sessionCacheOff; + exp[idx++] = options->sessionCacheFlushOff; + exp[idx++] = options->side; + exp[idx++] = options->resuming; + exp[idx++] = options->haveSessionId; + exp[idx++] = options->tls; + exp[idx++] = options->tls1_1; + exp[idx++] = options->dtls; + exp[idx++] = options->connReset; + exp[idx++] = options->isClosed; + exp[idx++] = options->closeNotify; + exp[idx++] = options->sentNotify; + exp[idx++] = options->usingCompression; + exp[idx++] = options->haveRSA; + exp[idx++] = options->haveECC; + exp[idx++] = options->haveDH; + exp[idx++] = options->haveNTRU; + exp[idx++] = options->haveQSH; + exp[idx++] = options->haveECDSAsig; + exp[idx++] = options->haveStaticECC; + exp[idx++] = options->havePeerVerify; + exp[idx++] = options->usingPSK_cipher; + exp[idx++] = options->usingAnon_cipher; + exp[idx++] = options->sendAlertState; + exp[idx++] = options->partialWrite; + exp[idx++] = options->quietShutdown; + exp[idx++] = options->groupMessages; +#ifdef HAVE_POLY1305 + exp[idx++] = options->oldPoly; +#else + exp[idx++] = 0; +#endif +#ifdef HAVE_ANON + exp[idx++] = options->haveAnon; +#else + exp[idx++] = 0; +#endif +#ifdef HAVE_SESSION_TICKET + exp[idx++] = options->createTicket; + exp[idx++] = options->useTicket; +#else + exp[idx++] = 0; + exp[idx++] = 0; +#endif + exp[idx++] = options->processReply; + exp[idx++] = options->cipherSuite0; + exp[idx++] = options->cipherSuite; + exp[idx++] = options->serverState; + exp[idx++] = options->clientState; + exp[idx++] = options->handShakeState; + exp[idx++] = options->handShakeDone; + exp[idx++] = options->minDowngrade; + exp[idx++] = options->connectState; + exp[idx++] = options->acceptState; + exp[idx++] = options->keyShareState; + + /* version of connection */ + exp[idx++] = ssl->version.major; + exp[idx++] = ssl->version.minor; + + (void)zero; + (void)ver; + + /* check if changes were made and notify of need to update export version */ + if (idx != DTLS_EXPORT_OPT_SZ) { + WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of wolfSSL export"); + return DTLS_EXPORT_VER_E; + } + + WOLFSSL_LEAVE("dtls_export_new", idx); + + return idx; +} + + +/* copy items from Export struct to Options struct + * On success returns size of buffer used on failure returns a negative value */ +static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver) +{ + int idx = 0; + Options* options = &ssl->options; + + if (ver != 1) { + WOLFSSL_MSG("Export version not supported"); + return BAD_FUNC_ARG; + } + + if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) { + return BAD_FUNC_ARG; + } + + /* these options are kept and sent to indicate verify status and strength + * of handshake */ + options->sendVerify = exp[idx++]; + options->verifyPeer = exp[idx++]; + options->verifyNone = exp[idx++]; + options->downgrade = exp[idx++]; +#ifndef NO_DH + ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN; + ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN; +#else + idx += OPAQUE16_LEN; + idx += OPAQUE16_LEN; +#endif +#ifndef NO_RSA + ato16(exp + idx, (word16*)&(options->minRsaKeySz)); idx += OPAQUE16_LEN; +#else + idx += OPAQUE16_LEN; +#endif +#ifdef HAVE_ECC + ato16(exp + idx, (word16*)&(options->minEccKeySz)); idx += OPAQUE16_LEN; +#else + idx += OPAQUE16_LEN; +#endif + + /* these options are kept to indicate state and behavior */ +#ifndef NO_PSK + options->havePSK = exp[idx++]; +#else + idx++; +#endif + options->sessionCacheOff = exp[idx++]; + options->sessionCacheFlushOff = exp[idx++]; + options->side = exp[idx++]; + options->resuming = exp[idx++]; + options->haveSessionId = exp[idx++]; + options->tls = exp[idx++]; + options->tls1_1 = exp[idx++]; + options->dtls = exp[idx++]; + options->connReset = exp[idx++]; + options->isClosed = exp[idx++]; + options->closeNotify = exp[idx++]; + options->sentNotify = exp[idx++]; + options->usingCompression = exp[idx++]; + options->haveRSA = exp[idx++]; + options->haveECC = exp[idx++]; + options->haveDH = exp[idx++]; + options->haveNTRU = exp[idx++]; + options->haveQSH = exp[idx++]; + options->haveECDSAsig = exp[idx++]; + options->haveStaticECC = exp[idx++]; + options->havePeerVerify = exp[idx++]; + options->usingPSK_cipher = exp[idx++]; + options->usingAnon_cipher = exp[idx++]; + options->sendAlertState = exp[idx++]; + options->partialWrite = exp[idx++]; + options->quietShutdown = exp[idx++]; + options->groupMessages = exp[idx++]; +#ifdef HAVE_POLY1305 + options->oldPoly = exp[idx++]; /* set when to use old rfc way of poly*/ +#else + idx++; +#endif +#ifdef HAVE_ANON + options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */ +#else + idx++; +#endif +#ifdef HAVE_SESSION_TICKET + options->createTicket = exp[idx++]; /* Server to create new Ticket */ + options->useTicket = exp[idx++]; /* Use Ticket not session cache */ +#else + idx++; + idx++; +#endif + options->processReply = exp[idx++]; + options->cipherSuite0 = exp[idx++]; + options->cipherSuite = exp[idx++]; + options->serverState = exp[idx++]; + options->clientState = exp[idx++]; + options->handShakeState = exp[idx++]; + options->handShakeDone = exp[idx++]; + options->minDowngrade = exp[idx++]; + options->connectState = exp[idx++]; + options->acceptState = exp[idx++]; + options->keyShareState = exp[idx++]; + + /* version of connection */ + if (ssl->version.major != exp[idx++] || ssl->version.minor != exp[idx++]) { + WOLFSSL_MSG("Version mismatch ie DTLS v1 vs v1.2"); + return VERSION_ERROR; + } + + return idx; +} + + +/* WOLFSSL_LOCAL function that serializes the current WOLFSSL session + * buf is used to hold the serialized WOLFSSL struct and sz is the size of buf + * passed in. + * On success returns the size of serialized session.*/ +int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz) +{ + int ret; + word32 idx = 0; + word32 totalLen = 0; + + WOLFSSL_ENTER("wolfSSL_dtls_export_internal"); + + if (buf == NULL || ssl == NULL) { + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BAD_FUNC_ARG); + return BAD_FUNC_ARG; + } + + totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */ + /* each of the following have a 2 byte length before data */ + totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ; + totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_KEY_SZ; + totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ; + totalLen += DTLS_EXPORT_LEN + ssl->buffers.dtlsCtx.peer.sz; + + if (totalLen > sz) { + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BUFFER_E); + return BUFFER_E; + } + + buf[idx++] = (byte)DTLS_EXPORT_PRO; + buf[idx++] = ((byte)DTLS_EXPORT_PRO & 0xF0) | + ((byte)DTLS_EXPORT_VERSION & 0X0F); + + idx += DTLS_EXPORT_LEN; /* leave spot for length */ + + c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx); idx += DTLS_EXPORT_LEN; + if ((ret = dtls_export_new(ssl, buf + idx, sz - idx, + DTLS_EXPORT_VERSION)) < 0) { + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret); + return ret; + } + idx += ret; + + /* export keys struct and dtls state -- variable length stored in ret */ + idx += DTLS_EXPORT_LEN; /* leave room for length */ + if ((ret = ExportKeyState(ssl, buf + idx, sz - idx, + DTLS_EXPORT_VERSION)) < 0) { + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret); + return ret; + } + c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret; + + /* export of cipher specs struct */ + c16toa((word16)DTLS_EXPORT_SPC_SZ, buf + idx); idx += DTLS_EXPORT_LEN; + if ((ret = ExportCipherSpecState(ssl, buf + idx, sz - idx, + DTLS_EXPORT_VERSION)) < 0) { + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret); + return ret; + } + idx += ret; + + /* export of dtls peer information */ + c16toa((word16)ssl->buffers.dtlsCtx.peer.sz, buf + idx); + idx += DTLS_EXPORT_LEN; + XMEMCPY(buf + idx, ssl->buffers.dtlsCtx.peer.sa, + ssl->buffers.dtlsCtx.peer.sz); + idx += ssl->buffers.dtlsCtx.peer.sz; + + /* place total length of exported buffer minus 2 bytes protocol/version */ + c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN); + + /* if compiled with debug options then print the version, protocol, size */ +#ifdef WOLFSSL_SESSION_EXPORT_DEBUG + { + char debug[256]; + snprintf(debug, sizeof(debug), "Exporting DTLS session\n" + "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n" + , (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2); + WOLFSSL_MSG(debug); + } +#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ + + WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", idx); + return idx; +} + + +/* On success return amount of buffer consumed */ +int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz) +{ + word32 idx = 0; + word16 length = 0; + int version; + int ret; + + WOLFSSL_ENTER("wolfSSL_dtls_import_internal"); + /* check at least enough room for protocol and length */ + if (sz < DTLS_EXPORT_LEN * 2 || ssl == NULL) { + return BAD_FUNC_ARG; + } + + /* sanity check on protocol ID and size of buffer */ + if (buf[idx++] != (byte)DTLS_EXPORT_PRO || + (buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) { + /* don't increment on second idx to next get version */ + WOLFSSL_MSG("Incorrect protocol"); + return BAD_FUNC_ARG; + } + version = buf[idx++] & 0x0F; + + ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN; + if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */ + return BUFFER_E; + } + + /* if compiled with debug options then print the version, protocol, size */ +#ifdef WOLFSSL_SESSION_EXPORT_DEBUG + { + char debug[256]; + snprintf(debug, sizeof(debug), "Importing DTLS session\n" + "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n" + , (int)version, buf[0], (buf[1] >> 4), length); + WOLFSSL_MSG(debug); + } +#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ + + /* perform sanity checks and extract Options information used */ + if (DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ + idx > sz) { + WOLFSSL_MSG("Import Options struct error"); + return BUFFER_E; + } + ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN; + if (length != DTLS_EXPORT_OPT_SZ) { + WOLFSSL_MSG("Import Options struct error"); + return BUFFER_E; + } + if ((ret = dtls_export_load(ssl, buf + idx, length, version)) < 0) { + WOLFSSL_MSG("Import Options struct error"); + return ret; + } + idx += length; + + /* perform sanity checks and extract Keys struct */ + if (DTLS_EXPORT_LEN + idx > sz) { + WOLFSSL_MSG("Import Key struct error"); + return BUFFER_E; + } + ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN; + if (length > DTLS_EXPORT_KEY_SZ || length + idx > sz) { + WOLFSSL_MSG("Import Key struct error"); + return BUFFER_E; + } + if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) { + WOLFSSL_MSG("Import Key struct error"); + return ret; + } + idx += ret; + + /* perform sanity checks and extract CipherSpecs struct */ + if (DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ + idx > sz) { + WOLFSSL_MSG("Import CipherSpecs struct error"); + return BUFFER_E; + } + ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN; + if ( length != DTLS_EXPORT_SPC_SZ) { + WOLFSSL_MSG("Import CipherSpecs struct error"); + return BUFFER_E; + } + if ((ret = ImportCipherSpecState(ssl, buf + idx, length, version)) < 0) { + WOLFSSL_MSG("Import CipherSpecs struct error"); + return ret; + } + idx += length; + + /* perform sanity checks and extract DTLS peer info */ + if (DTLS_EXPORT_LEN + idx > sz) { + WOLFSSL_MSG("Import DTLS peer info error"); + return BUFFER_E; + } + ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN; + ssl->buffers.dtlsCtx.peer.sz = length; + + if (idx + ssl->buffers.dtlsCtx.peer.sz > sz) { + WOLFSSL_MSG("Import DTLS peer info error"); + return BUFFER_E; + } + + /* peer sa is free'd in SSL_ResourceFree */ + if ((ret = wolfSSL_dtls_set_peer(ssl, buf + idx, + ssl->buffers.dtlsCtx.peer.sz)) != SSL_SUCCESS) { + WOLFSSL_MSG("Import DTLS peer info error"); + return ret; + } + idx += ssl->buffers.dtlsCtx.peer.sz; + + SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE); + + /* set hmac function to use when verifying */ + if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 || + ssl->options.dtls == 1) { + ssl->hmac = TLS_hmac; + } + + /* make sure is a valid suite used */ + if (wolfSSL_get_cipher(ssl) == NULL) { + WOLFSSL_MSG("Can not match cipher suite imported"); + return MATCH_SUITE_ERROR; + } + + /* do not allow stream ciphers with DTLS */ + if (ssl->specs.cipher_type == stream) { + WOLFSSL_MSG("Can not import stream ciphers for DTLS"); + return SANITY_CIPHER_E; + } + + return idx; +} +#endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_SESSION_EXPORT */ + + +#ifdef HAVE_WOLF_EVENT +int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type) +{ + if (!ssl) { + return BAD_FUNC_ARG; + } + + if (ssl->event.pending) { + WOLFSSL_MSG("ssl.event already pending!"); + return BAD_COND_E; + } + + XMEMSET(&ssl->event, 0, sizeof(WOLF_EVENT)); + ssl->event.ssl = ssl; + ssl->event.type = type; + + return 0; +} + +int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event) +{ + int ret; + + if (ctx == NULL || event == NULL) { + return BAD_FUNC_ARG; + } + +#ifndef SINGLE_THREADED + if (LockMutex(&ctx->event_queue.lock) != 0) { + return BAD_MUTEX_E; + } +#endif + + /* Setup event */ + event->next = NULL; + event->pending = 1; + + if (ctx->event_queue.tail == NULL) { + ctx->event_queue.head = event; + } + else { + ctx->event_queue.tail->next = event; + } + ctx->event_queue.tail = event; /* add to the end either way */ + ret = 0; + +#ifndef SINGLE_THREADED + UnLockMutex(&ctx->event_queue.lock); +#endif + + return ret; +} +#endif /* HAVE_WOLF_EVENT */ + + void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv) { method->version = pv; @@ -495,10 +1303,13 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) } #ifndef NO_DH - ctx->minDhKeySz = MIN_DHKEY_SZ; + ctx->minDhKeySz = MIN_DHKEY_SZ; +#endif +#ifndef NO_RSA + ctx->minRsaKeySz = MIN_RSAKEY_SZ; #endif - #ifdef HAVE_ECC + ctx->minEccKeySz = MIN_ECCKEY_SZ; ctx->eccTempKeySz = ECDHE_SIZE; #endif @@ -547,6 +1358,16 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT; #endif +#ifdef HAVE_WOLF_EVENT + XMEMSET(&ctx->event_queue, 0, sizeof(WOLF_EVENT_QUEUE)); + #ifndef SINGLE_THREADED + if (InitMutex(&ctx->event_queue.lock) < 0) { + WOLFSSL_MSG("Mutex error on CTX event queue init"); + return BAD_MUTEX_E; + } + #endif +#endif /* HAVE_WOLF_EVENT */ + return 0; } @@ -558,6 +1379,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) (void)i; +#ifdef HAVE_WOLF_EVENT + #ifndef SINGLE_THREADED + FreeMutex(&ctx->event_queue.lock); + #endif +#endif /* HAVE_WOLF_EVENT */ + XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); if (ctx->suites) XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); @@ -568,9 +1395,15 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif #ifndef NO_CERTS - XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); - XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); - XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); + FreeDer(&ctx->privateKey); + FreeDer(&ctx->certificate); + #ifdef KEEP_OUR_CERT + FreeX509(ctx->ourCert); + if (ctx->ourCert) { + XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); + } + #endif + FreeDer(&ctx->certChain); wolfSSL_CertManagerFree(ctx->cm); #endif @@ -627,6 +1460,7 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) } } + /* Set cipher pointers to null */ void InitCiphers(WOLFSSL* ssl) { @@ -1354,6 +2188,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; + } +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 if (tls1_2 && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -1751,6 +2592,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) name->dynamicName = 0; #ifdef OPENSSL_EXTRA XMEMSET(&name->fullName, 0, sizeof(DecodedName)); + XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); + name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/ + name->x509 = NULL; #endif /* OPENSSL_EXTRA */ } } @@ -1791,7 +2635,7 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag) x509->version = 0; x509->pubKey.buffer = NULL; x509->sig.buffer = NULL; - x509->derCert.buffer = NULL; + x509->derCert = NULL; x509->altNames = NULL; x509->altNamesNext = NULL; x509->dynamicMemory = (byte)dynamicFlag; @@ -1840,8 +2684,8 @@ static int DupX509(WOLFSSL_X509* x509, WOLFSSL_X509* ox509) XMEMCPY(x509->pubKey.buffer, ox509->pubKey.buffer, sizeof(Buffers)); if (ox509->sig.buffer != NULL) XMEMCPY(x509->sig.buffer, ox509->sig.buffer, sizeof(Buffers)); - if (ox509->derCert.buffer != NULL) - XMEMCPY(x509->derCert.buffer, ox509->derCert.buffer, sizeof(Buffers)); + if (ox509->derCert->buffer != NULL) + XMEMCPY(x509->derCert->buffer, ox509->derCert->buffer, sizeof(Buffers)); if (ox509->altNames != NULL) XMEMCPY(x509->altNames, ox509->altNames, sizeof(DNS_entry)); if (ox509->altNamesNext != NULL) @@ -1908,7 +2752,7 @@ void FreeX509(WOLFSSL_X509* x509) FreeX509Name(&x509->subject); if (x509->pubKey.buffer) XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN); + FreeDer(&x509->derCert); XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE); #ifdef OPENSSL_EXTRA XFREE(x509->authKeyId, NULL, DYNAMIC_TYPE_X509_EXT); @@ -1916,16 +2760,83 @@ void FreeX509(WOLFSSL_X509* x509) #endif /* OPENSSL_EXTRA */ if (x509->altNames) FreeAltNames(x509->altNames, NULL); - if (x509->dynamicMemory) - XFREE(x509, NULL, DYNAMIC_TYPE_X509); } #ifndef NO_RSA +int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, + word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx) +{ + int ret; + + (void)ssl; + (void)keyBuf; + (void)keySz; + (void)ctx; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_RSA_SIGN; + ssl->asyncCryptTest.rsaSign.in = in; + ssl->asyncCryptTest.rsaSign.inSz = inSz; + ssl->asyncCryptTest.rsaSign.out = out; + ssl->asyncCryptTest.rsaSign.outSz = outSz; + ssl->asyncCryptTest.rsaSign.keyBuf = keyBuf; + ssl->asyncCryptTest.rsaSign.keySz = keySz; + ssl->asyncCryptTest.rsaSign.key = key; + #if defined(HAVE_PK_CALLBACKS) + ssl->asyncCryptTest.ctx = ctx; + #endif + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + +#if defined(HAVE_PK_CALLBACKS) + if (ssl->ctx->RsaSignCb) { + ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz, + ctx); + } + else +#endif /*HAVE_PK_CALLBACKS */ + { + ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, key, ssl->rng); + } + if (ret > 0) { + *outSz = ret; + ret = 0; + } + + return ret; +} + +int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, + byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx) +{ + int ret; + + (void)ssl; + (void)keyBuf; + (void)keySz; + (void)ctx; + +#ifdef HAVE_PK_CALLBACKS + if (ssl->ctx->RsaVerifyCb) { + ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx); + } + else +#endif /*HAVE_PK_CALLBACKS */ + { + ret = wc_RsaSSL_VerifyInline(in, inSz, out, key); + } + return ret; +} + /* Verify RSA signature, 0 on success */ -int VerifyRsaSign(const byte* sig, word32 sigSz, - const byte* plain, word32 plainSz, RsaKey* key) +int VerifyRsaSign(WOLFSSL* ssl, const byte* sig, word32 sigSz, + const byte* plain, word32 plainSz, RsaKey* key) { #ifdef WOLFSSL_SMALL_STACK byte* verifySig = NULL; @@ -1935,6 +2846,8 @@ int VerifyRsaSign(const byte* sig, word32 sigSz, byte* out = NULL; /* inline result */ int ret; + (void)ssl; + WOLFSSL_ENTER("VerifyRsaSign"); if (sig == NULL || plain == NULL || key == NULL) { @@ -1971,9 +2884,265 @@ int VerifyRsaSign(const byte* sig, word32 sigSz, return ret; } +int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, + RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx) +{ + int ret; + + (void)ssl; + (void)keyBuf; + (void)keySz; + (void)ctx; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_RSA_DEC; + ssl->asyncCryptTest.rsaDec.in = in; + ssl->asyncCryptTest.rsaDec.inSz = inSz; + ssl->asyncCryptTest.rsaDec.out = out; + ssl->asyncCryptTest.rsaDec.outSz = outSz; + ssl->asyncCryptTest.rsaDec.keyBuf = keyBuf; + ssl->asyncCryptTest.rsaDec.keySz = keySz; + ssl->asyncCryptTest.rsaDec.key = key; + #if defined(HAVE_PK_CALLBACKS) + ssl->asyncCryptTest.ctx = ctx; + #endif + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + +#ifdef HAVE_PK_CALLBACKS + if (ssl->ctx->RsaDecCb) { + ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz, + ctx); + } + else +#endif /* HAVE_PK_CALLBACKS */ + { + ret = wc_RsaPrivateDecryptInline(in, inSz, out, key); + } + + if (ret > 0) { + *outSz = ret; + ret = 0; + } + return ret; +} + #endif /* NO_RSA */ -#endif /* NO_CERTS */ +#ifdef HAVE_ECC + +int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, + word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, void* ctx) +{ + int ret; + + (void)ssl; + (void)keyBuf; + (void)keySz; + (void)ctx; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_ECC_SIGN; + ssl->asyncCryptTest.eccSign.in = in; + ssl->asyncCryptTest.eccSign.inSz = inSz; + ssl->asyncCryptTest.eccSign.out = out; + ssl->asyncCryptTest.eccSign.outSz = outSz; + ssl->asyncCryptTest.eccSign.keyBuf = keyBuf; + ssl->asyncCryptTest.eccSign.keySz = keySz; + ssl->asyncCryptTest.eccSign.key = key; + #if defined(HAVE_PK_CALLBACKS) + ssl->asyncCryptTest.ctx = ctx; + #endif + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + +#if defined(HAVE_PK_CALLBACKS) + if (ssl->ctx->EccSignCb) { + ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf, + keySz, ctx); + } + else +#endif /* HAVE_PK_CALLBACKS */ + { + ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key); + } + return ret; +} + +int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, + word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz, + void* ctx) +{ + int ret, verify; + + (void)ssl; + (void)keyBuf; + (void)keySz; + (void)ctx; + +#ifdef HAVE_PK_CALLBACKS + if (ssl->ctx->EccVerifyCb) { + ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz, + &verify, ctx); + } + else +#endif + { + ret = wc_ecc_verify_hash(in, inSz, out, outSz, &verify, key); + } + + ret = (ret != 0 || verify == 0) ? VERIFY_SIGN_ERROR : 0; + + return ret; +} + +int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key, + byte* out, word32* outSz) +{ + int ret; + + (void)ssl; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_ECC_SHARED_SEC; + ssl->asyncCryptTest.eccSharedSec.private_key = priv_key; + ssl->asyncCryptTest.eccSharedSec.public_key = pub_key; + ssl->asyncCryptTest.eccSharedSec.out = out; + ssl->asyncCryptTest.eccSharedSec.outLen = outSz; + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + + ret = wc_ecc_shared_secret(priv_key, pub_key, out, outSz); + + return ret; +} + +int EccMakeTempKey(WOLFSSL* ssl) +{ + int ret = 0; + if (ssl->eccTempKeyPresent == 0) { + #if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_ECC_TMPKEY_GEN; + return WC_PENDING_E; + } + #endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + + ret = wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz, + ssl->eccTempKey); + if (ret == MP_OKAY) { + ssl->eccTempKeyPresent = 1; + ret = 0; + } + } + return ret; +} + +#endif /* HAVE_ECC */ + +#endif /* !NO_CERTS */ + +#if !defined(NO_CERTS) || !defined(NO_PSK) +#if !defined(NO_DH) + +int DhGenKeyPair(WOLFSSL* ssl, + byte* p, word32 pSz, + byte* g, word32 gSz, + byte* priv, word32* privSz, + byte* pub, word32* pubSz) +{ + int ret; + DhKey dhKey; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_DH_GEN; + ssl->asyncCryptTest.dhGen.p = p; + ssl->asyncCryptTest.dhGen.pSz = pSz; + ssl->asyncCryptTest.dhGen.g = g; + ssl->asyncCryptTest.dhGen.gSz = gSz; + ssl->asyncCryptTest.dhGen.priv = priv; + ssl->asyncCryptTest.dhGen.privSz = privSz; + ssl->asyncCryptTest.dhGen.pub = pub; + ssl->asyncCryptTest.dhGen.pubSz = pubSz; + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + + wc_InitDhKey(&dhKey); + ret = wc_DhSetKey(&dhKey, p, pSz, g, gSz); + if (ret == 0) { + ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, priv, privSz, pub, pubSz); + } + wc_FreeDhKey(&dhKey); + return ret; +} + +int DhAgree(WOLFSSL* ssl, + byte* p, word32 pSz, + byte* g, word32 gSz, + byte* priv, word32* privSz, + byte* pub, word32* pubSz, + const byte* otherPub, word32 otherPubSz, + byte* agree, word32* agreeSz) +{ + int ret; + DhKey dhKey; + +#if defined(WOLFSSL_ASYNC_CRYPT_TEST) + if (ssl->options.side == WOLFSSL_SERVER_END && + ssl->asyncCryptTest.type == ASYNC_TEST_NONE) + { + ssl->asyncCryptTest.type = ASYNC_TEST_DH_AGREE; + ssl->asyncCryptTest.dhAgree.p = p; + ssl->asyncCryptTest.dhAgree.pSz = pSz; + ssl->asyncCryptTest.dhAgree.g = g; + ssl->asyncCryptTest.dhAgree.gSz = gSz; + ssl->asyncCryptTest.dhAgree.priv = priv; + ssl->asyncCryptTest.dhAgree.privSz = privSz; + ssl->asyncCryptTest.dhAgree.pub = pub; + ssl->asyncCryptTest.dhAgree.pubSz = pubSz; + ssl->asyncCryptTest.dhAgree.otherPub = otherPub; + ssl->asyncCryptTest.dhAgree.otherPubSz = otherPubSz; + ssl->asyncCryptTest.dhAgree.agree = agree; + ssl->asyncCryptTest.dhAgree.agreeSz = agreeSz; + return WC_PENDING_E; + } +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ + + wc_InitDhKey(&dhKey); + ret = wc_DhSetKey(&dhKey, p, pSz, g, gSz); + if (ret == 0 && pub) { + /* for DH, encSecret is Yc, agree is pre-master */ + ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, priv, privSz, pub, pubSz); + } + if (ret == 0) { + ret = wc_DhAgree(&dhKey, agree, agreeSz, priv, *privSz, otherPub, otherPubSz); + } + wc_FreeDhKey(&dhKey); + + return ret; +} + +#endif /* !NO_DH */ +#endif /* !NO_CERTS || !NO_PSK */ + /* This function inherits a WOLFSSL_CTX's fields into an SSL object. @@ -1984,13 +3153,15 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) { byte havePSK = 0; byte haveAnon = 0; + byte newSSL; byte haveRSA = 0; - byte newSSL = ssl->ctx == NULL; (void) haveAnon; /* Squash unused var warnings */ if(!ssl || !ctx || ssl->suites == NULL) return BAD_FUNC_ARG; + newSSL = ssl->ctx == NULL; /* Assign after null check */ + #ifndef NO_PSK if (ctx->server_hint[0] && ssl->arrays == NULL) { return BAD_FUNC_ARG; /* needed for copy below */ @@ -2021,7 +3192,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) return BAD_MUTEX_E; } ctx->refCount++; - UnLockMutex(&ctx->countMutex); ssl->ctx = ctx; /* only for passing to calls, options could change */ ssl->version = ctx->method->version; @@ -2057,6 +3227,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #ifndef NO_DH ssl->options.minDhKeySz = ctx->minDhKeySz; #endif +#ifndef NO_RSA + ssl->options.minRsaKeySz = ctx->minRsaKeySz; +#endif +#ifdef HAVE_ECC + ssl->options.minEccKeySz = ctx->minEccKeySz; +#endif ssl->options.sessionCacheOff = ctx->sessionCacheOff; ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; @@ -2114,16 +3290,23 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.haveECC, ssl->options.haveStaticECC, ssl->options.side); -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) /* make sure server has cert and key unless using PSK or Anon * This should be true even if just switching ssl ctx */ if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon) - if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { + if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer || + !ssl->buffers.key || !ssl->buffers.key->buffer) { WOLFSSL_MSG("Server missing certificate and/or private key"); return NO_PRIVATE_KEY; } #endif +#ifdef WOLFSSL_SESSION_EXPORT + #ifdef WOLFSSL_DTLS + ssl->dtls_export = ctx->dtls_export; /* export function for session */ + #endif +#endif + return SSL_SUCCESS; } @@ -2143,7 +3326,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; -#ifdef KEEP_PEER_CERT +#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) InitX509(&ssl->peerCert, 0); #endif @@ -2624,6 +3807,43 @@ void FreeArrays(WOLFSSL* ssl, int keep) ssl->arrays = NULL; } +static void FreeKeyExchange(WOLFSSL* ssl) +{ + /* Cleanup signature buffer */ + if (ssl->buffers.sig.buffer) { + XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ssl->buffers.sig.buffer = NULL; + ssl->buffers.sig.length = 0; + } + + /* Free sigKey */ + if (ssl->sigKey) { + switch (ssl->sigType) + { + #ifndef NO_RSA + case DYNAMIC_TYPE_RSA: + { + wc_FreeRsaKey((RsaKey*)ssl->sigKey); + XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_RSA); + break; + } + #endif /* ! NO_RSA */ + #ifdef HAVE_ECC + case DYNAMIC_TYPE_ECC: + { + wc_ecc_free((ecc_key*)ssl->sigKey); + XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_ECC); + break; + } + #endif /* HAVE_ECC */ + default: + break; + } + /* Reset type and pointer */ + ssl->sigType = 0; + ssl->sigKey = NULL; + } +} /* In case holding SSL object in array and don't want to free actual ssl */ void SSL_ResourceFree(WOLFSSL* ssl) @@ -2634,9 +3854,9 @@ void SSL_ResourceFree(WOLFSSL* ssl) * example with the RNG, it isn't used beyond the handshake except when * using stream ciphers where it is retained. */ - WOLFSSL_ENTER("SSL_ResourceFree"); FreeCiphers(ssl); FreeArrays(ssl, 0); + FreeKeyExchange(ssl); wc_FreeRng(ssl->rng); XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); @@ -2660,17 +3880,8 @@ void SSL_ResourceFree(WOLFSSL* ssl) } #endif #ifndef NO_CERTS - if (ssl->buffers.weOwnCert) - XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); - if (ssl->buffers.weOwnCertChain) - XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT); - if (ssl->buffers.weOwnKey) { - if (ssl->buffers.key.buffer) { - ForceZero(ssl->buffers.key.buffer, ssl->buffers.key.length); - } - XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); - ssl->buffers.key.buffer = NULL; - } + ssl->keepCert = 0; /* make sure certificate is free'd */ + wolfSSL_UnloadCertsKeys(ssl); #endif #ifndef NO_RSA if (ssl->peerRsaKey) { @@ -2743,7 +3954,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) nx_packet_release(ssl->nxCtx.nxPacket); #endif #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) - FreeX509(&(ssl->peerCert)); /* clang thinks this frees ssl itslef */ + FreeX509(&ssl->peerCert); #endif } @@ -2866,21 +4077,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) } #endif #ifndef NO_CERTS - if (ssl->buffers.weOwnCert) { - XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); - ssl->buffers.certificate.buffer = NULL; - } - if (ssl->buffers.weOwnCertChain) { - XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT); - ssl->buffers.certChain.buffer = NULL; - } - if (ssl->buffers.weOwnKey) { - if (ssl->buffers.key.buffer) { - ForceZero(ssl->buffers.key.buffer, ssl->buffers.key.length); - } - XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); - ssl->buffers.key.buffer = NULL; - } + wolfSSL_UnloadCertsKeys(ssl); #endif #ifdef HAVE_PK_CALLBACKS #ifdef HAVE_ECC @@ -2901,7 +4098,9 @@ void FreeHandshakeResources(WOLFSSL* ssl) void FreeSSL(WOLFSSL* ssl) { - FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ + if (ssl->ctx) { + FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ + } SSL_ResourceFree(ssl); XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL); } @@ -2936,6 +4135,9 @@ int DtlsPoolInit(WOLFSSL* ssl) int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz) { DtlsPool *pool = ssl->dtls_pool; + if (src == NULL) { + return BAD_FUNC_ARG; + } if (pool != NULL && pool->used < DTLS_POOL_SZ) { buffer *pBuf = &pool->buf[pool->used]; pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); @@ -3463,6 +4665,13 @@ ProtocolVersion MakeDTLSv1_2(void) return (word32) Seconds_get(); } +#elif defined(WOLFSSL_UTASKER) + + word32 LowResTimer(void) + { + return (word32)(uTaskerSystemTick / TICK_RESOLUTION); + } + #elif defined(USER_TICKS) #if 0 word32 LowResTimer(void) @@ -3644,6 +4853,9 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl /* record layer header */ rl = (RecordLayerHeader*)output; + if (rl == NULL) { + return; + } rl->type = type; rl->pvMajor = ssl->version.major; /* type and version same in each */ rl->pvMinor = ssl->version.minor; @@ -3651,13 +4863,15 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl #ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.connectState == CONNECT_BEGIN - && !ssl->options.resuming) + && !ssl->options.resuming) { rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade : ssl->version.minor; + } #endif - if (!ssl->options.dtls) + if (!ssl->options.dtls) { c16toa((word16)length, rl->length); + } else { #ifdef WOLFSSL_DTLS DtlsRecordLayerHeader* dtls; @@ -4073,11 +5287,9 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.downgrade && ssl->options.connectState < FIRST_REPLY_DONE) WOLFSSL_MSG("Server attempting to accept with different version"); - else if (ssl->options.dtls - && (ssl->options.acceptState == ACCEPT_BEGIN - || ssl->options.acceptState == CLIENT_HELLO_SENT)) - /* Do not check version until Server Hello or Hello Again (2) */ - WOLFSSL_MSG("Use version for formatting only in DTLS till "); + else if (ssl->options.dtls && rh->type == handshake) + /* Check the DTLS handshake message RH version later. */ + WOLFSSL_MSG("DTLS handshake, skip RH version number check"); else { WOLFSSL_MSG("SSL version error"); return VERSION_ERROR; /* only use requested version */ @@ -4155,6 +5367,15 @@ static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, idx += DTLS_HANDSHAKE_FRAG_SZ; c24to32(input + idx, fragSz); + if (ssl->curRL.pvMajor != ssl->version.major || + ssl->curRL.pvMinor != ssl->version.minor) { + + if (*type != client_hello && *type != hello_verify_request) + return VERSION_ERROR; + else { + WOLFSSL_MSG("DTLS Handshake ignoring hello or verify version"); + } + } return 0; } #endif @@ -4808,6 +6029,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_DHE) return 1; break; + + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; #endif #ifdef HAVE_ANON case TLS_DH_anon_WITH_AES_128_CBC_SHA : @@ -4930,6 +6160,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->issuer.fullName.fullName, dCert->issuerName.fullName, dCert->issuerName.fullNameLen); } + x509->issuer.x509 = x509; #endif /* OPENSSL_EXTRA */ XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); @@ -4945,6 +6176,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->subject.fullName.fullName, dCert->subjectName.fullName, dCert->subjectName.fullNameLen); } + x509->subject.x509 = x509; #endif /* OPENSSL_EXTRA */ XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); @@ -5024,14 +6256,11 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } /* store cert for potential retrieval */ - x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, - DYNAMIC_TYPE_CERT); - if (x509->derCert.buffer == NULL) { - ret = MEMORY_E; + if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, NULL) == 0) { + XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx); } else { - XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx); - x509->derCert.length = dCert->maxIdx; + ret = MEMORY_E; } x509->altNames = dCert->altNames; @@ -5092,7 +6321,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, - word32 size) + word32 size) { word32 listSz; word32 begin = *inOutIdx; @@ -5112,6 +6341,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_X509_STORE_CTX store[1]; #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */ +#endif + #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo); @@ -5178,6 +6411,43 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, return MEMORY_E; #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + /* if using trusted peer certs check before verify chain and CA test */ + if (count > 0) { + TrustedPeerCert* tp = NULL; + + InitDecodedCert(dCert, certs[0].buffer, certs[0].length, ssl->heap); + ret = ParseCertRelative(dCert, CERT_TYPE, 0, ssl->ctx->cm); + #ifndef NO_SKID + if (dCert->extAuthKeyIdSet) { + tp = GetTrustedPeer(ssl->ctx->cm, dCert->extSubjKeyId, + WC_MATCH_SKID); + } + else { /* if the cert has no SKID try to match by name */ + tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash, + WC_MATCH_NAME); + } + #else /* NO_SKID */ + tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash, + WC_MATCH_NAME); + #endif /* NO SKID */ + WOLFSSL_MSG("Checking for trusted peer cert"); + + if (tp == NULL) { + /* no trusted peer cert */ + WOLFSSL_MSG("No matching trusted peer cert. Checking CAs"); + FreeDecodedCert(dCert); + } else if (MatchTrustedPeer(tp, dCert)){ + WOLFSSL_MSG("Found matching trusted peer cert"); + haveTrustPeer = 1; + } else { + WOLFSSL_MSG("Trusted peer cert did not match!"); + FreeDecodedCert(dCert); + } + } + if (!haveTrustPeer) { /* do not verify chain if trusted peer cert found */ +#endif /* WOLFSSL_TRUST_PEER_CERT */ + /* verify up to peer's first */ while (count > 1) { buffer myCert = certs[count - 1]; @@ -5192,6 +6462,35 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, subjectHash = dCert->subjectHash; #endif + /* Check key sizes for certs. Is redundent check since ProcessBuffer + also performs this check. */ + if (!ssl->options.verifyNone) { + switch (dCert->keyOID) { + #ifndef NO_RSA + case RSAk: + if (ssl->options.minRsaKeySz < 0 || + dCert->pubKeySize < (word16)ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size in cert chain error"); + ret = RSA_KEY_SIZE_E; + } + break; + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + if (ssl->options.minEccKeySz < 0 || + dCert->pubKeySize < (word16)ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size in cert chain error"); + ret = ECC_KEY_SIZE_E; + } + break; + #endif /* HAVE_ECC */ + + default: + WOLFSSL_MSG("Key size not checked"); + break; /* key not being checked for size if not in switch */ + } + } + if (ret == 0 && dCert->isCA == 0) { WOLFSSL_MSG("Chain cert is not a CA, not adding as one"); } @@ -5199,18 +6498,21 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("Chain cert not verified by option, not adding as CA"); } else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) { - buffer add; - add.length = myCert.length; - add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap, - DYNAMIC_TYPE_CA); + DerBuffer* add = NULL; + ret = AllocDer(&add, myCert.length, CA_TYPE, ssl->heap); + if (ret < 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } + WOLFSSL_MSG("Adding CA from chain"); - if (add.buffer == NULL) - return MEMORY_E; - XMEMCPY(add.buffer, myCert.buffer, myCert.length); + XMEMCPY(add->buffer, myCert.buffer, myCert.length); /* already verified above */ - ret = AddCA(ssl->ctx->cm, add, WOLFSSL_CHAIN_CA, 0); + ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0); if (ret == 1) ret = 0; /* SSL_SUCCESS for external */ } else if (ret != 0) { @@ -5264,6 +6566,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, count--; } +#ifdef WOLFSSL_TRUST_PEER_CERT + } /* end of if (haveTrustPeer) -- a check for if already verified */ +#endif + /* peer's, may not have one if blank client cert sent by TLSv1.2 */ if (count) { buffer myCert = certs[0]; @@ -5271,9 +6577,16 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("Verifying Peer's cert"); +#ifdef WOLFSSL_TRUST_PEER_CERT + if (!haveTrustPeer) { /* do not parse again if previously verified */ +#endif InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap); ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone, ssl->ctx->cm); +#ifdef WOLFSSL_TRUST_PEER_CERT + } +#endif + if (ret == 0) { WOLFSSL_MSG("Verified Peer's cert"); fatal = 0; @@ -5363,11 +6676,11 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_OCSP || HAVE_CRL */ #ifdef KEEP_PEER_CERT - if (fatal == 0) { - /* set X509 format for peer cert even if fatal */ - int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert); - if (copyRet == MEMORY_E) - fatal = 1; + { + /* set X509 format for peer cert even if fatal */ + int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert); + if (copyRet == MEMORY_E) + fatal = 1; } #endif @@ -5489,6 +6802,16 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* NO_RSA */ #endif /*HAVE_PK_CALLBACKS */ } + + /* check size of peer RSA key */ + if (ret == 0 && ssl->peerRsaKeyPresent && + !ssl->options.verifyNone && + wc_RsaEncryptSize(ssl->peerRsaKey) + < ssl->options.minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG("Peer RSA key is too small"); + } + } break; #endif /* NO_RSA */ @@ -5547,6 +6870,16 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_ECC */ #endif /*HAVE_PK_CALLBACKS */ } + + /* check size of peer ECC key */ + if (ret == 0 && ssl->peerEccDsaKeyPresent && + !ssl->options.verifyNone && + wc_ecc_size(ssl->peerEccDsaKey) + < ssl->options.minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG("Peer ECC key is too small"); + } + } break; #endif /* HAVE_ECC */ @@ -6201,7 +7534,10 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) WOLFSSL_MSG("Duplicate ChangeCipher received"); return DUPLICATE_MSG_E; } - ssl->msgsReceived.got_change_cipher = 1; + /* DTLS is going to ignore the CCS message if the client key + * exchange message wasn't received yet. */ + if (!ssl->options.dtls) + ssl->msgsReceived.got_change_cipher = 1; #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { @@ -6221,7 +7557,8 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) } } #endif - + if (ssl->options.dtls) + ssl->msgsReceived.got_change_cipher = 1; break; default: @@ -6293,7 +7630,8 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* hello_request not hashed */ /* Also, skip hashing the client_hello message here for DTLS. It will be * hashed later if the DTLS cookie is correct. */ - if (type != hello_request && !(ssl->options.dtls && type == client_hello)) { + if (type != hello_request && !(ssl->options.dtls && type == client_hello) && + ssl->error != WC_PENDING_E) { ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; } @@ -6638,7 +7976,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += fragSz; if(type == finished ) *inOutIdx += ssl->keys.padSz; - ret = 0; + ret = DtlsPoolSend(ssl); } else if (fragSz < size) { /* Since this branch is in order, but fragmented, dtls_msg_list will be @@ -7900,7 +9238,8 @@ int ProcessReply(WOLFSSL* ssl) atomicUser = 1; #endif - if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){ + if (ssl->error != 0 && ssl->error != WANT_READ && + ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) { WOLFSSL_MSG("ProcessReply retry in error state, not allowed"); return ssl->error; } @@ -8016,8 +9355,12 @@ int ProcessReply(WOLFSSL* ssl) if (ssl->options.dtls && ret == SEQUENCE_ERROR) { WOLFSSL_MSG("Silently dropping out of order DTLS message"); ssl->options.processReply = doProcessInit; - ssl->buffers.inputBuffer.length = 0; - ssl->buffers.inputBuffer.idx = 0; + ssl->buffers.inputBuffer.idx += ssl->curSize; + + ret = DtlsPoolSend(ssl); + if (ret != 0) + return ret; + continue; } #endif @@ -8149,25 +9492,33 @@ int ProcessReply(WOLFSSL* ssl) } #endif - /* Check for duplicate CCS message in DTLS mode. - * DTLS allows for duplicate messages, and it should be - * skipped. */ - if (ssl->options.dtls && - ssl->msgsReceived.got_change_cipher) { - - WOLFSSL_MSG("Duplicate ChangeCipher msg"); - if (ssl->curSize != 1) { - WOLFSSL_MSG("Malicious or corrupted" - " duplicate ChangeCipher msg"); - return LENGTH_ERROR; - } - ssl->buffers.inputBuffer.idx++; - break; - } - ret = SanityCheckMsgReceived(ssl, change_cipher_hs); - if (ret != 0) - return ret; + if (ret != 0) { + if (!ssl->options.dtls) { + return ret; + } +#ifdef WOLFSSL_DTLS + else { + /* Check for duplicate CCS message in DTLS mode. + * DTLS allows for duplicate messages, and it should be + * skipped. Also skip if out of order. */ + if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E) + return ret; + + ret = DtlsPoolSend(ssl); + if (ret != 0) + return ret; + + if (ssl->curSize != 1) { + WOLFSSL_MSG("Malicious or corrupted" + " duplicate ChangeCipher msg"); + return LENGTH_ERROR; + } + ssl->buffers.inputBuffer.idx++; + break; + } +#endif /* WOLFSSL_DTLS */ + } #ifdef HAVE_SESSION_TICKET if (ssl->options.side == WOLFSSL_CLIENT_END && @@ -8226,6 +9577,12 @@ int ProcessReply(WOLFSSL* ssl) case application_data: WOLFSSL_MSG("got app DATA"); + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls && ssl->options.dtlsHsRetain) { + FreeHandshakeResources(ssl); + ssl->options.dtlsHsRetain = 0; + } + #endif if ((ret = DoApplicationData(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx)) @@ -8261,7 +9618,7 @@ int ProcessReply(WOLFSSL* ssl) ssl->options.processReply = doProcessInit; /* input exhausted? */ - if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length) + if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length) return 0; /* more messages per record */ @@ -8356,7 +9713,7 @@ int SendChangeCipher(WOLFSSL* ssl) if (ssl->options.groupMessages) return 0; - #ifdef WOLFSSL_DTLS + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS) else if (ssl->options.dtls) { /* If using DTLS, force the ChangeCipherSpec message to be in the * same datagram as the finished message. */ @@ -8583,6 +9940,10 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, int ret = 0; int atomicUser = 0; + if (ssl == NULL || output == NULL || input == NULL) { + return BAD_FUNC_ARG; + } + #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { sz += DTLS_RECORD_EXTRA; @@ -8815,15 +10176,19 @@ int SendCertificate(WOLFSSL* ssl) listSz = 0; } else { - certSz = ssl->buffers.certificate.length; + if (!ssl->buffers.certificate) { + WOLFSSL_MSG("Send Cert missing certificate buffer"); + return BUFFER_ERROR; + } + certSz = ssl->buffers.certificate->length; headerSz = 2 * CERT_HEADER_SZ; /* list + cert size */ length = certSz + headerSz; listSz = certSz + CERT_HEADER_SZ; /* may need to send rest of chain, already has leading size(s) */ - if (certSz) { - certChainSz = ssl->buffers.certChain.length; + if (certSz && ssl->buffers.certChain) { + certChainSz = ssl->buffers.certChain->length; length += certChainSz; listSz += certChainSz; } @@ -8933,9 +10298,9 @@ int SendCertificate(WOLFSSL* ssl) fragSz -= CERT_HEADER_SZ; if (!IsEncryptionOn(ssl, 1)) { - HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); + HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz); if (certChainSz) - HashOutputRaw(ssl, ssl->buffers.certChain.buffer, + HashOutputRaw(ssl, ssl->buffers.certChain->buffer, certChainSz); } } @@ -8957,7 +10322,7 @@ int SendCertificate(WOLFSSL* ssl) if (certSz && ssl->fragOffset < certSz) { word32 copySz = min(certSz - ssl->fragOffset, fragSz); XMEMCPY(output + i, - ssl->buffers.certificate.buffer + ssl->fragOffset, copySz); + ssl->buffers.certificate->buffer + ssl->fragOffset, copySz); i += copySz; ssl->fragOffset += copySz; length -= copySz; @@ -8966,7 +10331,7 @@ int SendCertificate(WOLFSSL* ssl) if (certChainSz && fragSz) { word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz); XMEMCPY(output + i, - ssl->buffers.certChain.buffer + ssl->fragOffset - certSz, + ssl->buffers.certChain->buffer + ssl->fragOffset - certSz, copySz); i += copySz; ssl->fragOffset += copySz; @@ -9117,7 +10482,7 @@ int SendCertificateRequest(WOLFSSL* ssl) return SendBuffered(ssl); } - +#ifndef NO_WOLFSSL_SERVER #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, @@ -9215,6 +10580,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, return ret; } #endif +#endif /* NO_WOLFSSL_SERVER */ int SendCertificateStatus(WOLFSSL* ssl) @@ -9236,19 +10602,22 @@ int SendCertificateStatus(WOLFSSL* ssl) switch (status_type) { + #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) /* case WOLFSSL_CSR_OCSP: */ case WOLFSSL_CSR2_OCSP: { OcspRequest* request = ssl->ctx->certOcspRequest; - buffer response = {NULL, 0}; + buffer response; + + XMEMSET(&response, 0, sizeof(response)); /* unable to fetch status. skip. */ if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) return 0; if (!request || ssl->buffers.weOwnCert) { - buffer der = ssl->buffers.certificate; + DerBuffer* der = ssl->buffers.certificate; #ifdef WOLFSSL_SMALL_STACK DecodedCert* cert = NULL; #else @@ -9256,7 +10625,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #endif /* unable to fetch status. skip. */ - if (der.buffer == NULL || der.length == 0) + if (der->buffer == NULL || der->length == 0) return 0; #ifdef WOLFSSL_SMALL_STACK @@ -9266,7 +10635,7 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; #endif - InitDecodedCert(cert, der.buffer, der.length, NULL); + InitDecodedCert(cert, der->buffer, der->length, NULL); if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { @@ -9338,14 +10707,14 @@ int SendCertificateStatus(WOLFSSL* ssl) buffer responses[1 + MAX_CHAIN_DEPTH]; int i = 0; - ForceZero(responses, sizeof(responses)); + XMEMSET(responses, 0, sizeof(responses)); /* unable to fetch status. skip. */ if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) return 0; if (!request || ssl->buffers.weOwnCert) { - buffer der = ssl->buffers.certificate; + DerBuffer* der = ssl->buffers.certificate; #ifdef WOLFSSL_SMALL_STACK DecodedCert* cert = NULL; #else @@ -9353,7 +10722,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #endif /* unable to fetch status. skip. */ - if (der.buffer == NULL || der.length == 0) + if (der->buffer == NULL || der->length == 0) return 0; #ifdef WOLFSSL_SMALL_STACK @@ -9363,7 +10732,7 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; #endif - InitDecodedCert(cert, der.buffer, der.length, NULL); + InitDecodedCert(cert, der->buffer, der->length, NULL); if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { @@ -9418,7 +10787,7 @@ int SendCertificateStatus(WOLFSSL* ssl) if (ret == 0 && (!ssl->ctx->chainOcspRequest[0] || ssl->buffers.weOwnCertChain)) { - buffer der = {NULL, 0}; + buffer der; word32 idx = 0; #ifdef WOLFSSL_SMALL_STACK DecodedCert* cert = NULL; @@ -9426,21 +10795,23 @@ int SendCertificateStatus(WOLFSSL* ssl) DecodedCert cert[1]; #endif - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) - return MEMORY_E; - #endif + XMEMSET(&der, 0, sizeof(buffer)); - while (idx + OPAQUE24_LEN < ssl->buffers.certChain.length) { - c24to32(ssl->buffers.certChain.buffer + idx, &der.length); + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + #endif + + while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) { + c24to32(ssl->buffers.certChain->buffer + idx, &der.length); idx += OPAQUE24_LEN; - der.buffer = ssl->buffers.certChain.buffer + idx; + der.buffer = ssl->buffers.certChain->buffer + idx; idx += der.length; - if (idx > ssl->buffers.certChain.length) + if (idx > ssl->buffers.certChain->length) break; InitDecodedCert(cert, der.buffer, der.length, NULL); @@ -9523,6 +10894,7 @@ int SendCertificateStatus(WOLFSSL* ssl) break; #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + #endif /* NO_WOLFSSL_SERVER */ default: break; @@ -9541,7 +10913,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) ret, dtlsExtra = 0; - if (ssl->error == WANT_WRITE) + if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E) ssl->error = 0; if (ssl->options.handShakeState != HANDSHAKE_DONE) { @@ -9656,7 +11028,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) WOLFSSL_ENTER("ReceiveData()"); - if (ssl->error == WANT_READ) + if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E) ssl->error = 0; if (ssl->error != 0 && ssl->error != WANT_WRITE) { @@ -10146,6 +11518,18 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case OCSP_INVALID_STATUS: return "Invalid OCSP Status Error"; + case ASYNC_NOT_PENDING: + return "Async operation not pending"; + + case RSA_KEY_SIZE_E: + return "RSA key too small"; + + case ECC_KEY_SIZE_E: + return "ECC key too small"; + + case DTLS_EXPORT_VER_E: + return "Version needs updated after code change or version mismatch"; + default : return "unknown error number"; } @@ -10593,6 +11977,10 @@ static const char* const cipher_names[] = #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 "DHE-PSK-CHACHA20-POLY1305", #endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + "EDH-RSA-DES-CBC3-SHA", +#endif }; @@ -11031,6 +12419,10 @@ static int cipher_name_idx[] = #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, #endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif }; @@ -11047,9 +12439,56 @@ int GetCipherNamesSize(void) return (int)(sizeof(cipher_names) / sizeof(char*)); } +/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ +const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) +{ + const char* fullName; + const char* first; + WOLFSSL_CIPHER* cipher; + word32 i; + + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + cipher = wolfSSL_get_current_cipher(ssl); + fullName = wolfSSL_CIPHER_get_name(cipher); + if (fullName) { + first = (XSTRSTR(fullName, "CHACHA")) ? "CHACHA" + : (XSTRSTR(fullName, "EC")) ? "EC" + : (XSTRSTR(fullName, "CCM")) ? "CCM" + : NULL; /* normal */ + + for (i = 0; i < sizeof(cipher_name_idx); i++) { + if (cipher_name_idx[i] == ssl->options.cipherSuite) { + const char* nameFound = cipher_names[i]; + + /* extra sanity check on returned cipher name */ + if (nameFound == NULL) { + continue; + } + + /* if first is null then not any */ + if (first == NULL) { + if (!XSTRSTR(nameFound, "CHACHA") && + !XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) { + return cipher_names[i]; + } + } + else if (XSTRSTR(nameFound, first)) { + return cipher_names[i]; + } + } + } + } + + return NULL; /* error or not found */ +} + /** -Set the enabled cipher suites-> +Set the enabled cipher suites. @param [out] suites Suites structure. @param [in] list List of cipher suites, only supports full name from @@ -11123,7 +12562,7 @@ int SetCipherList(Suites* suites, const char* list) return ret; } - +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) static void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) { @@ -11159,7 +12598,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } } } - +#endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */ #ifdef WOLFSSL_CALLBACKS @@ -11880,7 +13319,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl, /* don't send client cert or cert verify if user hasn't provided cert and private key */ - if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer) + if (ssl->buffers.certificate && ssl->buffers.certificate->buffer && + ssl->buffers.key && ssl->buffers.key->buffer) ssl->options.sendVerify = SEND_CERT; else if (IsTLS(ssl)) ssl->options.sendVerify = SEND_BLANK_CERT; @@ -11939,7 +13379,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl, word16 length = 0; word32 begin = *inOutIdx; int ret = 0; - #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0) (void)length; /* shut up compiler warnings */ (void)begin; @@ -12624,32 +14063,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl, case rsa_sa_algo: { byte* out = NULL; - byte doUserRsa = 0; word32 verifiedSz = 0; - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaVerifyCb) - doUserRsa = 1; - #endif /*HAVE_PK_CALLBACKS */ - if (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent) { ERROR_OUT(NO_PEER_KEY, done); } - if (doUserRsa) { + verifiedSz = RsaVerify(ssl, + (byte *)input + *inOutIdx, + length, + &out, + ssl->peerRsaKey, #ifdef HAVE_PK_CALLBACKS - verifiedSz = ssl->ctx->RsaVerifyCb(ssl, - (byte *)input + *inOutIdx, - length, &out, - ssl->buffers.peerRsaKey.buffer, - ssl->buffers.peerRsaKey.length, - ssl->RsaVerifyCtx); - #endif /*HAVE_PK_CALLBACKS */ - } - else { - verifiedSz = wc_RsaSSL_VerifyInline((byte *)input + *inOutIdx, - length, &out, ssl->peerRsaKey); - } + ssl->buffers.peerRsaKey.buffer, + ssl->buffers.peerRsaKey.length, + ssl->RsaVerifyCtx + #else + NULL, 0, NULL + #endif + ); if (IsAtLeastTLSv1_2(ssl)) { word32 encSigSz; @@ -12732,7 +14164,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl, /* ecdsa */ case ecc_dsa_sa_algo: { - int verify = 0; #ifndef NO_OLD_TLS byte* digest = &hash[MD5_DIGEST_SIZE]; word32 digestSz = SHA_DIGEST_SIZE; @@ -12740,13 +14171,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl, byte* digest = hash256; word32 digestSz = SHA256_DIGEST_SIZE; #endif - byte doUserEcc = 0; - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->EccVerifyCb) { - doUserEcc = 1; - } - #endif if (!ssl->peerEccDsaKeyPresent) ERROR_OUT(NO_PEER_KEY, done); @@ -12777,22 +14201,19 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #endif } } - if (doUserEcc) { + + ret = EccVerify(ssl, + input + *inOutIdx, length, + digest, digestSz, + ssl->peerEccDsaKey, #ifdef HAVE_PK_CALLBACKS - ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length, - digest, digestSz, - ssl->buffers.peerEccDsaKey.buffer, - ssl->buffers.peerEccDsaKey.length, - &verify, ssl->EccVerifyCtx); + ssl->buffers.peerEccDsaKey.buffer, + ssl->buffers.peerEccDsaKey.length, + ssl->EccVerifyCtx + #else + NULL, 0, NULL #endif - } - else { - ret = wc_ecc_verify_hash(input + *inOutIdx, length, - digest, digestSz, &verify, ssl->peerEccDsaKey); - } - if (ret != 0 || verify == 0) { - ERROR_OUT(VERIFY_SIGN_ERROR, done); - } + ); break; } #endif /* HAVE_ECC */ @@ -12863,8 +14284,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #else /* !NO_DH or HAVE_ECC */ return NOT_COMPILED_IN; /* not supported by build */ #endif /* !NO_DH or HAVE_ECC */ - - #undef ERROR_OUT } @@ -13332,10 +14751,9 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) byte priv[ENCRYPT_LEN]; #endif word32 privSz = 0; - DhKey key; - if (serverP.buffer == 0 || serverG.buffer == 0 || - serverPub.buffer == 0) { + if (serverP.buffer == NULL || serverG.buffer == NULL || + serverPub.buffer == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -13351,21 +14769,17 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) } #endif - wc_InitDhKey(&key); - ret = wc_DhSetKey(&key, serverP.buffer, serverP.length, - serverG.buffer, serverG.length); - if (ret == 0) - /* for DH, encSecret is Yc, agree is pre-master */ - ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, - encSecret, &encSz); - if (ret == 0) - ret = wc_DhAgree(&key, ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz, priv, privSz, - serverPub.buffer, serverPub.length); + ret = DhAgree(ssl, + serverP.buffer, serverP.length, + serverG.buffer, serverG.length, + priv, &privSz, + encSecret, &encSz, + serverPub.buffer, serverPub.length, + ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz); + #ifdef WOLFSSL_SMALL_STACK XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - wc_FreeDhKey(&key); } break; #endif /* NO_DH */ @@ -13429,7 +14843,6 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) word32 privSz = 0; word32 pubSz = 0; word32 esSz = 0; - DhKey key; if (serverP.buffer == 0 || serverG.buffer == 0 || serverPub.buffer == 0) { @@ -13477,18 +14890,14 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) es += esSz; encSz = esSz + OPAQUE16_LEN; - wc_InitDhKey(&key); - ret = wc_DhSetKey(&key, serverP.buffer, serverP.length, - serverG.buffer, serverG.length); - if (ret == 0) - /* for DH, encSecret is Yc, agree is pre-master */ - ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, - es + OPAQUE16_LEN, &pubSz); - if (ret == 0) - ret = wc_DhAgree(&key, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, priv, privSz, - serverPub.buffer, serverPub.length); - wc_FreeDhKey(&key); + ret = DhAgree(ssl, + serverP.buffer, serverP.length, + serverG.buffer, serverG.length, + priv, &privSz, + es + OPAQUE16_LEN, &pubSz, + serverPub.buffer, serverPub.length, + pms + OPAQUE16_LEN, &ssl->arrays->preMasterSz); + #ifdef WOLFSSL_SMALL_STACK XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -13598,12 +15007,13 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) ret = ECC_EXPORT_ERROR; } else { - /* Create shared ECC key leaveing room at the begining + /* Create shared ECC key leaving room at the begining of buffer for size of shared key. Note sizeof preMasterSecret is ENCRYPT_LEN currently 512 */ size = sizeof(ssl->arrays->preMasterSecret) - OPAQUE16_LEN; - ret = wc_ecc_shared_secret(&myKey, peerKey, + + ret = EccSharedSecret(ssl, &myKey, peerKey, ssl->arrays->preMasterSecret + OPAQUE16_LEN, &size); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK @@ -13743,8 +15153,8 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) ret = ECC_EXPORT_ERROR; else { size = sizeof(ssl->arrays->preMasterSecret); - ret = wc_ecc_shared_secret(&myKey, peerKey, - ssl->arrays->preMasterSecret, &size); + ret = EccSharedSecret(ssl, &myKey, peerKey, + ssl->arrays->preMasterSecret, &size); if (ret != 0) ret = ECC_SHARED_ERROR; } @@ -13962,23 +15372,44 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) ret = wc_InitRsaKey(&key, ssl->heap); if (ret == 0) initRsaKey = 1; if (ret == 0) - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key, - ssl->buffers.key.length); - if (ret == 0) - sigOutSz = wc_RsaEncryptSize(&key); + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key, + ssl->buffers.key->length); + if (ret == 0) { + int keySz = wc_RsaEncryptSize(&key); + if (keySz < 0) { /* check if keySz has error case */ + return keySz; + } + + sigOutSz = (word32)keySz; + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + return RSA_KEY_SIZE_E; + } + } else #endif { #ifdef HAVE_ECC WOLFSSL_MSG("Trying ECC client cert, RSA didn't work"); + if (ssl->buffers.key == NULL) { + WOLFSSL_MSG("ECC Key missing"); + return NO_PRIVATE_KEY; + } + idx = 0; - ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey, - ssl->buffers.key.length); + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &eccKey, + ssl->buffers.key->length); if (ret == 0) { WOLFSSL_MSG("Using ECC client cert"); usingEcc = 1; sigOutSz = MAX_ENCODED_SIG_SZ; + + /* check minimum size of ECC key */ + if (wc_ecc_size(&eccKey) < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + return ECC_KEY_SIZE_E; + } } else { WOLFSSL_MSG("Bad client cert type"); @@ -14036,7 +15467,6 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) word32 localSz = MAX_ENCODED_SIG_SZ; word32 digestSz; byte* digest; - byte doUserEcc = 0; #ifndef NO_OLD_TLS /* old tls default */ digestSz = SHA_DIGEST_SIZE; @@ -14047,13 +15477,6 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) digest = ssl->hsHashes->certHashes.sha256; #endif - #ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - if (ssl->ctx->EccSignCb) - doUserEcc = 1; - #endif /* HAVE_ECC */ - #endif /*HAVE_PK_CALLBACKS */ - if (IsAtLeastTLSv1_2(ssl)) { if (ssl->suites->hashAlgo == sha_mac) { #ifndef NO_SHA @@ -14081,36 +15504,28 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) } } - if (doUserEcc) { - #ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, - encodedSig, &localSz, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->EccSignCtx); - #endif /* HAVE_ECC */ - #endif /*HAVE_PK_CALLBACKS */ - } - else { - ret = wc_ecc_sign_hash(digest, digestSz, encodedSig, - &localSz, ssl->rng, &eccKey); - } + ret = EccSign(ssl, + digest, digestSz, + encodedSig, &localSz, + &eccKey, + #if defined(HAVE_PK_CALLBACKS) + ssl->buffers.key->buffer, + ssl->buffers.key->length, + ssl->EccSignCtx + #else + NULL, 0, NULL + #endif + ); if (ret == 0) { length = localSz; c16toa((word16)length, verify + extraSz); /* prepend hdr */ XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length); } -#endif +#endif /* HAVE_ECC */ } #ifndef NO_RSA else { - byte doUserRsa = 0; - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaSignCb) - doUserRsa = 1; - #endif /*HAVE_PK_CALLBACKS */ + word32 ioLen = ENCRYPT_LEN; if (IsAtLeastTLSv1_2(ssl)) { /* @@ -14174,28 +15589,28 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) } c16toa((word16)length, verify + extraSz); /* prepend hdr */ - if (doUserRsa) { - #ifdef HAVE_PK_CALLBACKS - #ifndef NO_RSA - word32 ioLen = ENCRYPT_LEN; - ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, - verify + extraSz + VERIFY_HEADER, - &ioLen, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->RsaSignCtx); - #endif /* NO_RSA */ - #endif /*HAVE_PK_CALLBACKS */ - } - else { - ret = wc_RsaSSL_Sign(signBuffer, signSz, verify + extraSz + - VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng); - } - if (ret > 0) { + ret = RsaSign(ssl, + signBuffer, signSz, + verify + extraSz + VERIFY_HEADER, + &ioLen, + &key, + ssl->buffers.key->buffer, + ssl->buffers.key->length, + #ifdef HAVE_PK_CALLBACKS + ssl->RsaSignCtx + #else + NULL + #endif + ); + if (ret == 0) { /* check for signature faults */ - ret = VerifyRsaSign(verify + extraSz + VERIFY_HEADER, ret, - signBuffer, signSz, &key); + ret = VerifyRsaSign(ssl, + verify + extraSz + VERIFY_HEADER, + ioLen, + signBuffer, + signSz, + &key); } } #endif @@ -14205,45 +15620,45 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) if (ret == 0) { AddHeaders(output, length + extraSz + VERIFY_HEADER, - certificate_verify, ssl); + certificate_verify, ssl); - sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length + + sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length + extraSz + VERIFY_HEADER; - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif - if (IsEncryptionOn(ssl, 1)) { - byte* input; - int inputSz = sendSz - RECORD_HEADER_SZ; - /* build msg adds rec hdr */ - input = (byte*)XMALLOC(inputSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (input == NULL) - ret = MEMORY_E; - else { - XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); - sendSz = BuildMessage(ssl, output, - MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA, - input, inputSz, handshake, 1); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (IsEncryptionOn(ssl, 1)) { + byte* input; + int inputSz = sendSz - RECORD_HEADER_SZ; + /* build msg adds rec hdr */ + input = (byte*)XMALLOC(inputSz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (input == NULL) + ret = MEMORY_E; + else { + XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); + sendSz = BuildMessage(ssl, output, + MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA, + input, inputSz, handshake, 1); + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (sendSz < 0) - ret = sendSz; - } - } else { - ret = HashOutput(ssl, output, sendSz, 0); - } + if (sendSz < 0) + ret = sendSz; + } + } else { + ret = HashOutput(ssl, output, sendSz, 0); + } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) - return ret; - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + return ret; + } + #endif } } #ifndef NO_RSA @@ -14267,9 +15682,9 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) return 0; else return SendBuffered(ssl); - } + } else - return ret; + return ret; } #endif /* NO_CERTS */ @@ -14510,1713 +15925,1160 @@ int DoSessionTicket(WOLFSSL* ssl, int SendServerKeyExchange(WOLFSSL* ssl) { - int ret = 0; - (void)ssl; - #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0) + int ret; + int sendSz = 0; + byte *output = NULL; + word32 idx = 0, sigSz = 0, length = 0; + #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) + byte *sigDataBuf = NULL; + word32 sigDataSz = 0; + #endif + #if defined(HAVE_ECC) + byte *exportBuf = NULL; + word32 exportSz = 0; + #endif #ifdef HAVE_QSH word32 qshSz = 0; - if (ssl->peerQSHKeyPresent && ssl->options.haveQSH) { + if (ssl->peerQSHKeyPresent) { qshSz = QSH_KeyGetSize(ssl); } #endif - switch(ssl->specs.kea) - { - #ifndef NO_PSK - case psk_kea: - { - byte *output; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int sendSz; - if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */ + (void)ssl; + (void)sigSz; - /* include size part */ - length = (word32)XSTRLEN(ssl->arrays->server_hint); - if (length > MAX_PSK_ID_LEN) { - return SERVER_HINT_ERROR; + #ifdef WOLFSSL_ASYNC_CRYPT + ret = wolfSSL_async_pop(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); + if (ret != ASYNC_NOT_PENDING) { + /* Check for error */ + if (ret < 0) { + goto exit_sske; } + else { + /* Restore variables needed for async */ + output = ssl->async.output; + sendSz = ssl->async.sendSz; + idx = ssl->async.idx; + sigSz = ssl->async.sigSz; + length = ssl->async.length; - length += HINT_LEN_SZ; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef HAVE_QSH - length += qshSz; - sendSz += qshSz; - #endif - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + /* Advance key share state */ + ssl->options.keyShareState++; } - #endif - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - return ret; - } - - /* get output buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, server_key_exchange, ssl); - - /* key data */ - #ifdef HAVE_QSH - c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx); - #else - c16toa((word16)(length - HINT_LEN_SZ), output + idx); - #endif - idx += HINT_LEN_SZ; - XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ); - - #ifdef HAVE_QSH - if (ssl->peerQSHKeyPresent) { - if (qshSz > 0) { - idx = sendSz - qshSz; - if (QSH_KeyExchangeWrite(ssl, 1) != 0) { - return MEMORY_E; - } - - /* extension type */ - c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); - idx += OPAQUE16_LEN; - - /* write to output and check amount written */ - if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) { - return MEMORY_E; - } - } - } - #endif - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { - return ret; - } - } - #endif - - ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) { - return ret; - } - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, - sendSz, ssl->heap); - } - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) { - ret = 0; - } - else { - ret = SendBuffered(ssl); - } - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - break; } - #endif /*NO_PSK */ - - #if !defined(NO_DH) && !defined(NO_PSK) - case dhe_psk_kea: + else + #endif { - byte *output; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 hintLen; - int sendSz; - DhKey dhKey; - - if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) { - return NO_DH_PARAMS; - } - - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - return MEMORY_E; - } - } - - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - return MEMORY_E; - } - } - - wc_InitDhKey(&dhKey); - ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) { - ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, - ssl->buffers.serverDH_Priv.buffer, - &ssl->buffers.serverDH_Priv.length, - ssl->buffers.serverDH_Pub.buffer, - &ssl->buffers.serverDH_Pub.length); - } - wc_FreeDhKey(&dhKey); - if (ret != 0) { - return ret; - } - - length = LENGTH_SZ * 3 + /* p, g, pub */ - ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) { - return SERVER_HINT_ERROR; - } - length += hintLen + HINT_LEN_SZ; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef HAVE_QSH - length += qshSz; - sendSz += qshSz; - #endif - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - return ret; - } - - /* get output buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, server_key_exchange, ssl); - - /* key data */ - c16toa((word16)hintLen, output + idx); - idx += HINT_LEN_SZ; - XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); - idx += hintLen; - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - idx += ssl->buffers.serverDH_Pub.length; - (void)idx; /* suppress analyzer warning, and keep idx current */ - - #ifdef HAVE_QSH - if (ssl->peerQSHKeyPresent) { - if (qshSz > 0) { - idx = sendSz - qshSz; - QSH_KeyExchangeWrite(ssl, 1); - - /* extension type */ - c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); - idx += OPAQUE16_LEN; - - /* write to output and check amount written */ - if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) { - return MEMORY_E; - } - } - } - #endif - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { - return ret; - } - } - #endif - - ret = HashOutput(ssl, output, sendSz, 0); - - if (ret != 0) { - return ret; - } - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, - sendSz, ssl->heap); - } - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) { - ret = 0; - } - else { - ret = SendBuffered(ssl); - } - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - break; + /* Reset state */ + ret = 0; + ssl->options.keyShareState = KEYSHARE_BEGIN; } - #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) - case ecdhe_psk_kea: + switch(ssl->options.keyShareState) { - word32 hintLen; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int sendSz; - byte *output; - ecc_key dsaKey; - #ifdef WOLFSSL_SMALL_STACK - byte* exportBuf = NULL; - #else - byte exportBuf[MAX_EXPORT_ECC_SZ]; - #endif - word32 expSz = MAX_EXPORT_ECC_SZ; - - /* curve type, named curve, length(1) */ - length = ENUM_LEN + CURVE_LEN + ENUM_LEN; - /* pub key size */ - WOLFSSL_MSG("Using ephemeral ECDH"); - - /* need ephemeral key now, create it if missing */ - if (ssl->eccTempKey == NULL) { - /* alloc/init on demand */ - ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), - ssl->ctx->heap, DYNAMIC_TYPE_ECC); - if (ssl->eccTempKey == NULL) { - WOLFSSL_MSG("EccTempKey Memory error"); - return MEMORY_E; - } - wc_ecc_init(ssl->eccTempKey); - } - if (ssl->eccTempKeyPresent == 0) { - if (wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz, - ssl->eccTempKey) != 0) { - return ECC_MAKEKEY_ERROR; - } - ssl->eccTempKeyPresent = 1; - } - - #ifdef WOLFSSL_SMALL_STACK - exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - return MEMORY_E; - } - #endif - - if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ECC_EXPORT_ERROR; - } - length += expSz; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return SERVER_HINT_ERROR; - } - length += hintLen + HINT_LEN_SZ; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef HAVE_QSH - length += qshSz; - sendSz += qshSz; - #endif - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - wc_ecc_free(&dsaKey); - #ifdef WOLFSSL_SMALL_STACK - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ret; - } - - /* get output buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - /* key data */ - c16toa((word16)hintLen, output + idx); - idx += HINT_LEN_SZ; - XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); - idx += hintLen; - - /* ECC key exchange data */ - output[idx++] = named_curve; - output[idx++] = 0x00; /* leading zero */ - output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey)); - output[idx++] = (byte)expSz; - XMEMCPY(output + idx, exportBuf, expSz); - #ifdef WOLFSSL_SMALL_STACK - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - - #ifdef HAVE_QSH - if (ssl->peerQSHKeyPresent) { - if (qshSz > 0) { - idx = sendSz - qshSz; - QSH_KeyExchangeWrite(ssl, 1); - - /* extension type */ - c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); - idx += OPAQUE16_LEN; - - /* write to output and check amount written */ - if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) { - return MEMORY_E; - } - } - } - #endif - - - AddHeaders(output, length, server_key_exchange, ssl); - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { - return ret; - } - } - #endif - - ret = HashOutput(ssl, output, sendSz, 0); - - if (ret != 0) { - return ret; - } - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, - sendSz, ssl->heap); - } - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) { - ret = 0; - } - else { - ret = SendBuffered(ssl); - } - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - break; - } - #endif /* HAVE_ECC && !NO_PSK */ - - #ifdef HAVE_ECC - case ecc_diffie_hellman_kea: - { - byte *output; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int sendSz; - word32 sigSz; - word32 preSigSz, preSigIdx; - #ifndef NO_RSA - RsaKey rsaKey; - #endif - ecc_key dsaKey; - #ifdef WOLFSSL_SMALL_STACK - byte* exportBuf = NULL; - #else - byte exportBuf[MAX_EXPORT_ECC_SZ]; - #endif - word32 expSz = MAX_EXPORT_ECC_SZ; - - #ifndef NO_OLD_TLS - byte doMd5 = 0; - byte doSha = 0; - #endif - #ifndef NO_SHA256 - byte doSha256 = 0; - #endif - #ifdef WOLFSSL_SHA384 - byte doSha384 = 0; - #endif - #ifdef WOLFSSL_SHA512 - byte doSha512 = 0; - #endif - - if (ssl->specs.static_ecdh) { - WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange"); - return 0; - } - - /* curve type, named curve, length(1) */ - length = ENUM_LEN + CURVE_LEN + ENUM_LEN; - /* pub key size */ - WOLFSSL_MSG("Using ephemeral ECDH"); - - /* need ephemeral key now, create it if missing */ - if (ssl->eccTempKey == NULL) { - /* alloc/init on demand */ - ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), - ssl->ctx->heap, DYNAMIC_TYPE_ECC); - if (ssl->eccTempKey == NULL) { - WOLFSSL_MSG("EccTempKey Memory error"); - return MEMORY_E; - } - wc_ecc_init(ssl->eccTempKey); - } - - if (ssl->eccTempKeyPresent == 0) { - if (wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz, - ssl->eccTempKey) != 0) { - return ECC_MAKEKEY_ERROR; - } - ssl->eccTempKeyPresent = 1; - } - - #ifdef WOLFSSL_SMALL_STACK - exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - return MEMORY_E; - } - #endif - - if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, done_a); - } - - length += expSz; - - preSigSz = length; - preSigIdx = idx; - - #ifndef NO_RSA - ret = wc_InitRsaKey(&rsaKey, ssl->heap); - if (ret != 0) { - goto done_a; - } - #endif - - wc_ecc_init(&dsaKey); - - /* sig length */ - length += LENGTH_SZ; - - if (!ssl->buffers.key.buffer) { - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - ERROR_OUT(NO_PRIVATE_KEY, done_a); - } - - #ifndef NO_RSA - if (ssl->specs.sig_algo == rsa_sa_algo) { - /* rsa sig size */ - word32 i = 0; - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, - &rsaKey, ssl->buffers.key.length); - if (ret != 0) { - goto done_a; - } - sigSz = wc_RsaEncryptSize(&rsaKey); - } else - #endif - - if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { - /* ecdsa sig size */ - word32 i = 0; - ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, - &dsaKey, ssl->buffers.key.length); - if (ret != 0) { - goto done_a; - } - sigSz = wc_ecc_sig_size(&dsaKey); /* worst case estimate */ - } - else { - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - ERROR_OUT(ALGO_ID_E, done_a); /* unsupported type */ - } - length += sigSz; - - if (IsAtLeastTLSv1_2(ssl)) { - length += HASH_SIG_SIZE; - } - - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef HAVE_QSH - length += qshSz; - sendSz += qshSz; - #endif - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - preSigIdx = idx; - } - #endif - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - goto done_a; - } - - /* get output buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - /* record and message headers will be added below, when we're sure - of the sig length */ - - /* key exchange data */ - output[idx++] = named_curve; - output[idx++] = 0x00; /* leading zero */ - output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey)); - output[idx++] = (byte)expSz; - XMEMCPY(output + idx, exportBuf, expSz); - idx += expSz; - if (IsAtLeastTLSv1_2(ssl)) { - byte setHash = 0; - - output[idx++] = ssl->suites->hashAlgo; - output[idx++] = ssl->suites->sigAlgo; - - switch (ssl->suites->hashAlgo) { - case sha512_mac: - #ifdef WOLFSSL_SHA512 - doSha512 = 1; - setHash = 1; - #endif - break; - - case sha384_mac: - #ifdef WOLFSSL_SHA384 - doSha384 = 1; - setHash = 1; - #endif - break; - - case sha256_mac: - #ifndef NO_SHA256 - doSha256 = 1; - setHash = 1; - #endif - break; - - case sha_mac: - #ifndef NO_OLD_TLS - doSha = 1; - setHash = 1; - #endif - break; - - default: - WOLFSSL_MSG("Bad hash sig algo"); - break; - } - - if (setHash == 0) { - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - ERROR_OUT(ALGO_ID_E, done_a); - } - } else { - /* only using sha and md5 for rsa */ - #ifndef NO_OLD_TLS - doSha = 1; - if (ssl->suites->sigAlgo == rsa_sa_algo) { - doMd5 = 1; - } - #else - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - ERROR_OUT(ALGO_ID_E, done_a); - #endif - } - - /* Signtaure length will be written later, when we're sure what it - is */ - - #ifdef HAVE_FUZZER - if (ssl->fuzzerCb) { - ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, - FUZZ_SIGNATURE, ssl->fuzzerCtx); - } - #endif - - /* do signature */ + case KEYSHARE_BEGIN: { - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_SMALL_STACK - Md5* md5 = NULL; - Sha* sha = NULL; - #else - Md5 md5[1]; - Sha sha[1]; - #endif - #endif - #ifdef WOLFSSL_SMALL_STACK - byte* hash = NULL; - #else - byte hash[FINISHED_SZ]; - #endif - #ifndef NO_SHA256 - #ifdef WOLFSSL_SMALL_STACK - Sha256* sha256 = NULL; - byte* hash256 = NULL; - #else - Sha256 sha256[1]; - byte hash256[SHA256_DIGEST_SIZE]; - #endif - #endif - #ifdef WOLFSSL_SHA384 - #ifdef WOLFSSL_SMALL_STACK - Sha384* sha384 = NULL; - byte* hash384 = NULL; - #else - Sha384 sha384[1]; - byte hash384[SHA384_DIGEST_SIZE]; - #endif - #endif - #ifdef WOLFSSL_SHA512 - #ifdef WOLFSSL_SMALL_STACK - Sha512* sha512 = NULL; - byte* hash512 = NULL; - #else - Sha512 sha512[1]; - byte hash512[SHA512_DIGEST_SIZE]; - #endif - #endif - - #ifdef WOLFSSL_SMALL_STACK - hash = (byte*)XMALLOC(FINISHED_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) { - ERROR_OUT(MEMORY_E, done_a); - } - #endif - - #ifndef NO_OLD_TLS - /* md5 */ - #ifdef WOLFSSL_SMALL_STACK - if (doMd5) { - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - } - #endif - if (doMd5) { - wc_InitMd5(md5); - wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); - wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); - wc_Md5Update(md5, output + preSigIdx, preSigSz); - wc_Md5Final(md5, hash); - } - /* sha */ - #ifdef WOLFSSL_SMALL_STACK - if (doSha) { - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - } - #endif - if (doSha) { - ret = wc_InitSha(sha); - if (ret != 0) { - goto done_a2; - } - wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); - wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); - wc_ShaUpdate(sha, output + preSigIdx, preSigSz); - wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]); - } - #endif - - #ifndef NO_SHA256 - #ifdef WOLFSSL_SMALL_STACK - if (doSha256) { - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - } - #endif - - if (doSha256) { - if (!(ret = wc_InitSha256(sha256)) - && !(ret = wc_Sha256Update(sha256, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, - output + preSigIdx, preSigSz))) { - ret = wc_Sha256Final(sha256, hash256); - } - if (ret != 0) { - goto done_a2; - } - } - #endif - - #ifdef WOLFSSL_SHA384 - #ifdef WOLFSSL_SMALL_STACK - if (doSha384) { - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - } - #endif - - if (doSha384) { - if (!(ret = wc_InitSha384(sha384)) - && !(ret = wc_Sha384Update(sha384, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, - output + preSigIdx, preSigSz))) { - ret = wc_Sha384Final(sha384, hash384); - } - if (ret != 0) { - goto done_a2; - } - } - #endif - - #ifdef WOLFSSL_SHA512 - #ifdef WOLFSSL_SMALL_STACK - if (doSha512) { - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - } - #endif - - if (doSha512) { - if (!(ret = wc_InitSha512(sha512)) - && !(ret = wc_Sha512Update(sha512, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, - output + preSigIdx, preSigSz))) { - ret = wc_Sha512Final(sha512, hash512); - } - if (ret != 0) { - goto done_a2; - } - } - #endif - - #ifndef NO_RSA - if (ssl->suites->sigAlgo == rsa_sa_algo) { - byte* signBuffer = hash; - word32 signSz = FINISHED_SZ; - byte doUserRsa = 0; - #ifdef WOLFSSL_SMALL_STACK - byte* encodedSig = NULL; - #else - byte encodedSig[MAX_ENCODED_SIG_SZ]; - #endif - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaSignCb) - doUserRsa = 1; - #endif - - #ifdef WOLFSSL_SMALL_STACK - encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) { - ERROR_OUT(MEMORY_E, done_a2); - } - #endif - - if (IsAtLeastTLSv1_2(ssl)) { - byte* digest = &hash[MD5_DIGEST_SIZE]; - int typeH = SHAh; - int digestSz = SHA_DIGEST_SIZE; - - if (ssl->suites->hashAlgo == sha256_mac) { - #ifndef NO_SHA256 - digest = hash256; - typeH = SHA256h; - digestSz = SHA256_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha384_mac) { - #ifdef WOLFSSL_SHA384 - digest = hash384; - typeH = SHA384h; - digestSz = SHA384_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha512_mac) { - #ifdef WOLFSSL_SHA512 - digest = hash512; - typeH = SHA512h; - digestSz = SHA512_DIGEST_SIZE; - #endif - } - - if (digest == NULL) { - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - ERROR_OUT(ALGO_ID_E, done_a2); - } - signSz = wc_EncodeSignature(encodedSig, digest, - digestSz, typeH); - signBuffer = encodedSig; - } - /* write sig size here */ - c16toa((word16)sigSz, output + idx); - idx += LENGTH_SZ; - - if (doUserRsa) { - #ifdef HAVE_PK_CALLBACKS - word32 ioLen = sigSz; - ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, - output + idx, &ioLen, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->RsaSignCtx); - #endif /*HAVE_PK_CALLBACKS */ - } - else { - ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx, - sigSz, &rsaKey, ssl->rng); - } - - if (ret > 0) { - /* check for signature faults */ - ret = VerifyRsaSign(output + idx, ret, - signBuffer, signSz, &rsaKey); - } - wc_FreeRsaKey(&rsaKey); - wc_ecc_free(&dsaKey); - - #ifdef WOLFSSL_SMALL_STACK - XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - - if (ret < 0) { - goto done_a2; - } - } else - #endif - - if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { - #ifndef NO_OLD_TLS - byte* digest = &hash[MD5_DIGEST_SIZE]; - word32 digestSz = SHA_DIGEST_SIZE; - #else - byte* digest = hash256; - word32 digestSz = SHA256_DIGEST_SIZE; - #endif - word32 sz = sigSz; - byte doUserEcc = 0; - - #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) - if (ssl->ctx->EccSignCb) { - doUserEcc = 1; - } - #endif - - if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->suites->hashAlgo == sha_mac) { - #ifndef NO_SHA - digest = &hash[MD5_DIGEST_SIZE]; - digestSz = SHA_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha256_mac) { - #ifndef NO_SHA256 - digest = hash256; - digestSz = SHA256_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha384_mac) { - #ifdef WOLFSSL_SHA384 - digest = hash384; - digestSz = SHA384_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha512_mac) { - #ifdef WOLFSSL_SHA512 - digest = hash512; - digestSz = SHA512_DIGEST_SIZE; - #endif - } - } - - if (doUserEcc) { - #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) - ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, - output + LENGTH_SZ + idx, - &sz, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->EccSignCtx); - #endif - } - else { - ret = wc_ecc_sign_hash(digest, digestSz, - output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey); - } - #ifndef NO_RSA - wc_FreeRsaKey(&rsaKey); - #endif - wc_ecc_free(&dsaKey); - - if (ret < 0) { - goto done_a2; - } - - /* Now that we know the real sig size, write it. */ - c16toa((word16)sz, output + idx); - - /* And adjust length and sendSz from estimates */ - length += sz - sigSz; - sendSz += sz - sigSz; - } - - done_a2: - #ifdef WOLFSSL_SMALL_STACK - #ifndef NO_OLD_TLS - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #ifndef NO_SHA256 - XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef WOLFSSL_SHA384 - XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef WOLFSSL_SHA512 - XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #endif - - if (ret < 0) - goto done_a; - } - -#ifdef HAVE_QSH - if (ssl->peerQSHKeyPresent) { - if (qshSz > 0) { - idx = sendSz - qshSz; - QSH_KeyExchangeWrite(ssl, 1); - - /* extension type */ - c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); - idx += OPAQUE16_LEN; - - /* write to output and check amount written */ - if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) { - return MEMORY_E; - } - } - } -#endif - - - AddHeaders(output, length, server_key_exchange, ssl); - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { - goto done_a; - } - } - #endif - - if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) { - goto done_a; - } - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, - output, sendSz, ssl->heap); - } - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) { - ret = 0; - } - else { - ret = SendBuffered(ssl); - } - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - - done_a: - #ifdef WOLFSSL_SMALL_STACK - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - - return ret; - } - #endif /* HAVE_ECC */ - - #if !defined(NO_DH) && !defined(NO_RSA) - case diffie_hellman_kea: - { - byte *output; - word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int sendSz; - word32 sigSz = 0, i = 0; - word32 preSigSz = 0, preSigIdx = 0; - RsaKey rsaKey; - DhKey dhKey; - - if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) { - return NO_DH_PARAMS; - } - - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - return MEMORY_E; - } - } - - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - return MEMORY_E; - } - } - - wc_InitDhKey(&dhKey); - ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) { - ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, - ssl->buffers.serverDH_Priv.buffer, - &ssl->buffers.serverDH_Priv.length, - ssl->buffers.serverDH_Pub.buffer, - &ssl->buffers.serverDH_Pub.length); - } - wc_FreeDhKey(&dhKey); - - if (ret != 0) { - return ret; - } - - length = LENGTH_SZ * 3; /* p, g, pub */ - length += ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - preSigIdx = idx; - preSigSz = length; - - if (!ssl->options.usingAnon_cipher) { - ret = wc_InitRsaKey(&rsaKey, ssl->heap); - if (ret != 0) { - return ret; - } - - /* sig length */ - length += LENGTH_SZ; - - if (!ssl->buffers.key.buffer) { - return NO_PRIVATE_KEY; - } - - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, - &rsaKey, ssl->buffers.key.length); - if (ret == 0) { - sigSz = wc_RsaEncryptSize(&rsaKey); - length += sigSz; - } - else { - wc_FreeRsaKey(&rsaKey); - return ret; - } - - if (IsAtLeastTLSv1_2(ssl)) { - length += HASH_SIG_SIZE; - } - } - - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef HAVE_QSH - length += qshSz; - sendSz += qshSz; - #endif - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - preSigIdx = idx; - } - #endif - - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - if (!ssl->options.usingAnon_cipher) { - wc_FreeRsaKey(&rsaKey); - } - return ret; - } - - /* get output buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, server_key_exchange, ssl); - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - idx += ssl->buffers.serverDH_Pub.length; - - #ifdef HAVE_FUZZER - if (ssl->fuzzerCb) { - ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, - FUZZ_SIGNATURE, ssl->fuzzerCtx); - } - #endif - - /* Add signature */ - if (!ssl->options.usingAnon_cipher) { - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_SMALL_STACK - Md5* md5 = NULL; - Sha* sha = NULL; - #else - Md5 md5[1]; - Sha sha[1]; - #endif - #endif - #ifdef WOLFSSL_SMALL_STACK - byte* hash = NULL; - #else - byte hash[FINISHED_SZ]; - #endif - #ifndef NO_SHA256 - #ifdef WOLFSSL_SMALL_STACK - Sha256* sha256 = NULL; - byte* hash256 = NULL; - #else - Sha256 sha256[1]; - byte hash256[SHA256_DIGEST_SIZE]; - #endif - #endif - #ifdef WOLFSSL_SHA384 - #ifdef WOLFSSL_SMALL_STACK - Sha384* sha384 = NULL; - byte* hash384 = NULL; - #else - Sha384 sha384[1]; - byte hash384[SHA384_DIGEST_SIZE]; - #endif - #endif - #ifdef WOLFSSL_SHA512 - #ifdef WOLFSSL_SMALL_STACK - Sha512* sha512 = NULL; - byte* hash512 = NULL; - #else - Sha512 sha512[1]; - byte hash512[SHA512_DIGEST_SIZE]; - #endif - #endif - - #ifndef NO_OLD_TLS - byte doMd5 = 0; - byte doSha = 0; - #endif - #ifndef NO_SHA256 - byte doSha256 = 0; - #endif - #ifdef WOLFSSL_SHA384 - byte doSha384 = 0; - #endif - #ifdef WOLFSSL_SHA512 - byte doSha512 = 0; - #endif - - /* Add hash/signature algo ID */ - if (IsAtLeastTLSv1_2(ssl)) { - byte setHash = 0; - - output[idx++] = ssl->suites->hashAlgo; - output[idx++] = ssl->suites->sigAlgo; - - switch (ssl->suites->hashAlgo) { - case sha512_mac: - #ifdef WOLFSSL_SHA512 - doSha512 = 1; - setHash = 1; - #endif + /* Do some checks / debug msgs */ + switch(ssl->specs.kea) + { + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + /* pub key size */ + WOLFSSL_MSG("Using ephemeral ECDH"); break; + } + #endif /* HAVE_ECC && !NO_PSK */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + if (ssl->specs.static_ecdh) { + WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange"); + ERROR_OUT(0, exit_sske); + } - case sha384_mac: - #ifdef WOLFSSL_SHA384 - doSha384 = 1; - setHash = 1; - #endif + if (!ssl->buffers.key->buffer) { + ERROR_OUT(NO_PRIVATE_KEY, exit_sske); + } + + WOLFSSL_MSG("Using ephemeral ECDH"); break; + } + #endif /* HAVE_ECC */ + } - case sha256_mac: - #ifndef NO_SHA256 - doSha256 = 1; - setHash = 1; - #endif + /* Preparing keys */ + switch(ssl->specs.kea) + { + #ifndef NO_PSK + case psk_kea: + { + /* Nothing to do in this sub-state */ break; + } + #endif /* !NO_PSK */ + #if !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA)) + #if !defined(NO_PSK) + case dhe_psk_kea: + #endif + #if !defined(NO_RSA) + case diffie_hellman_kea: + #endif + { + /* Allocate DH key buffers and generate key */ + if (ssl->buffers.serverDH_P.buffer == NULL || + ssl->buffers.serverDH_G.buffer == NULL) { + ERROR_OUT(NO_DH_PARAMS, exit_sske); + } - case sha_mac: - #ifndef NO_OLD_TLS - doSha = 1; - setHash = 1; - #endif + if (ssl->buffers.serverDH_Pub.buffer == NULL) { + /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ + ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Pub.buffer == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + } + + if (ssl->buffers.serverDH_Priv.buffer == NULL) { + /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ + ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Priv.buffer == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + } + + ret = DhGenKeyPair(ssl, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + ssl->buffers.serverDH_Priv.buffer, + &ssl->buffers.serverDH_Priv.length, + ssl->buffers.serverDH_Pub.buffer, + &ssl->buffers.serverDH_Pub.length); break; - + } + #endif /* !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA)) */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + /* Fall through to create temp ECC key */ + #endif /* HAVE_ECC && !NO_PSK */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + /* need ephemeral key now, create it if missing */ + if (ssl->eccTempKey == NULL) { + /* alloc/init on demand */ + ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), + ssl->ctx->heap, DYNAMIC_TYPE_ECC); + if (ssl->eccTempKey == NULL) { + WOLFSSL_MSG("EccTempKey Memory error"); + ERROR_OUT(MEMORY_E, exit_sske); + } + wc_ecc_init(ssl->eccTempKey); + } + ret = EccMakeTempKey(ssl); + break; + } + #endif /* HAVE_ECC */ default: - WOLFSSL_MSG("Bad hash sig algo"); + /* Skip ServerKeyExchange */ + goto exit_sske; + } /* switch(ssl->specs.kea) */ + + /* Check for error */ + if (ret != 0) { + goto exit_sske; + } + + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_BUILD; + } /* case KEYSHARE_BEGIN */ + + case KEYSHARE_BUILD: + { + #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC) + word32 preSigSz, preSigIdx; + #endif + + switch(ssl->specs.kea) + { + #ifndef NO_PSK + case psk_kea: + { + idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + + if (ssl->arrays->server_hint[0] == 0) { + ERROR_OUT(0, exit_sske); /* don't send */ + } + + /* include size part */ + length = (word32)XSTRLEN(ssl->arrays->server_hint); + if (length > MAX_PSK_ID_LEN) { + ERROR_OUT(SERVER_HINT_ERROR, exit_sske); + } + + length += HINT_LEN_SZ; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef HAVE_QSH + length += qshSz; + sendSz += qshSz; + #endif + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + goto exit_sske; + } + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, server_key_exchange, ssl); + + /* key data */ + #ifdef HAVE_QSH + c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx); + #else + c16toa((word16)(length - HINT_LEN_SZ), output + idx); + #endif + + idx += HINT_LEN_SZ; + XMEMCPY(output + idx, ssl->arrays->server_hint, length - HINT_LEN_SZ); break; - } - - if (setHash == 0) { - wc_FreeRsaKey(&rsaKey); - return ALGO_ID_E; - } - } else { - /* only using sha and md5 for rsa */ - #ifndef NO_OLD_TLS - doSha = 1; - if (ssl->suites->sigAlgo == rsa_sa_algo) { - doMd5 = 1; } - #else - wc_FreeRsaKey(&rsaKey); - return ALGO_ID_E; - #endif - } + #endif /* !NO_PSK */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + word32 hintLen; - /* signature size */ - c16toa((word16)sigSz, output + idx); - idx += LENGTH_SZ; + idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + length = LENGTH_SZ * 3 + /* p, g, pub */ + ssl->buffers.serverDH_P.length + + ssl->buffers.serverDH_G.length + + ssl->buffers.serverDH_Pub.length; - /* do signature */ - #ifdef WOLFSSL_SMALL_STACK - hash = (byte*)XMALLOC(FINISHED_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) { - return MEMORY_E; /* No heap commitment before this point, - from now on, the resources are freed - at done_b. */ - } - #endif + /* include size part */ + hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); + if (hintLen > MAX_PSK_ID_LEN) { + ERROR_OUT(SERVER_HINT_ERROR, exit_sske); + } + length += hintLen + HINT_LEN_SZ; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - #ifndef NO_OLD_TLS - /* md5 */ - #ifdef WOLFSSL_SMALL_STACK - if (doMd5) { - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) { - ERROR_OUT(MEMORY_E, done_b); - } - } - #endif - if (doMd5) { - wc_InitMd5(md5); - wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); - wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); - wc_Md5Update(md5, output + preSigIdx, preSigSz); - wc_Md5Final(md5, hash); - } - - /* sha */ - #ifdef WOLFSSL_SMALL_STACK - if (doSha) { - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) { - ERROR_OUT(MEMORY_E, done_b); - } - } - #endif - - if (doSha) { - if ((ret = wc_InitSha(sha)) != 0) { - goto done_b; - } - wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); - wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); - wc_ShaUpdate(sha, output + preSigIdx, preSigSz); - wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]); - } - #endif - - #ifndef NO_SHA256 - #ifdef WOLFSSL_SMALL_STACK - if (doSha256) { - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) { - ERROR_OUT(MEMORY_E, done_b); - } - } - #endif - - if (doSha256) { - if (!(ret = wc_InitSha256(sha256)) - && !(ret = wc_Sha256Update(sha256, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, - output + preSigIdx, preSigSz))) { - ret = wc_Sha256Final(sha256, hash256); - } - if (ret != 0) { - goto done_b; - } - } - #endif - - #ifdef WOLFSSL_SHA384 - #ifdef WOLFSSL_SMALL_STACK - if (doSha384) { - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) { - ERROR_OUT(MEMORY_E, done_b); - } - } - #endif - - if (doSha384) { - if (!(ret = wc_InitSha384(sha384)) - && !(ret = wc_Sha384Update(sha384, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, - output + preSigIdx, preSigSz))) { - ret = wc_Sha384Final(sha384, hash384); - } - if (ret != 0) { - goto done_b; - } - } - #endif - - #ifdef WOLFSSL_SHA512 - #ifdef WOLFSSL_SMALL_STACK - if (doSha512) { - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) { - ERROR_OUT(MEMORY_E, done_b); - } - } - #endif - - if (doSha512) { - if (!(ret = wc_InitSha512(sha512)) - && !(ret = wc_Sha512Update(sha512, - ssl->arrays->clientRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, - ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, - output + preSigIdx, preSigSz))) { - ret = wc_Sha512Final(sha512, hash512); - } - if (ret != 0) { - goto done_b; - } - } - #endif - - #ifndef NO_RSA - if (ssl->suites->sigAlgo == rsa_sa_algo) { - byte* signBuffer = hash; - word32 signSz = FINISHED_SZ; - #ifdef WOLFSSL_SMALL_STACK - byte* encodedSig = NULL; - #else - byte encodedSig[MAX_ENCODED_SIG_SZ]; - #endif - byte doUserRsa = 0; - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaSignCb) { - doUserRsa = 1; - } - #endif - - if (IsAtLeastTLSv1_2(ssl)) { - byte* digest = &hash[MD5_DIGEST_SIZE]; - int typeH = SHAh; - int digestSz = SHA_DIGEST_SIZE; - - #ifdef WOLFSSL_SMALL_STACK - encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) - ERROR_OUT(MEMORY_E, done_b); + #ifdef HAVE_QSH + length += qshSz; + sendSz += qshSz; + #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } #endif - if (ssl->suites->hashAlgo == sha256_mac) { - #ifndef NO_SHA256 - digest = hash256; - typeH = SHA256h; - digestSz = SHA256_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha384_mac) { - #ifdef WOLFSSL_SHA384 - digest = hash384; - typeH = SHA384h; - digestSz = SHA384_DIGEST_SIZE; - #endif - } - else if (ssl->suites->hashAlgo == sha512_mac) { - #ifdef WOLFSSL_SHA512 - digest = hash512; - typeH = SHA512h; - digestSz = SHA512_DIGEST_SIZE; - #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + goto exit_sske; } - if (digest == NULL) { - ret = ALGO_ID_E; + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, server_key_exchange, ssl); + + /* key data */ + c16toa((word16)hintLen, output + idx); + idx += HINT_LEN_SZ; + XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); + idx += hintLen; + + /* add p, g, pub */ + c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length); + idx += ssl->buffers.serverDH_P.length; + + /* g */ + c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + idx += ssl->buffers.serverDH_G.length; + + /* pub */ + c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, + ssl->buffers.serverDH_Pub.length); + /* No need to update idx, since sizes are already set */ + /* idx += ssl->buffers.serverDH_Pub.length; */ + break; + } + #endif /* !defined(NO_DH) && !defined(NO_PSK) */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + word32 hintLen; + + /* curve type, named curve, length(1) */ + idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + length = ENUM_LEN + CURVE_LEN + ENUM_LEN; + + exportSz = MAX_EXPORT_ECC_SZ; + exportBuf = (byte*)XMALLOC(exportSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (exportBuf == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &exportSz) != 0) { + ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); + } + length += exportSz; + + /* include size part */ + hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); + if (hintLen > MAX_PSK_ID_LEN) { + ERROR_OUT(SERVER_HINT_ERROR, exit_sske); + } + length += hintLen + HINT_LEN_SZ; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef HAVE_QSH + length += qshSz; + sendSz += qshSz; + #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + goto exit_sske; + } + + /* get output buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + /* key data */ + c16toa((word16)hintLen, output + idx); + idx += HINT_LEN_SZ; + XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); + idx += hintLen; + + /* ECC key exchange data */ + output[idx++] = named_curve; + output[idx++] = 0x00; /* leading zero */ + output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey)); + output[idx++] = (byte)exportSz; + XMEMCPY(output + idx, exportBuf, exportSz); + break; + } + #endif /* HAVE_ECC && !NO_PSK */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + + /* curve type, named curve, length(1) */ + idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + length = ENUM_LEN + CURVE_LEN + ENUM_LEN; + + /* Export temp ECC key and add to length */ + exportSz = MAX_EXPORT_ECC_SZ; + exportBuf = (byte*)XMALLOC(exportSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (exportBuf == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &exportSz) != 0) { + ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); + } + length += exportSz; + + preSigSz = length; + preSigIdx = idx; + + switch(ssl->specs.sig_algo) + { + #ifndef NO_RSA + case rsa_sa_algo: + { + word32 i = 0; + int keySz; + + ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + if (ssl->sigKey == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + ssl->sigType = DYNAMIC_TYPE_RSA; + + ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap); + if (ret != 0) { + goto exit_sske; + } + + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i, + (RsaKey*)ssl->sigKey, ssl->buffers.key->length); + if (ret != 0) { + goto exit_sske; + } + keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); + if (keySz < 0) { /* test if keySz has error */ + ERROR_OUT(keySz, exit_sske); + } + + sigSz = (word32)keySz; + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA signature key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_sske); + } + break; + } + #endif /* !NO_RSA */ + case ecc_dsa_sa_algo: + { + word32 i = 0; + ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + if (ssl->sigKey == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + ssl->sigType = DYNAMIC_TYPE_ECC; + + wc_ecc_init((ecc_key*)ssl->sigKey); + + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &i, + (ecc_key*)ssl->sigKey, ssl->buffers.key->length); + if (ret != 0) { + goto exit_sske; + } + sigSz = wc_ecc_sig_size((ecc_key*)ssl->sigKey); /* worst case estimate */ + + /* check the minimum ECC key size */ + if (wc_ecc_size((ecc_key*)ssl->sigKey) < + ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ret = ECC_KEY_SIZE_E; + goto exit_sske; + } + break; + } + default: + ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ + } /* switch(ssl->specs.sig_algo) */ + + /* sig length */ + length += LENGTH_SZ; + length += sigSz; + + if (IsAtLeastTLSv1_2(ssl)) { + length += HASH_SIG_SIZE; + } + + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef HAVE_QSH + length += qshSz; + sendSz += qshSz; + #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + preSigIdx = idx; + } + #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + goto exit_sske; + } + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + /* record and message headers will be added below, when we're sure + of the sig length */ + + /* key exchange data */ + output[idx++] = named_curve; + output[idx++] = 0x00; /* leading zero */ + output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey)); + output[idx++] = (byte)exportSz; + XMEMCPY(output + idx, exportBuf, exportSz); + idx += exportSz; + + /* Determine hash type */ + if (IsAtLeastTLSv1_2(ssl)) { + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; + + switch (ssl->suites->hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + hashType = WC_HASH_TYPE_SHA512; + #endif + break; + case sha384_mac: + #ifdef WOLFSSL_SHA384 + hashType = WC_HASH_TYPE_SHA384; + #endif + break; + case sha256_mac: + #ifndef NO_SHA256 + hashType = WC_HASH_TYPE_SHA256; + #endif + break; + case sha_mac: + #ifndef NO_OLD_TLS + hashType = WC_HASH_TYPE_SHA; + #endif + break; + default: + WOLFSSL_MSG("Bad hash sig algo"); + break; + } + + if (hashType == WC_HASH_TYPE_NONE) { + ERROR_OUT(ALGO_ID_E, exit_sske); + } + } else { - signSz = wc_EncodeSignature(encodedSig, digest, - digestSz, typeH); - signBuffer = encodedSig; + /* only using sha and md5 for rsa */ + #ifndef NO_OLD_TLS + hashType = WC_HASH_TYPE_SHA; + if (ssl->suites->sigAlgo == rsa_sa_algo) { + hashType = WC_HASH_TYPE_MD5_SHA; + } + #else + ERROR_OUT(ALGO_ID_E, exit_sske); + #endif + } + + /* Signtaure length will be written later, when we're sure what it is */ + + #ifdef HAVE_FUZZER + if (ssl->fuzzerCb) { + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, + FUZZ_SIGNATURE, ssl->fuzzerCtx); + } + #endif + + /* Assemble buffer to hash for signature */ + sigDataSz = RAN_LEN + RAN_LEN + preSigSz; + sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigDataBuf == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN); + XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); + XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz); + + ssl->buffers.sig.length = wc_HashGetDigestSize(hashType); + ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ssl->buffers.sig.buffer == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + + /* Perform hash */ + ret = wc_Hash(hashType, sigDataBuf, sigDataSz, + ssl->buffers.sig.buffer, ssl->buffers.sig.length); + if (ret != 0) { + goto exit_sske; + } + + ssl->sigLen = sigSz; + + /* Sign hash to create signature */ + switch (ssl->specs.sig_algo) + { + #ifndef NO_RSA + case rsa_sa_algo: + { + /* For TLS 1.2 re-encode signature */ + if (IsAtLeastTLSv1_2(ssl)) { + int typeH = 0; + byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + + switch (ssl->suites->hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + typeH = SHA512h; + #endif + break; + case sha384_mac: + #ifdef WOLFSSL_SHA384 + typeH = SHA384h; + #endif + break; + case sha256_mac: + #ifndef NO_SHA256 + typeH = SHA256h; + #endif + break; + case sha_mac: + #ifndef NO_OLD_TLS + typeH = SHAh; + #endif + break; + default: + break; + } + + ssl->buffers.sig.length = wc_EncodeSignature(encodedSig, + ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH); + + /* Replace sig buffer with new one */ + XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ssl->buffers.sig.buffer = encodedSig; + } + + /* write sig size here */ + c16toa((word16)ssl->sigLen, output + idx); + idx += LENGTH_SZ; + + ret = RsaSign(ssl, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + output + idx, + &ssl->sigLen, + (RsaKey*)ssl->sigKey, + ssl->buffers.key->buffer, + ssl->buffers.key->length, + #ifdef HAVE_PK_CALLBACKS + ssl->RsaSignCtx + #else + NULL + #endif + ); + break; + } + #endif /* !NO_RSA */ + case ecc_dsa_sa_algo: + { + ret = EccSign(ssl, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + output + LENGTH_SZ + idx, + &ssl->sigLen, + (ecc_key*)ssl->sigKey, + #if defined(HAVE_PK_CALLBACKS) + ssl->buffers.key->buffer, + ssl->buffers.key->length, + ssl->EccSignCtx + #else + NULL, 0, NULL + #endif + ); + break; + } + } /* switch(ssl->specs.sig_algo) */ + break; + } + #endif /* HAVE_ECC */ + #if !defined(NO_DH) && !defined(NO_RSA) + case diffie_hellman_kea: + { + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + + idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + length = LENGTH_SZ * 3; /* p, g, pub */ + length += ssl->buffers.serverDH_P.length + + ssl->buffers.serverDH_G.length + + ssl->buffers.serverDH_Pub.length; + + preSigIdx = idx; + preSigSz = length; + + if (!ssl->options.usingAnon_cipher) { + word32 i = 0; + int keySz; + + ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + if (ssl->sigKey == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + ssl->sigType = DYNAMIC_TYPE_RSA; + + ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap); + if (ret != 0) { + goto exit_sske; + } + + /* sig length */ + length += LENGTH_SZ; + + if (!ssl->buffers.key->buffer) { + ERROR_OUT(NO_PRIVATE_KEY, exit_sske); + } + + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i, + (RsaKey*)ssl->sigKey, ssl->buffers.key->length); + if (ret != 0) { + goto exit_sske; + } + keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); + if (keySz < 0) { /* test if keySz has error */ + ERROR_OUT(keySz, exit_sske); + } + sigSz = (word32)keySz; + length += sigSz; + + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_sske); + } + + if (IsAtLeastTLSv1_2(ssl)) { + length += HASH_SIG_SIZE; + } + } + + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef HAVE_QSH + length += qshSz; + sendSz += qshSz; + #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + preSigIdx = idx; + } + #endif + + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + goto exit_sske; + } + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, server_key_exchange, ssl); + + /* add p, g, pub */ + c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length); + idx += ssl->buffers.serverDH_P.length; + + /* g */ + c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + idx += ssl->buffers.serverDH_G.length; + + /* pub */ + c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, + ssl->buffers.serverDH_Pub.length); + idx += ssl->buffers.serverDH_Pub.length; + + #ifdef HAVE_FUZZER + if (ssl->fuzzerCb) { + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, + FUZZ_SIGNATURE, ssl->fuzzerCtx); + } + #endif + + /* Determine hash type */ + if (IsAtLeastTLSv1_2(ssl)) { + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; + + switch (ssl->suites->hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + hashType = WC_HASH_TYPE_SHA512; + #endif + break; + case sha384_mac: + #ifdef WOLFSSL_SHA384 + hashType = WC_HASH_TYPE_SHA384; + #endif + break; + case sha256_mac: + #ifndef NO_SHA256 + hashType = WC_HASH_TYPE_SHA256; + #endif + break; + case sha_mac: + #ifndef NO_OLD_TLS + hashType = WC_HASH_TYPE_SHA; + #endif + break; + default: + WOLFSSL_MSG("Bad hash sig algo"); + break; + } + + if (hashType == WC_HASH_TYPE_NONE) { + ERROR_OUT(ALGO_ID_E, exit_sske); + } + } else { + /* only using sha and md5 for rsa */ + #ifndef NO_OLD_TLS + hashType = WC_HASH_TYPE_SHA; + if (ssl->suites->sigAlgo == rsa_sa_algo) { + hashType = WC_HASH_TYPE_MD5_SHA; + } + #else + ERROR_OUT(ALGO_ID_E, exit_sske); + #endif + } + + /* signature size */ + c16toa((word16)sigSz, output + idx); + idx += LENGTH_SZ; + + /* Assemble buffer to hash for signature */ + sigDataSz = RAN_LEN + RAN_LEN + preSigSz; + sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigDataBuf == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN); + XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); + XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz); + + ssl->buffers.sig.length = wc_HashGetDigestSize(hashType); + ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ssl->buffers.sig.buffer == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + + /* Perform hash */ + ret = wc_Hash(hashType, sigDataBuf, sigDataSz, + ssl->buffers.sig.buffer, ssl->buffers.sig.length); + if (ret != 0) { + goto exit_sske; + } + + ssl->sigLen = sigSz; + + /* Sign hash to create signature */ + switch (ssl->suites->sigAlgo) + { + #ifndef NO_RSA + case rsa_sa_algo: + { + /* For TLS 1.2 re-encode signature */ + if (IsAtLeastTLSv1_2(ssl)) { + int typeH = 0; + byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig == NULL) { + ERROR_OUT(MEMORY_E, exit_sske); + } + + switch (ssl->suites->hashAlgo) { + case sha512_mac: + #ifdef WOLFSSL_SHA512 + typeH = SHA512h; + #endif + break; + case sha384_mac: + #ifdef WOLFSSL_SHA384 + typeH = SHA384h; + #endif + break; + case sha256_mac: + #ifndef NO_SHA256 + typeH = SHA256h; + #endif + break; + case sha_mac: + #ifndef NO_OLD_TLS + typeH = SHAh; + #endif + break; + default: + break; + } + + ssl->buffers.sig.length = wc_EncodeSignature(encodedSig, + ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH); + + /* Replace sig buffer with new one */ + XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ssl->buffers.sig.buffer = encodedSig; + } + + ret = RsaSign(ssl, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + output + idx, + &ssl->sigLen, + (RsaKey*)ssl->sigKey, + ssl->buffers.key->buffer, + ssl->buffers.key->length, + #ifdef HAVE_PK_CALLBACKS + ssl->RsaSignCtx + #else + NULL + #endif + ); + break; + } + #endif /* NO_RSA */ + } /* switch (ssl->suites->sigAlgo) */ + + break; + } + #endif /* !defined(NO_DH) && !defined(NO_RSA) */ + } /* switch(ssl->specs.kea) */ + + /* Check for error */ + if (ret != 0) { + goto exit_sske; + } + + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_VERIFY; + } /* case KEYSHARE_BUILD */ + + case KEYSHARE_VERIFY: + { + switch(ssl->specs.kea) + { + #ifndef NO_PSK + case psk_kea: + { + /* Nothing to do in this sub-state */ + break; + } + #endif /* !NO_PSK */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + /* Nothing to do in this sub-state */ + break; + } + #endif /* !defined(NO_DH) && !defined(NO_PSK) */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + /* Nothing to do in this sub-state */ + break; + } + #endif /* HAVE_ECC && !NO_PSK */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + switch(ssl->specs.sig_algo) + { + #ifndef NO_RSA + case rsa_sa_algo: + { + /* check for signature faults */ + ret = VerifyRsaSign(ssl, + output + idx, + ssl->sigLen, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + (RsaKey*)ssl->sigKey); + break; + } + #endif + case ecc_dsa_sa_algo: + { + /* Now that we know the real sig size, write it. */ + c16toa((word16)ssl->sigLen, output + idx); + + /* And adjust length and sendSz from estimates */ + length += ssl->sigLen - sigSz; + sendSz += ssl->sigLen - sigSz; + break; + } + default: + ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ + } /* switch(ssl->specs.sig_algo) */ + break; + } + #endif /* HAVE_ECC */ + #if !defined(NO_DH) && !defined(NO_RSA) + case diffie_hellman_kea: + { + switch (ssl->suites->sigAlgo) + { + #ifndef NO_RSA + case rsa_sa_algo: + { + /* check for signature faults */ + ret = VerifyRsaSign(ssl, + output + idx, + ssl->sigLen, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + (RsaKey*)ssl->sigKey); + break; + } + #endif + } /* switch (ssl->suites->sigAlgo) */ + break; + } + #endif /* !defined(NO_DH) && !defined(NO_RSA) */ + } /* switch(ssl->specs.kea) */ + + /* Check for error */ + if (ret != 0) { + goto exit_sske; + } + + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_FINALIZE; + } /* case KEYSHARE_VERIFY */ + + case KEYSHARE_FINALIZE: + { + #ifdef HAVE_QSH + if (ssl->peerQSHKeyPresent) { + if (qshSz > 0) { + idx = sendSz - qshSz; + if (QSH_KeyExchangeWrite(ssl, 1) != 0) { + ERROR_OUT(MEMORY_E, exit_sske); + } + + /* extension type */ + c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); + idx += OPAQUE16_LEN; + + /* write to output and check amount written */ + if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) + > qshSz - OPAQUE16_LEN) { + ERROR_OUT(MEMORY_E, exit_sske); } } - if (doUserRsa && ret == 0) { - #ifdef HAVE_PK_CALLBACKS - word32 ioLen = sigSz; - ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, - output + idx, &ioLen, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->RsaSignCtx); - #endif - } else if (ret == 0) { - ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx, - sigSz, &rsaKey, ssl->rng); - } - - if (ret > 0) { - /* check for signature faults */ - ret = VerifyRsaSign(output + idx, ret, - signBuffer, signSz, &rsaKey); - } - - wc_FreeRsaKey(&rsaKey); - - #ifdef WOLFSSL_SMALL_STACK - XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif } #endif - done_b: - #ifdef WOLFSSL_SMALL_STACK - #ifndef NO_OLD_TLS - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #ifndef NO_SHA256 - XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef WOLFSSL_SHA384 - XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef WOLFSSL_SHA512 - XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #endif - - if (ret < 0) { - return ret; + #if defined(HAVE_ECC) + if (ssl->specs.kea == ecdhe_psk_kea || + ssl->specs.kea == ecc_diffie_hellman_kea) { + /* Check output to make sure it was set */ + if (output) { + AddHeaders(output, length, server_key_exchange, ssl); + } + else { + ERROR_OUT(BUFFER_ERROR, exit_sske); + } } + #endif /* HAVE_ECC */ + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { + goto exit_sske; + } + } + #endif + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) { + goto exit_sske; + } + + #ifdef WOLFSSL_CALLBACKS + if (ssl->hsInfoOn) { + AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); + } + if (ssl->toInfoOn) { + AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, + sendSz, ssl->heap); + } + #endif + + /* Check for error */ + if (ret != 0) { + goto exit_sske; + } + + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_END; + } /* case KEYSHARE_FINALIZE */ + + case KEYSHARE_END: + { + ssl->buffers.outputBuffer.length += sendSz; + if (!ssl->options.groupMessages) { + ret = SendBuffered(ssl); + } + + ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + break; } + default: + ret = INPUT_CASE_ERROR; + } /* switch(ssl->options.keyShareState) */ - #ifdef HAVE_QSH - if (ssl->peerQSHKeyPresent) { - if (qshSz > 0) { - idx = sendSz - qshSz; - QSH_KeyExchangeWrite(ssl, 1); + exit_sske: - /* extension type */ - c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); - idx += OPAQUE16_LEN; - - /* write to output and check amount written */ - if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) { - return MEMORY_E; - } - } - } + /* Handle cleanup for stack variables here */ + #if defined(HAVE_ECC) + if (exportBuf) { + XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + exportBuf = NULL; + } + #endif + #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) + if (sigDataBuf) { + XFREE(sigDataBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sigDataBuf = NULL; + } #endif - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { - return ret; - } - } - #endif +#ifdef WOLFSSL_ASYNC_CRYPT + /* Handle WC_PENDING_E */ + if (ret == WC_PENDING_E) { + /* Store variables needed for async */ + XMEMSET(&ssl->async, 0, sizeof(ssl->async)); + ssl->async.output = output; + ssl->async.sendSz = sendSz; + ssl->async.idx = idx; + ssl->async.length = length; + ssl->async.sigSz = sigSz; - if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) { - return ret; + /* Push event to queue */ + ret = wolfSSL_async_push(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); + if (ret == 0) { + return WC_PENDING_E; } - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, - output, sendSz, ssl->heap); - } - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) { - ret = 0; - } - else { - ret = SendBuffered(ssl); - } - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - break; } - #endif /* NO_DH */ - default: - break; - } /* switch(ssl->specs.kea) */ +#endif + + /* Final cleanup */ + FreeKeyExchange(ssl); return ret; - #undef ERROR_OUT } @@ -16327,6 +17189,7 @@ int DoSessionTicket(WOLFSSL* ssl, return 1; } +#ifndef NO_WOLFSSL_SERVER static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites) { word16 i, j; @@ -16341,7 +17204,7 @@ int DoSessionTicket(WOLFSSL* ssl, return SUITES_ERROR; /* start with best, if a match we are good */ for (i = 0; i < ssl->suites->suiteSz; i += 2) - for (j = 0; j < peerSuites->suiteSz; j += 2) { + for (j = 0; j < peerSuites->suiteSz; j += 2) if (ssl->suites->suites[i] == peerSuites->suites[j] && ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { @@ -16360,12 +17223,10 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("Could not verify suite validity, continue"); } } - } - WOLFSSL_MSG("Could not find matching suite"); return MATCH_SUITE_ERROR; } - +#endif #ifdef OLD_HELLO_ALLOWED @@ -16574,7 +17435,7 @@ int DoSessionTicket(WOLFSSL* ssl, byte peerCookie[MAX_COOKIE_LEN]; byte peerCookieSz = 0; byte cookieType; - byte cookieSz; + byte cookieSz = 0; #endif /* WOLFSSL_DTLS */ #ifdef WOLFSSL_CALLBACKS @@ -16993,28 +17854,22 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) { byte* out = NULL; int outLen = 0; - byte doUserRsa = 0; - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaVerifyCb) - doUserRsa = 1; - #endif /*HAVE_PK_CALLBACKS */ WOLFSSL_MSG("Doing RSA peer cert verify"); - if (doUserRsa) { - #ifdef HAVE_PK_CALLBACKS - outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz, - &out, - ssl->buffers.peerRsaKey.buffer, - ssl->buffers.peerRsaKey.length, - ssl->RsaVerifyCtx); - #endif /*HAVE_PK_CALLBACKS */ - } - else { - outLen = wc_RsaSSL_VerifyInline(input + *inOutIdx, sz, &out, - ssl->peerRsaKey); - } + outLen = RsaVerify(ssl, + input + *inOutIdx, + sz, + &out, + ssl->peerRsaKey, +#ifdef HAVE_PK_CALLBACKS + ssl->buffers.peerRsaKey.buffer, + ssl->buffers.peerRsaKey.length, + ssl->RsaVerifyCtx +#else + NULL, 0, NULL +#endif + ); if (IsAtLeastTLSv1_2(ssl)) { #ifdef WOLFSSL_SMALL_STACK @@ -17081,16 +17936,8 @@ int DoSessionTicket(WOLFSSL* ssl, #endif #ifdef HAVE_ECC if (ssl->peerEccDsaKeyPresent) { - int verify = 0; - int err = -1; byte* digest = ssl->hsHashes->certHashes.sha; word32 digestSz = SHA_DIGEST_SIZE; - byte doUserEcc = 0; - - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->EccVerifyCb) - doUserEcc = 1; - #endif WOLFSSL_MSG("Doing ECC peer cert verify"); @@ -17119,22 +17966,18 @@ int DoSessionTicket(WOLFSSL* ssl, } } - if (doUserEcc) { + ret = EccVerify(ssl, + input + *inOutIdx, sz, + digest, digestSz, + ssl->peerEccDsaKey, #ifdef HAVE_PK_CALLBACKS - ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest, - digestSz, - ssl->buffers.peerEccDsaKey.buffer, - ssl->buffers.peerEccDsaKey.length, - &verify, ssl->EccVerifyCtx); + ssl->buffers.peerEccDsaKey.buffer, + ssl->buffers.peerEccDsaKey.length, + ssl->EccVerifyCtx + #else + NULL, 0, NULL #endif - } - else { - err = wc_ecc_verify_hash(input + *inOutIdx, sz, digest, - digestSz, &verify, ssl->peerEccDsaKey); - } - - if (err == 0 && verify == 1) - ret = 0; /* verified */ + ); } #endif *inOutIdx += sz; @@ -17442,750 +18285,794 @@ int DoSessionTicket(WOLFSSL* ssl, static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size) { - #ifdef HAVE_QSH - word16 name; - int qshSz; - #endif - int ret = 0; + int ret; word32 length = 0; - byte* out = NULL; - word32 begin = *inOutIdx; + word32 idx = *inOutIdx, begin = *inOutIdx; + byte* output_lcl = NULL; + byte** output = &output_lcl; - (void)length; /* shut up compiler warnings */ - (void)out; + /* suppress possible compiler warnings */ (void)input; (void)size; - (void)begin; + (void)length; + (void)idx; + (void)output; - if (ssl->options.side != WOLFSSL_SERVER_END) { - WOLFSSL_MSG("Client received client keyexchange, attack?"); - WOLFSSL_ERROR(ssl->error = SIDE_ERROR); - return SSL_FATAL_ERROR; + #ifdef WOLFSSL_ASYNC_CRYPT + /* Use async output pointer */ + output = &ssl->async.output; + + ret = wolfSSL_async_pop(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); + if (ret != ASYNC_NOT_PENDING) { + /* Check for error */ + if (ret < 0) { + goto exit_dcke; + } + else { + /* Restore variables needed for async */ + idx = ssl->async.idx; + length = ssl->async.length; + + /* Advance state */ + ssl->options.keyShareState++; + } + } + else + #endif + { + /* Reset state */ + ret = 0; + ssl->options.keyShareState = KEYSHARE_BEGIN; } - if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { - WOLFSSL_MSG("Client sending keyexchange at wrong time"); - SendAlert(ssl, alert_fatal, unexpected_message); - return OUT_OF_ORDER_E; - } - - #ifndef NO_CERTS - if (ssl->options.verifyPeer && ssl->options.failNoCert) { - if (!ssl->options.havePeerCert) { - WOLFSSL_MSG("client didn't present peer cert"); - return NO_PEER_CERT; - } - } - - if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) { - if (!ssl->options.havePeerCert && - !ssl->options.usingPSK_cipher){ - WOLFSSL_MSG("client didn't present peer cert"); - return NO_PEER_CERT; - } - } - #endif - - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) { - AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); - } - if (ssl->toInfoOn) { - AddLateName("ClientKeyExchange", &ssl->timeoutInfo); - } - #endif - - switch (ssl->specs.kea) { - #ifndef NO_RSA - case rsa_kea: + /* Do Client Key Exchange State Machine */ + switch(ssl->options.keyShareState) + { + case KEYSHARE_BEGIN: { - word32 idx = 0; - RsaKey key; - byte doUserRsa = 0; + /* Sanity checks */ + if (ssl->options.side != WOLFSSL_SERVER_END) { + WOLFSSL_MSG("Client received client keyexchange, attack?"); + WOLFSSL_ERROR(ssl->error = SIDE_ERROR); + ERROR_OUT(SSL_FATAL_ERROR, exit_dcke); + } - #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaDecCb) { - doUserRsa = 1; + if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { + WOLFSSL_MSG("Client sending keyexchange at wrong time"); + SendAlert(ssl, alert_fatal, unexpected_message); + ERROR_OUT(OUT_OF_ORDER_E, exit_dcke); + } + + #ifndef NO_CERTS + if (ssl->options.verifyPeer && ssl->options.failNoCert) { + if (!ssl->options.havePeerCert) { + WOLFSSL_MSG("client didn't present peer cert"); + ERROR_OUT(NO_PEER_CERT, exit_dcke); } - #endif + } - ret = wc_InitRsaKey(&key, ssl->heap); + if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) { + if (!ssl->options.havePeerCert && + !ssl->options.usingPSK_cipher){ + WOLFSSL_MSG("client didn't present peer cert"); + return NO_PEER_CERT; + } + } + #endif + + #ifdef WOLFSSL_CALLBACKS + if (ssl->hsInfoOn) { + AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); + } + if (ssl->toInfoOn) { + AddLateName("ClientKeyExchange", &ssl->timeoutInfo); + } + #endif + + switch (ssl->specs.kea) { + #ifndef NO_RSA + case rsa_kea: + { + if (!ssl->buffers.key->buffer) { + ERROR_OUT(NO_PRIVATE_KEY, exit_dcke); + } + break; + } /* rsa_kea */ + #endif /* !NO_RSA */ + #ifndef NO_PSK + case psk_kea: + { + /* sanity check that PSK server callback has been set */ + if (ssl->options.server_psk_cb == NULL) { + WOLFSSL_MSG("No server PSK callback set"); + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + break; + } + #endif /* !NO_PSK */ + #ifdef HAVE_NTRU + case ntru_kea: + { + if (!ssl->buffers.key->buffer) { + ERROR_OUT(NO_PRIVATE_KEY, exit_dcke); + } + break; + } + #endif /* HAVE_NTRU */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + break; + } + #endif /* HAVE_ECC */ + #ifndef NO_DH + case diffie_hellman_kea: + { + break; + } + #endif /* !NO_DH */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + /* sanity check that PSK server callback has been set */ + if (ssl->options.server_psk_cb == NULL) { + WOLFSSL_MSG("No server PSK callback set"); + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + break; + } + #endif /* !NO_DH && !NO_PSK */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + /* sanity check that PSK server callback has been set */ + if (ssl->options.server_psk_cb == NULL) { + WOLFSSL_MSG("No server PSK callback set"); + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + break; + } + #endif /* HAVE_ECC && !NO_PSK */ + default: + WOLFSSL_MSG("Bad kea type"); + ret = BAD_KEA_TYPE_E; + } /* switch (ssl->specs.kea) */ + + /* Check for error */ if (ret != 0) { - return ret; + goto exit_dcke; } - if (!ssl->buffers.key.buffer) { - return NO_PRIVATE_KEY; - } + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_BUILD; + } /* KEYSHARE_BEGIN */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, - &key, ssl->buffers.key.length); + case KEYSHARE_BUILD: + { + switch (ssl->specs.kea) { + #ifndef NO_RSA + case rsa_kea: + { + word32 i = 0; + int keySz; - if (ret == 0) { - length = wc_RsaEncryptSize(&key); - ssl->arrays->preMasterSz = SECRET_LEN; + ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + if (ssl->sigKey == NULL) { + ERROR_OUT(MEMORY_E, exit_dcke); + } + ssl->sigType = DYNAMIC_TYPE_RSA; - if (ssl->options.tls) { - word16 check; - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; + ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap); + if (ret != 0) { + goto exit_dcke; } - ato16(input + *inOutIdx, &check); - *inOutIdx += OPAQUE16_LEN; - - if ((word32) check != length) { - WOLFSSL_MSG("RSA explicit size doesn't match"); - wc_FreeRsaKey(&key); - return RSA_PRIVATE_ERROR; + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i, + (RsaKey*)ssl->sigKey, ssl->buffers.key->length); + if (ret != 0) { + goto exit_dcke; } - } + keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); + if (keySz < 0) { /* test if keySz has error */ + ERROR_OUT(keySz, exit_dcke); + } + length = (word32)keySz; - if ((*inOutIdx - begin) + length > size) { - WOLFSSL_MSG("RSA message too big"); - wc_FreeRsaKey(&key); - return BUFFER_ERROR; - } + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("Peer RSA key is too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dcke); + } + ssl->arrays->preMasterSz = SECRET_LEN; - if (doUserRsa) { - #ifdef HAVE_PK_CALLBACKS - ret = ssl->ctx->RsaDecCb(ssl, - input + *inOutIdx, length, &out, - ssl->buffers.key.buffer, - ssl->buffers.key.length, - ssl->RsaDecCtx); + if (ssl->options.tls) { + word16 check; + + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ato16(input + idx, &check); + idx += OPAQUE16_LEN; + + if ((word32)check != length) { + WOLFSSL_MSG("RSA explicit size doesn't match"); + ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); + } + } + + if ((idx - begin) + length > size) { + WOLFSSL_MSG("RSA message too big"); + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + /* These RSA variables persist throughout DoClientKeyExchange */ + *output = NULL; + ret = RsaDec(ssl, + input + idx, + length, + output, + &ssl->sigLen, + (RsaKey*)ssl->sigKey, + #if defined(HAVE_PK_CALLBACKS) + ssl->buffers.key->buffer, + ssl->buffers.key->length, + ssl->RsaDecCtx + #else + NULL, 0, NULL #endif - } - else { - ret = wc_RsaPrivateDecryptInline(input + *inOutIdx, length, - &out, &key); - } + ); + break; + } /* rsa_kea */ + #endif /* !NO_RSA */ + #ifndef NO_PSK + case psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + word16 ci_sz; - *inOutIdx += length; - - if (ret == SECRET_LEN) { - XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN); - if (ssl->arrays->preMasterSecret[0] != - ssl->chVersion.major - || ssl->arrays->preMasterSecret[1] != - ssl->chVersion.minor) { - ret = PMS_VERSION_ERROR; + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); } - else - { - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the - length of buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input - + *inOutIdx, size - *inOutIdx - + begin, 1)) < 0) { - return qshSz; - } - *inOutIdx += qshSz; - } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; + ato16(input + idx, &ci_sz); + idx += OPAQUE16_LEN; + + if (ci_sz > MAX_PSK_ID_LEN) { + ERROR_OUT(CLIENT_ID_ERROR, exit_dcke); + } + + if ((idx - begin) + ci_sz > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + XMEMCPY(ssl->arrays->client_identity, input + idx, ci_sz); + idx += ci_sz; + + ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0; + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + + /* make psk pre master secret */ + /* length of key + length 0s + length of key + key */ + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMSET(pms, 0, ssl->arrays->psk_keySz); + pms += ssl->arrays->psk_keySz; + + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; + break; + } + #endif /* !NO_PSK */ + #ifdef HAVE_NTRU + case ntru_kea: + { + word16 cipherLen; + word16 plainLen = sizeof(ssl->arrays->preMasterSecret); + + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ato16(input + idx, &cipherLen); + idx += OPAQUE16_LEN; + + if (cipherLen > MAX_NTRU_ENCRYPT_SZ) { + ERROR_OUT(NTRU_KEY_ERROR, exit_dcke); + } + + if ((idx - begin) + cipherLen > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + if (NTRU_OK != ntru_crypto_ntru_decrypt( + (word16) ssl->buffers.key->length, + ssl->buffers.key->buffer, cipherLen, + input + idx, &plainLen, + ssl->arrays->preMasterSecret)) { + ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke); + } + + if (plainLen != SECRET_LEN) { + ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke); + } + + idx += cipherLen; + ssl->arrays->preMasterSz = plainLen; + + break; + } + #endif /* HAVE_NTRU */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + ecc_key* private_key = ssl->eccTempKey; + + if ((idx - begin) + OPAQUE8_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + length = input[idx++]; + + if ((idx - begin) + length > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + if (ssl->peerEccKey == NULL) { + /* alloc/init on demand */ + ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), + ssl->ctx->heap, DYNAMIC_TYPE_ECC); + if (ssl->peerEccKey == NULL) { + WOLFSSL_MSG("PeerEccKey Memory error"); + ERROR_OUT(MEMORY_E, exit_dcke); + } + wc_ecc_init(ssl->peerEccKey); + } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ + wc_ecc_free(ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + wc_ecc_init(ssl->peerEccKey); + } + + if (wc_ecc_import_x963(input + idx, length, ssl->peerEccKey)) { + ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke); + } + + idx += length; + ssl->peerEccKeyPresent = 1; + + ssl->sigLen = sizeof(ssl->arrays->preMasterSecret); + + if (ssl->specs.static_ecdh) { + word32 i = 0; + + ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + if (ssl->sigKey == NULL) { + ERROR_OUT(MEMORY_E, exit_dcke); + } + ssl->sigType = DYNAMIC_TYPE_ECC; + + wc_ecc_init((ecc_key*)ssl->sigKey); + + ret = wc_EccPrivateKeyDecode( + ssl->buffers.key->buffer, + &i, + (ecc_key*)ssl->sigKey, + ssl->buffers.key->length); + if (ret == 0) { + private_key = (ecc_key*)ssl->sigKey; + if (wc_ecc_size(private_key) < + ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dcke); } } - #endif - ret = MakeMasterSecret(ssl); - } - } - else { - ret = RSA_PRIVATE_ERROR; - } - } - - wc_FreeRsaKey(&key); - } - break; - #endif - #ifndef NO_PSK - case psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - word16 ci_sz; - - /* sanity check that PSK server callback has been set */ - if (ssl->options.server_psk_cb == NULL) { - WOLFSSL_MSG("No server PSK callback set"); - return PSK_KEY_ERROR; - } - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &ci_sz); - *inOutIdx += OPAQUE16_LEN; - - if (ci_sz > MAX_PSK_ID_LEN) { - return CLIENT_ID_ERROR; - } - - if ((*inOutIdx - begin) + ci_sz > size) { - return BUFFER_ERROR; - } - - XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz); - *inOutIdx += ci_sz; - - ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0; - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { - return PSK_KEY_ERROR; - } - - /* make psk pre master secret */ - /* length of key + length 0s + length of key + key */ - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMSET(pms, 0, ssl->arrays->psk_keySz); - pms += ssl->arrays->psk_keySz; - - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; - - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; } - *inOutIdx += qshSz; - } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; - } - } - #endif - ret = MakeMasterSecret(ssl); - - /* No further need for PSK */ - ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; - } - break; - #endif /* NO_PSK */ - #ifdef HAVE_NTRU - case ntru_kea: - { - word16 cipherLen; - word16 plainLen = sizeof(ssl->arrays->preMasterSecret); - - if (!ssl->buffers.key.buffer) { - return NO_PRIVATE_KEY; - } - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &cipherLen); - *inOutIdx += OPAQUE16_LEN; - - if (cipherLen > MAX_NTRU_ENCRYPT_SZ) { - return NTRU_KEY_ERROR; - } - - if ((*inOutIdx - begin) + cipherLen > size) { - return BUFFER_ERROR; - } - - if (NTRU_OK != ntru_crypto_ntru_decrypt( - (word16) ssl->buffers.key.length, - ssl->buffers.key.buffer, cipherLen, - input + *inOutIdx, &plainLen, - ssl->arrays->preMasterSecret)) { - return NTRU_DECRYPT_ERROR; - } - - if (plainLen != SECRET_LEN) { - return NTRU_DECRYPT_ERROR; - } - - *inOutIdx += cipherLen; - - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; + else if (ssl->eccTempKeyPresent == 0) { + WOLFSSL_MSG("Ecc ephemeral key not made correctly"); + ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke); } - *inOutIdx += qshSz; + if (ret != 0) { + ERROR_OUT(ECC_SHARED_ERROR, exit_dcke); + } + + /* Generate shared secret */ + ret = EccSharedSecret(ssl, private_key, ssl->peerEccKey, + ssl->arrays->preMasterSecret, &ssl->sigLen); + break; } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; + #endif /* HAVE_ECC */ + #ifndef NO_DH + case diffie_hellman_kea: + { + word16 clientPubSz; + + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ato16(input + idx, &clientPubSz); + idx += OPAQUE16_LEN; + + if ((idx - begin) + clientPubSz > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ret = DhAgree(ssl, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + ssl->buffers.serverDH_Priv.buffer, + &ssl->buffers.serverDH_Priv.length, + NULL, + 0, + input + idx, + clientPubSz, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); + + idx += clientPubSz; + break; } - } - #endif - ssl->arrays->preMasterSz = plainLen; - ret = MakeMasterSecret(ssl); - } - break; - #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC - case ecc_diffie_hellman_kea: - { - if ((*inOutIdx - begin) + OPAQUE8_LEN > size) { - return BUFFER_ERROR; - } + #endif /* !NO_DH */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + word16 clientSz; - length = input[(*inOutIdx)++]; + /* Read in the PSK hint */ + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } - if ((*inOutIdx - begin) + length > size) { - return BUFFER_ERROR; - } + ato16(input + idx, &clientSz); + idx += OPAQUE16_LEN; + if (clientSz > MAX_PSK_ID_LEN) { + ERROR_OUT(CLIENT_ID_ERROR, exit_dcke); + } - if (ssl->peerEccKey == NULL) { - /* alloc/init on demand */ - ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), + if ((idx - begin) + clientSz > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + XMEMCPY(ssl->arrays->client_identity, input + idx, clientSz); + idx += clientSz; + ssl->arrays->client_identity[ + min(clientSz, MAX_PSK_ID_LEN-1)] = 0; + + /* Read in the DHE business */ + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ato16(input + idx, &clientSz); + idx += OPAQUE16_LEN; + + if ((idx - begin) + clientSz > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ret = DhAgree(ssl, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + ssl->buffers.serverDH_Priv.buffer, + &ssl->buffers.serverDH_Priv.length, + NULL, + 0, + input + idx, + clientSz, + pms + OPAQUE16_LEN, + &ssl->arrays->preMasterSz); + + idx += clientSz; + c16toa((word16)ssl->arrays->preMasterSz, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN; + pms += ssl->arrays->preMasterSz; + + /* Use the PSK hint to look up the PSK and add it to the + * preMasterSecret here. */ + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN; + break; + } + #endif /* !NO_DH && !NO_PSK */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + word16 clientSz; + + /* Read in the PSK hint */ + if ((idx - begin) + OPAQUE16_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + ato16(input + idx, &clientSz); + idx += OPAQUE16_LEN; + if (clientSz > MAX_PSK_ID_LEN) { + ERROR_OUT(CLIENT_ID_ERROR, exit_dcke); + } + if ((idx - begin) + clientSz > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + XMEMCPY(ssl->arrays->client_identity, + input + idx, clientSz); + idx += clientSz; + ssl->arrays->client_identity[ + min(clientSz, MAX_PSK_ID_LEN-1)] = 0; + + /* ECC key */ + if ((idx - begin) + OPAQUE8_LEN > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + length = input[idx++]; + + if ((idx - begin) + length > size) { + ERROR_OUT(BUFFER_ERROR, exit_dcke); + } + + if (ssl->peerEccKey == NULL) { + /* alloc/init on demand */ + ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->ctx->heap, DYNAMIC_TYPE_ECC); - if (ssl->peerEccKey == NULL) { - WOLFSSL_MSG("PeerEccKey Memory error"); - return MEMORY_E; + if (ssl->peerEccKey == NULL) { + WOLFSSL_MSG("PeerEccKey Memory error"); + ERROR_OUT(MEMORY_E, exit_dcke); + } + wc_ecc_init(ssl->peerEccKey); + } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ + wc_ecc_free(ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + wc_ecc_init(ssl->peerEccKey); + } + if (wc_ecc_import_x963(input + idx, length, + ssl->peerEccKey)) { + ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke); + } + + idx += length; + ssl->peerEccKeyPresent = 1; + + /* Note sizeof preMasterSecret is ENCRYPT_LEN currently 512 */ + ssl->sigLen = sizeof(ssl->arrays->preMasterSecret); + + if (ssl->eccTempKeyPresent == 0) { + WOLFSSL_MSG("Ecc ephemeral key not made correctly"); + ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke); + } + + /* Generate shared secret */ + ret = EccSharedSecret(ssl, + ssl->eccTempKey, + ssl->peerEccKey, + ssl->arrays->preMasterSecret + OPAQUE16_LEN, + &ssl->sigLen); + break; } - wc_ecc_init(ssl->peerEccKey); - } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ - wc_ecc_free(ssl->peerEccKey); - ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); - } - - if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) { - return ECC_PEERKEY_ERROR; - } - - *inOutIdx += length; - ssl->peerEccKeyPresent = 1; - - length = sizeof(ssl->arrays->preMasterSecret); - - if (ssl->specs.static_ecdh) { - ecc_key staticKey; - word32 i = 0; - - wc_ecc_init(&staticKey); - ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, - &staticKey, ssl->buffers.key.length); - - if (ret == 0) { - ret = wc_ecc_shared_secret(&staticKey, ssl->peerEccKey, - ssl->arrays->preMasterSecret, &length); - } - - wc_ecc_free(&staticKey); - } - else { - if (ssl->eccTempKeyPresent == 0) { - WOLFSSL_MSG("Ecc ephemeral key not made correctly"); - ret = ECC_MAKEKEY_ERROR; - } else { - ret = wc_ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey, - ssl->arrays->preMasterSecret, &length); - } - } + #endif /* HAVE_ECC && !NO_PSK */ + default: + ret = BAD_KEA_TYPE_E; + } /* switch (ssl->specs.kea) */ + /* Check for error */ if (ret != 0) { - return ECC_SHARED_ERROR; + goto exit_dcke; } - ssl->arrays->preMasterSz = length; + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_VERIFY; + } /* KEYSHARE_BUILD */ + + case KEYSHARE_VERIFY: + { + switch (ssl->specs.kea) { + #ifndef NO_RSA + case rsa_kea: + { + /* Add the signature length to idx */ + idx += length; + + if (ssl->sigLen == SECRET_LEN && *output != NULL) { + XMEMCPY(ssl->arrays->preMasterSecret, *output, SECRET_LEN); + if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major || + ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) { + ERROR_OUT(PMS_VERSION_ERROR, exit_dcke); + } + } + else { + ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke); + } + break; + } /* rsa_kea */ + #endif /* !NO_RSA */ + #ifndef NO_PSK + case psk_kea: + { + break; + } + #endif /* !NO_PSK */ + #ifdef HAVE_NTRU + case ntru_kea: + { + break; + } + #endif /* HAVE_NTRU */ + #ifdef HAVE_ECC + case ecc_diffie_hellman_kea: + { + ssl->arrays->preMasterSz = ssl->sigLen; + break; + } + #endif /* HAVE_ECC */ + #ifndef NO_DH + case diffie_hellman_kea: + { + break; + } + #endif /* !NO_DH */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + break; + } + #endif /* !NO_DH && !NO_PSK */ + #if defined(HAVE_ECC) && !defined(NO_PSK) + case ecdhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + + /* Add preMasterSecret */ + c16toa((word16)ssl->sigLen, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN + ssl->sigLen; + pms += ssl->arrays->preMasterSz; + + /* Use the PSK hint to look up the PSK and add it to the + * preMasterSecret here. */ + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { + ERROR_OUT(PSK_KEY_ERROR, exit_dcke); + } + + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += + ssl->arrays->psk_keySz + OPAQUE16_LEN; + break; + } + #endif /* HAVE_ECC && !NO_PSK */ + default: + ret = BAD_KEA_TYPE_E; + } /* switch (ssl->specs.kea) */ + + /* Check for error */ + if (ret != 0) { + goto exit_dcke; + } + + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_FINALIZE; + } /* KEYSHARE_VERIFY */ + + case KEYSHARE_FINALIZE: + { #ifdef HAVE_QSH + word16 name; + if (ssl->options.haveQSH) { /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; + ato16(input + idx, &name); + idx += OPAQUE16_LEN; if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; + int qshSz; + /* if qshSz is larger than 0 it is the + length of buffer used */ + if ((qshSz = TLSX_QSHCipher_Parse(ssl, + input + idx, + size - idx + begin, 1)) < 0) { + ERROR_OUT(qshSz, exit_dcke); } - *inOutIdx += qshSz; + idx += qshSz; } else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; + /* unknown extension sent client ignored handshake */ + ERROR_OUT(BUFFER_ERROR, exit_dcke); } } #endif ret = MakeMasterSecret(ssl); - } - break; - #endif /* HAVE_ECC */ - #ifndef NO_DH - case diffie_hellman_kea: - { - word16 clientPubSz; - DhKey dhKey; - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &clientPubSz); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + clientPubSz > size) { - return BUFFER_ERROR; - } - - wc_InitDhKey(&dhKey); - ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) { - ret = wc_DhAgree(&dhKey, ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz, - ssl->buffers.serverDH_Priv.buffer, - ssl->buffers.serverDH_Priv.length, - input + *inOutIdx, clientPubSz); - } - wc_FreeDhKey(&dhKey); - - *inOutIdx += clientPubSz; - - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; - } - *inOutIdx += qshSz; - } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; - } - } - #endif - if (ret == 0) { - ret = MakeMasterSecret(ssl); - } - } - break; - #endif /* NO_DH */ - #if !defined(NO_DH) && !defined(NO_PSK) - case dhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - word16 clientSz; - DhKey dhKey; - - /* sanity check that PSK server callback has been set */ - if (ssl->options.server_psk_cb == NULL) { - WOLFSSL_MSG("No server PSK callback set"); - return PSK_KEY_ERROR; - } - - /* Read in the PSK hint */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) { - return CLIENT_ID_ERROR; - } - - if ((*inOutIdx - begin) + clientSz > size) { - return BUFFER_ERROR; - } - - XMEMCPY(ssl->arrays->client_identity, - input + *inOutIdx, clientSz); - *inOutIdx += clientSz; - ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = - 0; - - /* Read in the DHE business */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + clientSz > size) { - return BUFFER_ERROR; - } - - wc_InitDhKey(&dhKey); - ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) { - ret = wc_DhAgree(&dhKey, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, - ssl->buffers.serverDH_Priv.buffer, - ssl->buffers.serverDH_Priv.length, - input + *inOutIdx, clientSz); - } - wc_FreeDhKey(&dhKey); - - *inOutIdx += clientSz; - c16toa((word16)ssl->arrays->preMasterSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN; - pms += ssl->arrays->preMasterSz; - - /* Use the PSK hint to look up the PSK and add it to the - * preMasterSecret here. */ - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { - return PSK_KEY_ERROR; - } - - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; - } - *inOutIdx += qshSz; - } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; - } - } - #endif - if (ret == 0) - ret = MakeMasterSecret(ssl); - - /* No further need for PSK */ - ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; - } - break; - #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) - case ecdhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - word16 clientSz; - - /* sanity check that PSK server callback has been set */ - if (ssl->options.server_psk_cb == NULL) { - WOLFSSL_MSG("No server PSK callback set"); - return PSK_KEY_ERROR; - } - - /* Read in the PSK hint */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { - return BUFFER_ERROR; - } - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) { - return CLIENT_ID_ERROR; - } - - if ((*inOutIdx - begin) + clientSz > size) { - return BUFFER_ERROR; - } - - XMEMCPY(ssl->arrays->client_identity, - input + *inOutIdx, clientSz); - *inOutIdx += clientSz; - ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = - 0; - - /* ECC key */ - if ((*inOutIdx - begin) + OPAQUE8_LEN > size) { - return BUFFER_ERROR; - } - - length = input[(*inOutIdx)++]; - - if ((*inOutIdx - begin) + length > size) { - return BUFFER_ERROR; - } - - if (ssl->peerEccKey == NULL) { - /* alloc/init on demand */ - ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), - ssl->ctx->heap, DYNAMIC_TYPE_ECC); - if (ssl->peerEccKey == NULL) { - WOLFSSL_MSG("PeerEccKey Memory error"); - return MEMORY_E; - } - wc_ecc_init(ssl->peerEccKey); - } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ - wc_ecc_free(ssl->peerEccKey); - ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); - } - - if (wc_ecc_import_x963(input + *inOutIdx, length, - ssl->peerEccKey)) { - return ECC_PEERKEY_ERROR; - } - - *inOutIdx += length; - ssl->peerEccKeyPresent = 1; - - /* Note sizeof preMasterSecret is ENCRYPT_LEN currently 512 */ - length = sizeof(ssl->arrays->preMasterSecret); - - if (ssl->eccTempKeyPresent == 0) { - WOLFSSL_MSG("Ecc ephemeral key not made correctly"); - ret = ECC_MAKEKEY_ERROR; - } else { - ret = wc_ecc_shared_secret(ssl->eccTempKey, - ssl->peerEccKey, ssl->arrays->preMasterSecret + - OPAQUE16_LEN, &length); - } + /* Check for error */ if (ret != 0) { - return ECC_SHARED_ERROR; + goto exit_dcke; } - c16toa((word16)length, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN + length; - pms += ssl->arrays->preMasterSz; + /* Advance state and proceed */ + ssl->options.keyShareState = KEYSHARE_END; + } /* KEYSHARE_FINALIZE */ - /* Use the PSK hint to look up the PSK and add it to the - * preMasterSecret here. */ - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { - return PSK_KEY_ERROR; - } - - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - - #ifdef HAVE_QSH - if (ssl->options.haveQSH) { - /* extension name */ - ato16(input + *inOutIdx, &name); - *inOutIdx += OPAQUE16_LEN; - - if (name == TLSX_QUANTUM_SAFE_HYBRID) { - /* if qshSz is larger than 0 it is the length of - buffer used */ - if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) { - return qshSz; - } - *inOutIdx += qshSz; - } - else { - /* unknown extension sent client ignored - handshake */ - return BUFFER_ERROR; - } - } - #endif - if (ret == 0) - ret = MakeMasterSecret(ssl); - - /* No further need for PSK */ - ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; - } - break; - #endif /* HAVE_ECC && !NO_PSK */ - default: + case KEYSHARE_END: { - WOLFSSL_MSG("Bad kea type"); - ret = BAD_KEA_TYPE_E; - } - break; - } + /* Set final index */ + *inOutIdx = idx; - /* No further need for PMS */ - ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); - ssl->arrays->preMasterSz = 0; - - if (ret == 0) { - ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; + ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; #ifndef NO_CERTS if (ssl->options.verifyPeer) { ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes); } #endif + break; + } /* KEYSHARE_END */ + default: + ret = INPUT_CASE_ERROR; + } /* switch(ssl->options.keyShareState) */ + + exit_dcke: + #ifdef WOLFSSL_ASYNC_CRYPT + /* Handle WC_PENDING_E */ + if (ret == WC_PENDING_E) { + /* Store variables needed for async */ + XMEMSET(&ssl->async, 0, sizeof(ssl->async)); + ssl->async.idx = idx; + ssl->async.length = length; + + /* Adjust the index so header will be re-evaluated */ + *inOutIdx -= HANDSHAKE_HEADER_SZ; + /* Mark message as not recevied so it can process again */ + ssl->msgsReceived.got_client_key_exchange = 0; + + /* Push event to queue */ + ret = wolfSSL_async_push(ssl, WOLF_EVENT_TYPE_ASYNC_ACCEPT); + if (ret == 0) { + return WC_PENDING_E; + } } + #endif + + /* Cleanup PMS */ + ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); + ssl->arrays->preMasterSz = 0; + + /* Final cleanup */ + FreeKeyExchange(ssl); return ret; } + #ifdef HAVE_STUNNEL static int SNI_Callback(WOLFSSL* ssl) { @@ -18204,4 +19091,7 @@ int DoSessionTicket(WOLFSSL* ssl, } #endif /* HAVE_STUNNEL */ #endif /* NO_WOLFSSL_SERVER */ + +#undef ERROR_OUT + #endif /* WOLFCRYPT_ONLY */ diff --git a/src/io.c b/src/io.c index 026c66e7a..c971951f5 100644 --- a/src/io.c +++ b/src/io.c @@ -1,8 +1,8 @@ /* io.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -404,7 +405,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) WOLFSSL_ENTER("EmbedReceiveFrom()"); - if (!wolfSSL_get_using_nonblock(ssl) && dtls_timeout != 0) { + if (ssl->options.handShakeDone) + dtls_timeout = 0; + + if (!wolfSSL_get_using_nonblock(ssl)) { #ifdef USE_WINDOWS_API DWORD timeout = dtls_timeout * 1000; #else diff --git a/src/keys.c b/src/keys.c index 07a0b1d38..849636ee1 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,8 +1,8 @@ /* keys.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Name change compatibility layer no longer needs to be included here */ #ifdef HAVE_CONFIG_H @@ -1550,6 +1551,23 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; @@ -3058,6 +3076,7 @@ int MakeMasterSecret(WOLFSSL* ssl) /* show secret SerSi and CliSi */ #ifdef SHOW_SECRETS + { word32 j; printf("QSH generated secret material\n"); printf("SerSi : "); @@ -3070,6 +3089,7 @@ int MakeMasterSecret(WOLFSSL* ssl) printf("%02x", ssl->QSH_secret->CliSi->buffer[j]); } printf("\n"); + } #endif } #endif diff --git a/src/ocsp.c b/src/ocsp.c index a1fd6dc25..59a8cf057 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,8 +1,8 @@ /* ocsp.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Name change compatibility layer no longer needs to be included here */ #ifdef HAVE_CONFIG_H @@ -37,6 +38,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -118,7 +120,7 @@ static int xstat2err(int stat) } -int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse) +int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, buffer* responseBuffer) { int ret = OCSP_LOOKUP_FAIL; @@ -141,7 +143,7 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse) #endif if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) { - ret = CheckOcspRequest(ocsp, ocspRequest, encodedResponse); + ret = CheckOcspRequest(ocsp, ocspRequest, responseBuffer); FreeOcspRequest(ocspRequest); } @@ -239,14 +241,13 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, } int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, - void* encodedResponse) + buffer* responseBuffer) { OcspEntry* entry = NULL; CertStatus* status = NULL; byte* request = NULL; int requestSz = 2048; byte* response = NULL; - buffer* responseBuffer = (buffer*) encodedResponse; const char* url = NULL; int urlSz = 0; int ret = -1; diff --git a/src/sniffer.c b/src/sniffer.c index 30e860c5c..4a9f18570 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,8 +1,8 @@ /* sniffer.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -49,6 +50,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -1080,6 +1082,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, ret = 0; } + ForceZero(loadBuf, (word32)fileSz); free(loadBuf); *keyBuf = saveBuf; @@ -1341,16 +1344,17 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, RsaKey key; int ret; - if (session->sslServer->buffers.key.buffer == NULL || - session->sslServer->buffers.key.length == 0) { + if (session->sslServer->buffers.key == NULL || + session->sslServer->buffers.key->buffer == NULL || + session->sslServer->buffers.key->length == 0) { SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE); return -1; } ret = wc_InitRsaKey(&key, 0); if (ret == 0) - ret = wc_RsaPrivateKeyDecode(session->sslServer->buffers.key.buffer, - &idx, &key, session->sslServer->buffers.key.length); + ret = wc_RsaPrivateKeyDecode(session->sslServer->buffers.key->buffer, + &idx, &key, session->sslServer->buffers.key->length); if (ret == 0) { int length = wc_RsaEncryptSize(&key); @@ -3090,6 +3094,7 @@ doPart: * wants to null terminate plaintext */ tmpData = (byte*)realloc(*data, decoded + ret + 1); if (tmpData == NULL) { + ForceZero(*data, decoded); free(*data); *data = NULL; SetError(MEMORY_STR, error, session, @@ -3240,10 +3245,23 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error) /* Deallocator for the decoded data buffer. */ /* returns 0 on success, -1 on error */ int ssl_FreeDecodeBuffer(byte** data, char* error) +{ + return ssl_FreeZeroDecodeBuffer(data, 0, error); +} + + +/* Deallocator for the decoded data buffer, zeros out buffer. */ +/* returns 0 on success, -1 on error */ +int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error) { (void)error; + if (sz < 0) { + return -1; + } + if (data != NULL) { + ForceZero(*data, (word32)sz); free(*data); *data = NULL; } diff --git a/src/ssl.c b/src/ssl.c index ec2a75f77..de77d497c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,8 +1,8 @@ /* ssl.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -37,6 +38,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -85,7 +87,11 @@ #ifdef WOLFSSL_SHA512 #include #endif - #include + #include +#endif + +#ifdef NO_ASN + #include #endif #ifndef NO_FILESYSTEM @@ -148,12 +154,147 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) } #endif +#ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS +int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, unsigned int sz) +{ + WOLFSSL_ENTER("wolfSSL_session_import"); + + if (ssl == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + /* sanity checks on buffer and protocol are done in internal function */ + return wolfSSL_dtls_import_internal(ssl, buf, sz); +} + + +/* Sets the function to call for serializing the session. This function is + * called right after the handshake is completed. */ +int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func) +{ + + WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export"); + + /* purposefully allow func to be NULL */ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + + ctx->dtls_export = func; + + return SSL_SUCCESS; +} + + +/* Sets the function in WOLFSSL struct to call for serializing the session. This + * function is called right after the handshake is completed. */ +int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func) +{ + + WOLFSSL_ENTER("wolfSSL_dtls_set_export"); + + /* purposefully allow func to be NULL */ + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + ssl->dtls_export = func; + + return SSL_SUCCESS; +} + + +/* This function allows for directly serializing a session rather than using + * callbacks. It has less overhead by removing a temporary buffer and gives + * control over when the session gets serialized. When using callbacks the + * session is always serialized immediatly after the handshake is finished. + * + * buf is the argument to contain the serialized session + * sz is the size of the buffer passed in + * ssl is the WOLFSSL struct to serialize + * returns the size of serialized session on success, 0 on no action, and + * negative value on error */ +int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz) +{ + WOLFSSL_ENTER("wolfSSL_dtls_export"); + + if (ssl == NULL || sz == NULL) { + return BAD_FUNC_ARG; + } + + if (buf == NULL) { + *sz = MAX_EXPORT_BUFFER; + return 0; + } + + /* if not DTLS do nothing */ + if (!ssl->options.dtls) { + WOLFSSL_MSG("Currently only DTLS export is supported"); + return 0; + } + + /* copy over keys, options, and dtls state struct */ + return wolfSSL_dtls_export_internal(ssl, buf, *sz); +} + + +/* returns 0 on success */ +int wolfSSL_send_session(WOLFSSL* ssl) +{ + int ret; + byte* buf; + word16 bufSz = MAX_EXPORT_BUFFER; + + WOLFSSL_ENTER("wolfSSL_send_session"); + + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + return MEMORY_E; + } + + /* if not DTLS do nothing */ + if (!ssl->options.dtls) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Currently only DTLS export is supported"); + return 0; + } + + /* copy over keys, options, and dtls state struct */ + ret = wolfSSL_dtls_export_internal(ssl, buf, bufSz); + if (ret < 0) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + /* if no error ret has size of buffer */ + ret = ssl->dtls_export(ssl, buf, ret, NULL); + if (ret != SSL_SUCCESS) { + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return 0; +} +#endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_SESSION_EXPORT */ + /* prevent multiple mutex initializations */ static volatile int initRefCount = 0; static wolfSSL_Mutex count_mutex; /* init ref count mutex */ +/* Create a new WOLFSSL_CTX struct and return the pointer to created struct. + WOLFSSL_METHOD pointer passed in is given to ctx to manage. + This function frees the passed in WOLFSSL_METHOD struct on failure and on + success is freed when ctx is freed. + */ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) { WOLFSSL_CTX* ctx = NULL; @@ -166,6 +307,9 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) if (ret != SSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_Init failed"); WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0); + if (method != NULL) { + XFREE(method, NULL, DYNAMIC_TYPE_METHOD); + } return NULL; } } @@ -222,6 +366,7 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx) return ssl; } + void wolfSSL_free(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_free"); @@ -310,6 +455,11 @@ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value) int wolfSSL_set_fd(WOLFSSL* ssl, int fd) { WOLFSSL_ENTER("SSL_set_fd"); + + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + ssl->rfd = fd; /* not used directly to allow IO callbacks */ ssl->wfd = fd; @@ -455,7 +605,6 @@ int wolfSSL_negotiate(WOLFSSL* ssl) int err = SSL_FATAL_ERROR; WOLFSSL_ENTER("wolfSSL_negotiate"); - #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) err = wolfSSL_accept(ssl); @@ -529,6 +678,57 @@ int wolfSSL_GetObjectSize(void) } #endif +#ifdef HAVE_ECC +int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) +{ + if (ctx == NULL || keySz < 0 || keySz % 8 != 0) { + WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null"); + return BAD_FUNC_ARG; + } + + ctx->minEccKeySz = keySz / 8; + ctx->cm->minEccKeySz = keySz / 8; + return SSL_SUCCESS; +} + + +int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz) +{ + if (ssl == NULL || keySz < 0 || keySz % 8 != 0) { + WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null"); + return BAD_FUNC_ARG; + } + + ssl->options.minEccKeySz = keySz / 8; + return SSL_SUCCESS; +} +#endif /* !NO_RSA */ + +#ifndef NO_RSA +int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz) +{ + if (ctx == NULL || keySz < 0 || keySz % 8 != 0) { + WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null"); + return BAD_FUNC_ARG; + } + + ctx->minRsaKeySz = keySz / 8; + ctx->cm->minRsaKeySz = keySz / 8; + return SSL_SUCCESS; +} + + +int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz) +{ + if (ssl == NULL || keySz < 0 || keySz % 8 != 0) { + WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null"); + return BAD_FUNC_ARG; + } + + ssl->options.minRsaKeySz = keySz / 8; + return SSL_SUCCESS; +} +#endif /* !NO_RSA */ #ifndef NO_DH /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ @@ -682,7 +882,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) { int ret; - WOLFSSL_ENTER("wolfSSL_read_internal"); + WOLFSSL_ENTER("wolfSSL_read_internal()"); if (ssl == NULL || data == NULL || sz < 0) return BAD_FUNC_ARG; @@ -702,7 +902,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek); #endif - WOLFSSL_LEAVE("wolfSSL_read_internal", ret); + WOLFSSL_LEAVE("wolfSSL_read_internal()", ret); if (ret < 0) return SSL_FATAL_ERROR; @@ -1360,10 +1560,9 @@ int wolfSSL_shutdown(WOLFSSL* ssl) byte tmp; WOLFSSL_ENTER("SSL_shutdown()"); - if (ssl == NULL) { - WOLFSSL_MSG("Null ssl pointer"); + if (ssl == NULL) return SSL_FATAL_ERROR; - } + if (ssl->options.quietShutdown) { WOLFSSL_MSG("quiet shutdown, no close notify sent"); return SSL_SUCCESS; @@ -1375,7 +1574,6 @@ int wolfSSL_shutdown(WOLFSSL* ssl) ssl->error = SendAlert(ssl, alert_warning, close_notify); if (ssl->error < 0) { WOLFSSL_ERROR(ssl->error); - WOLFSSL_LEAVE("SSL_shutdown()", SSL_FATAL_ERROR); return SSL_FATAL_ERROR; } ssl->options.sentNotify = 1; /* don't send close_notify twice */ @@ -1702,6 +1900,59 @@ int wolfSSL_GetHmacSize(WOLFSSL* ssl) #ifndef NO_CERTS +int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap) +{ + int ret = BAD_FUNC_ARG; + if (pDer) { + int dynType = 0; + DerBuffer* der; + + /* Determine dynamic type */ + switch (type) { + case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break; + case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break; + case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break; + case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break; + case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break; + case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break; + default: dynType = DYNAMIC_TYPE_KEY; break; + } + + /* Setup new buffer */ + *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType); + if (*pDer == NULL) { + return MEMORY_ERROR; + } + + der = *pDer; + der->type = type; + der->dynType = dynType; /* Cache this for FreeDer */ + der->heap = heap; + der->buffer = (byte*)der + sizeof(DerBuffer); + der->length = length; + ret = 0; /* Success */ + } + return ret; +} + +void FreeDer(DerBuffer** pDer) +{ + if (pDer && *pDer) + { + DerBuffer* der = (DerBuffer*)*pDer; + + /* ForceZero private keys */ + if (der->type == PRIVATEKEY_TYPE) { + ForceZero(der->buffer, der->length); + } + der->buffer = NULL; + der->length = 0; + XFREE(der, der->heap, der->dynType); + + *pDer = NULL; + } +} + WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) { WOLFSSL_CERT_MANAGER* cm = NULL; @@ -1718,6 +1969,22 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) wolfSSL_CertManagerFree(cm); return NULL; } + + #ifdef WOLFSSL_TRUST_PEER_CERT + if (InitMutex(&cm->tpLock) != 0) { + WOLFSSL_MSG("Bad mutex init"); + wolfSSL_CertManagerFree(cm); + return NULL; + } + #endif + + /* set default minimum key size allowed */ + #ifndef NO_RSA + cm->minRsaKeySz = MIN_RSAKEY_SZ; + #endif + #ifdef HAVE_ECC + cm->minEccKeySz = MIN_ECCKEY_SZ; + #endif } return cm; @@ -1744,6 +2011,12 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #endif FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); FreeMutex(&cm->caLock); + + #ifdef WOLFSSL_TRUST_PEER_CERT + FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL); + FreeMutex(&cm->tpLock); + #endif + XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER); } @@ -1770,13 +2043,34 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) } +#ifdef WOLFSSL_TRUST_PEER_CERT +int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnload_trust_peers"); + + if (cm == NULL) + return BAD_FUNC_ARG; + + if (LockMutex(&cm->tpLock) != 0) + return BAD_MUTEX_E; + + FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL); + + UnLockMutex(&cm->tpLock); + + + return SSL_SUCCESS; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + /* Return bytes written to buff or < 0 for error */ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, int buffSz, int type) { int eccKey = 0; int ret; - buffer der; + DerBuffer* der = NULL; #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -1805,7 +2099,6 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, info->set = 0; info->ctx = NULL; info->consumed = 0; - der.buffer = NULL; ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey); @@ -1817,9 +2110,9 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, WOLFSSL_MSG("Bad Pem To Der"); } else { - if (der.length <= (word32)buffSz) { - XMEMCPY(buff, der.buffer, der.length); - ret = der.length; + if (der->length <= (word32)buffSz) { + XMEMCPY(buff, der->buffer, der->length); + ret = der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -1827,11 +2120,11 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, } } - XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY); - + FreeDer(&der); return ret; } +#endif /* NO_CERTS */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) @@ -1849,6 +2142,7 @@ static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata) #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ +#ifndef NO_CERTS /* Return bytes written to buff or < 0 for error */ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, @@ -1856,7 +2150,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, { int eccKey = 0; int ret; - buffer der; + DerBuffer* der = NULL; #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -1880,7 +2174,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, info->set = 0; info->ctx = NULL; info->consumed = 0; - der.buffer = NULL; #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) if (pass) { @@ -1912,9 +2205,9 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, WOLFSSL_MSG("Bad Pem To Der"); } else { - if (der.length <= (word32)buffSz) { - XMEMCPY(buff, der.buffer, der.length); - ret = der.length; + if (der->length <= (word32)buffSz) { + XMEMCPY(buff, der->buffer, der->length); + ret = der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -1922,7 +2215,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, } } - XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY); + FreeDer(&der); return ret; } @@ -1999,6 +2292,10 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl) /* make minVersion the internal equivalent SSL version */ static int SetMinVersionHelper(byte* minVersion, int version) { +#ifdef NO_TLS + (void)minVersion; +#endif + switch (version) { #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) case WOLFSSL_SSLV3: @@ -2164,6 +2461,112 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash) } +#ifdef WOLFSSL_TRUST_PEER_CERT +/* hash is the SHA digest of name, just use first 32 bits as hash */ +static INLINE word32 TrustedPeerHashSigner(const byte* hash) +{ + return MakeWordFromHash(hash) % TP_TABLE_SIZE; +} + +/* does trusted peer already exist on signer list */ +int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash) +{ + TrustedPeerCert* tp; + int ret = 0; + word32 row = TrustedPeerHashSigner(hash); + + if (LockMutex(&cm->tpLock) != 0) + return ret; + tp = cm->tpTable[row]; + while (tp) { + byte* subjectHash; + #ifndef NO_SKID + subjectHash = tp->subjectKeyIdHash; + #else + subjectHash = tp->subjectNameHash; + #endif + if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { + ret = 1; + break; + } + tp = tp->next; + } + UnLockMutex(&cm->tpLock); + + return ret; +} + + +/* return Trusted Peer if found, otherwise NULL + type is what to match on + */ +TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, int type) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + TrustedPeerCert* ret = NULL; + TrustedPeerCert* tp = NULL; + word32 row; + + if (cm == NULL || hash == NULL) + return NULL; + + row = TrustedPeerHashSigner(hash); + + if (LockMutex(&cm->tpLock) != 0) + return ret; + + tp = cm->tpTable[row]; + while (tp) { + byte* subjectHash; + switch (type) { + #ifndef NO_SKID + case WC_MATCH_SKID: + subjectHash = tp->subjectKeyIdHash; + break; + #endif + case WC_MATCH_NAME: + subjectHash = tp->subjectNameHash; + break; + default: + WOLFSSL_MSG("Unknown search type"); + UnLockMutex(&cm->tpLock); + return NULL; + } + if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { + ret = tp; + break; + } + tp = tp->next; + } + UnLockMutex(&cm->tpLock); + + return ret; +} + + +int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert) +{ + if (tp == NULL || cert == NULL) + return BAD_FUNC_ARG; + + /* subject key id or subject hash has been compared when searching + tpTable for the cert from function GetTrustedPeer */ + + /* compare signatures */ + if (tp->sigLen == cert->sigLength) { + if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) { + return SSL_FAILURE; + } + } + else { + return SSL_FAILURE; + } + + return SSL_SUCCESS; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + /* return CA if found, otherwise NULL */ Signer* GetCA(void* vp, byte* hash) { @@ -2230,10 +2633,138 @@ Signer* GetCAByName(void* vp, byte* hash) #endif +#ifdef WOLFSSL_TRUST_PEER_CERT +/* add a trusted peer cert to linked list */ +int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) +{ + int ret, row; + TrustedPeerCert* peerCert; + DecodedCert* cert = NULL; + DerBuffer* der = *pDer; + byte* subjectHash = NULL; + + WOLFSSL_MSG("Adding a Trusted Peer Cert"); + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; + + InitDecodedCert(cert, der->buffer, der->length, cm->heap); + if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) { + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + WOLFSSL_MSG(" Parsed new trusted peer cert"); + + peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), NULL, + DYNAMIC_TYPE_CERT); + if (peerCert == NULL) { + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); + +#ifndef NO_SKID + if (cert->extAuthKeyIdSet) { + subjectHash = cert->extSubjKeyId; + } + else { + subjectHash = cert->subjectHash; + } +#else + subjectHash = cert->subjectHash; +#endif + + #ifndef IGNORE_NAME_CONSTRAINTS + if (peerCert->permittedNames) + FreeNameSubtrees(peerCert->permittedNames, cm->heap); + if (peerCert->excludedNames) + FreeNameSubtrees(peerCert->excludedNames, cm->heap); + #endif + + if (AlreadyTrustedPeer(cm, subjectHash)) { + WOLFSSL_MSG(" Already have this CA, not adding again"); + (void)ret; + } + else { + /* add trusted peer signature */ + peerCert->sigLen = cert->sigLength; + peerCert->sig = XMALLOC(cert->sigLength, cm->heap, + DYNAMIC_TYPE_SIGNATURE); + if (peerCert->sig == NULL) { + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + FreeTrustedPeer(peerCert, cm->heap); + return MEMORY_E; + } + XMEMCPY(peerCert->sig, cert->signature, cert->sigLength); + + /* add trusted peer name */ + peerCert->nameLen = cert->subjectCNLen; + peerCert->name = cert->subjectCN; + #ifndef IGNORE_NAME_CONSTRAINTS + peerCert->permittedNames = cert->permittedNames; + peerCert->excludedNames = cert->excludedNames; + #endif + + /* add SKID when available and hash of name */ + #ifndef NO_SKID + XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId, + SIGNER_DIGEST_SIZE); + #endif + XMEMCPY(peerCert->subjectNameHash, cert->subjectHash, + SIGNER_DIGEST_SIZE); + peerCert->next = NULL; /* If Key Usage not set, all uses valid. */ + cert->subjectCN = 0; + #ifndef IGNORE_NAME_CONSTRAINTS + cert->permittedNames = NULL; + cert->excludedNames = NULL; + #endif + + #ifndef NO_SKID + if (cert->extAuthKeyIdSet) { + row = TrustedPeerHashSigner(peerCert->subjectKeyIdHash); + } + else { + row = TrustedPeerHashSigner(peerCert->subjectNameHash); + } + #else + row = TrustedPeerHashSigner(peerCert->subjectNameHash); + #endif + + if (LockMutex(&cm->tpLock) == 0) { + peerCert->next = cm->tpTable[row]; + cm->tpTable[row] = peerCert; /* takes ownership */ + UnLockMutex(&cm->tpLock); + } + else { + WOLFSSL_MSG(" Trusted Peer Cert Mutex Lock failed"); + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + FreeTrustedPeer(peerCert, cm->heap); + return BAD_MUTEX_E; + } + } + + WOLFSSL_MSG(" Freeing parsed trusted peer cert"); + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG(" Freeing der trusted peer cert"); + FreeDer(&der); + WOLFSSL_MSG(" OK Freeing der trusted peer cert"); + WOLFSSL_LEAVE("AddTrustedPeer", ret); + + return SSL_SUCCESS; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + /* owns der, internal now uses too */ /* type flag ids from user or from chain received during verify don't allow chain ones to be added w/o isCA extension */ -int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) +int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) { int ret; Signer* signer = 0; @@ -2244,6 +2775,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) #else DecodedCert cert[1]; #endif + DerBuffer* der = *pDer; WOLFSSL_MSG("Adding a CA"); @@ -2254,7 +2786,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) return MEMORY_E; #endif - InitDecodedCert(cert, der.buffer, der.length, cm->heap); + InitDecodedCert(cert, der->buffer, der->length, cm->heap); ret = ParseCert(cert, CA_TYPE, verify, cm); WOLFSSL_MSG(" Parsed new CA"); @@ -2264,6 +2796,34 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) subjectHash = cert->subjectHash; #endif + /* check CA key size */ + if (verify) { + switch (cert->keyOID) { + #ifndef NO_RSA + case RSAk: + if (cm->minRsaKeySz < 0 || + cert->pubKeySize < (word16)cm->minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG(" CA RSA key size error"); + } + break; + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + if (cm->minEccKeySz < 0 || + cert->pubKeySize < (word16)cm->minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG(" CA ECC key size error"); + } + break; + #endif /* HAVE_ECC */ + + default: + WOLFSSL_MSG(" No key size check done on CA"); + break; /* no size check if key type is not in switch */ + } + } + if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) { WOLFSSL_MSG(" Can't add as CA if not actually one"); ret = NOT_CA_ERROR; @@ -2323,7 +2883,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) cm->caTable[row] = signer; /* takes ownership */ UnLockMutex(&cm->caLock); if (cm->caCacheCallback) - cm->caCacheCallback(der.buffer, (int)der.length, type); + cm->caCacheCallback(der->buffer, (int)der->length, type); } else { WOLFSSL_MSG(" CA Mutex Lock failed"); @@ -2339,7 +2899,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif WOLFSSL_MSG(" Freeing der CA"); - XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA); + FreeDer(pDer); WOLFSSL_MSG(" OK Freeing der CA"); WOLFSSL_LEAVE("AddCA", ret); @@ -2454,10 +3014,10 @@ int wolfSSL_Init(void) } -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_CERTS) /* SSL_SUCCESS if ok, <= 0 else */ -static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, +static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password, int passwordSz, EncryptedInfo* info) { int ret = SSL_BAD_FILE; @@ -2511,7 +3071,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length, key, info->iv); #endif /* NO_DES3 */ -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, key, AES_128_KEY_SIZE, info->iv); @@ -2521,7 +3081,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, key, AES_256_KEY_SIZE, info->iv); -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2615,7 +3175,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, /* Remove PEM header/footer, convert to ASN1, store any encrypted data info->consumed tracks of PEM bytes consumed in case multiple parts */ int PemToDer(const unsigned char* buff, long longSz, int type, - buffer* der, void* heap, EncryptedInfo* info, int* eccKey) + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey) { const char* header = NULL; const char* footer = NULL; @@ -2625,17 +3185,15 @@ int PemToDer(const unsigned char* buff, long longSz, int type, char* bufferEnd = (char*)(buff + longSz); long neededSz; int ret = 0; - int dynamicType = 0; int sz = (int)longSz; int encrypted_key = 0; - - (void)dynamicType; - (void)heap; + DerBuffer* der; WOLFSSL_ENTER("PemToDer"); switch (type) { case CA_TYPE: /* same as below */ + case TRUSTED_PEER_TYPE: case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; @@ -2647,16 +3205,6 @@ int PemToDer(const unsigned char* buff, long longSz, int type, default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; } - switch (type) { - case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break; - case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break; - case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break; - case DSA_TYPE: dynamicType = DYNAMIC_TYPE_DSA; break; - case ECC_TYPE: dynamicType = DYNAMIC_TYPE_ECC; break; - case RSA_TYPE: dynamicType = DYNAMIC_TYPE_RSA; break; - default: dynamicType = DYNAMIC_TYPE_KEY; break; - } - /* find header */ for (;;) { headerEnd = XSTRNSTR((char*)buff, header, sz); @@ -2777,11 +3325,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE; - der->buffer = (byte*)XMALLOC(neededSz, heap, dynamicType); - if (!der->buffer) - return MEMORY_ERROR; - - der->length = (word32)neededSz; + ret = AllocDer(pDer, (word32)neededSz, type, heap); + if (ret < 0) { + return ret; + } + der = *pDer; if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer, &der->length) < 0) @@ -2809,7 +3357,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, return SSL_BAD_FILE; /* no callback error */ #ifdef WOLFSSL_SMALL_STACK - password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); + password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER); if (password == NULL) return MEMORY_E; #endif @@ -2823,7 +3371,6 @@ int PemToDer(const unsigned char* buff, long longSz, int type, XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret < 0) { - XFREE(der->buffer, heap, dynamicType); return ret; } @@ -2834,10 +3381,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info); #ifdef WOLFSSL_SMALL_STACK - XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret != SSL_SUCCESS) { - XFREE(der->buffer, heap, dynamicType); return ret; } } @@ -2855,9 +3401,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, int format, int type, WOLFSSL* ssl, long* used, int userChain) { - buffer der; /* holds DER or RAW (for NTRU) */ + DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */ int ret; - int dynamicType = 0; int eccKey = 0; int rsaKey = 0; void* heap = ctx ? ctx->heap : NULL; @@ -2867,7 +3412,6 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, EncryptedInfo info[1]; #endif - (void)dynamicType; (void)rsaKey; if (used) @@ -2880,15 +3424,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (ctx == NULL && ssl == NULL) return BAD_FUNC_ARG; - if (type == CA_TYPE) - dynamicType = DYNAMIC_TYPE_CA; - else if (type == CERT_TYPE) - dynamicType = DYNAMIC_TYPE_CERT; - else - dynamicType = DYNAMIC_TYPE_KEY; - #ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap, DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) return MEMORY_E; @@ -2897,7 +3434,6 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, info->set = 0; info->ctx = ctx; info->consumed = 0; - der.buffer = 0; if (format == SSL_FILETYPE_PEM) { ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey); @@ -2907,9 +3443,9 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return ret; } @@ -2921,8 +3457,6 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ #endif byte* chainBuffer = staticBuffer; - byte* shrinked = NULL; /* shrinked to size chainBuffer - * or staticBuffer */ int dynamicBuffer = 0; word32 bufferSz = sizeof(staticBuffer); long consumed = info->consumed; @@ -2936,9 +3470,9 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE); if (chainBuffer == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return MEMORY_E; } dynamicBuffer = 1; @@ -2946,30 +3480,28 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, WOLFSSL_MSG("Processing Cert Chain"); while (consumed < sz) { - buffer part; + DerBuffer* part = NULL; info->consumed = 0; - part.buffer = 0; ret = PemToDer(buff + consumed, sz - consumed, type, &part, heap, info, &eccKey); if (ret == 0) { gotOne = 1; - if ( (idx + part.length) > bufferSz) { + if ( (idx + part->length) > bufferSz) { WOLFSSL_MSG(" Cert Chain bigger than buffer"); ret = BUFFER_E; } else { - c32to24(part.length, &chainBuffer[idx]); + c32to24(part->length, &chainBuffer[idx]); idx += CERT_HEADER_SZ; - XMEMCPY(&chainBuffer[idx], part.buffer,part.length); - idx += part.length; + XMEMCPY(&chainBuffer[idx], part->buffer, part->length); + idx += part->length; consumed += info->consumed; if (used) *used += info->consumed; } } - - XFREE(part.buffer, heap, dynamicType); + FreeDer(&part); if (ret == SSL_NO_PEM_HEADER && gotOne) { WOLFSSL_MSG("We got one good PEM so stuff at end ok"); @@ -2981,9 +3513,9 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (dynamicBuffer) XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return ret; } WOLFSSL_MSG(" Consumed another Cert in Chain"); @@ -2991,50 +3523,48 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, WOLFSSL_MSG("Finished Processing Cert Chain"); /* only retain actual size used */ - if (idx > 0) /* clang thinks it can be zero, let's help analysis */ - shrinked = (byte*)XMALLOC(idx, heap, dynamicType); - if (shrinked) { + ret = 0; + if (idx > 0) { if (ssl) { - if (ssl->buffers.certChain.buffer && - ssl->buffers.weOwnCertChain) { - XFREE(ssl->buffers.certChain.buffer, heap, dynamicType); + if (ssl->buffers.weOwnCertChain) { + FreeDer(&ssl->buffers.certChain); + } + ret = AllocDer(&ssl->buffers.certChain, idx, type, heap); + if (ret == 0) { + XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx); + ssl->buffers.weOwnCertChain = 1; } - ssl->buffers.certChain.buffer = shrinked; - ssl->buffers.certChain.length = idx; - XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx); - ssl->buffers.weOwnCertChain = 1; } else if (ctx) { - if (ctx->certChain.buffer) - XFREE(ctx->certChain.buffer, heap, dynamicType); - ctx->certChain.buffer = shrinked; - ctx->certChain.length = idx; - XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); + FreeDer(&ctx->certChain); + ret = AllocDer(&ctx->certChain, idx, type, heap); + if (ret == 0) { + XMEMCPY(ctx->certChain->buffer, chainBuffer, idx); + } } } if (dynamicBuffer) XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); - if (idx > 0 && shrinked == NULL) { + if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - XFREE(der.buffer, heap, dynamicType); - return MEMORY_E; + FreeDer(&der); + return ret; } } } else { /* ASN1 (DER) or RAW (NTRU) */ - der.buffer = (byte*) XMALLOC(sz, heap, dynamicType); - if (!der.buffer) { + ret = AllocDer(&der, (word32)sz, type, heap); + if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - return MEMORY_ERROR; + return ret; } - XMEMCPY(der.buffer, buff, sz); - der.length = (word32)sz; + XMEMCPY(der->buffer, buff, sz); } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) @@ -3049,7 +3579,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); + password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER); if (password == NULL) ret = MEMORY_E; else @@ -3062,66 +3592,96 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, 0, ctx->userdata); /* decrypt the key */ - ret = wolfssl_decrypt_buffer_key(&der, (byte*)password, + ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info); } #ifdef WOLFSSL_SMALL_STACK - XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret != SSL_SUCCESS) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return ret; } } #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + /* Handle DER owner */ if (type == CA_TYPE) { if (ctx == NULL) { WOLFSSL_MSG("Need context for CA load"); - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return BAD_FUNC_ARG; } /* verify CA unless user set to no verify */ - return AddCA(ctx->cm, der, WOLFSSL_USER_CA, !ctx->verifyNone); - /* takes der over */ + return AddCA(ctx->cm, &der, WOLFSSL_USER_CA, !ctx->verifyNone); } +#ifdef WOLFSSL_TRUST_PEER_CERT + else if (type == TRUSTED_PEER_TYPE) { + if (ctx == NULL) { + WOLFSSL_MSG("Need context for trusted peer cert load"); + FreeDer(&der); + return BAD_FUNC_ARG; + } + /* add trusted peer cert */ + return AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone); + } +#endif /* WOLFSSL_TRUST_PEER_CERT */ else if (type == CERT_TYPE) { if (ssl) { - if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer) - XFREE(ssl->buffers.certificate.buffer, heap, dynamicType); - ssl->buffers.certificate = der; + /* Make sure previous is free'd */ + if (ssl->buffers.weOwnCert) { + FreeDer(&ssl->buffers.certificate); + #ifdef KEEP_OUR_CERT + FreeX509(ssl->ourCert); + if (ssl->ourCert) { + XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); + ssl->ourCert = NULL; + } + #endif + } + XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der)); + #ifdef KEEP_OUR_CERT + ssl->keepCert = 1; /* hold cert for ssl lifetime */ + #endif ssl->buffers.weOwnCert = 1; } else if (ctx) { - if (ctx->certificate.buffer) - XFREE(ctx->certificate.buffer, heap, dynamicType); - ctx->certificate = der; /* takes der over */ + FreeDer(&ctx->certificate); /* Make sure previous is free'd */ + #ifdef KEEP_OUR_CERT + FreeX509(ctx->ourCert); + if (ctx->ourCert) { + XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); + ctx->ourCert = NULL; + } + #endif + XMEMCPY(&ctx->certificate, &der, sizeof(der)); } } else if (type == PRIVATEKEY_TYPE) { if (ssl) { - if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer) - XFREE(ssl->buffers.key.buffer, heap, dynamicType); - ssl->buffers.key = der; + /* Make sure previous is free'd */ + if (ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + } + XMEMCPY(&ssl->buffers.key, &der, sizeof(der)); ssl->buffers.weOwnKey = 1; } else if (ctx) { - if (ctx->privateKey.buffer) - XFREE(ctx->privateKey.buffer, heap, dynamicType); - ctx->privateKey = der; /* takes der over */ + FreeDer(&ctx->privateKey); + XMEMCPY(&ctx->privateKey, &der, sizeof(der)); } } else { - XFREE(der.buffer, heap, dynamicType); + FreeDer(&der); return SSL_BAD_CERTTYPE; } @@ -3137,7 +3697,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, + key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) return MEMORY_E; @@ -3145,7 +3705,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ret = wc_InitRsaKey(key, 0); if (ret == 0) { - if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) + if (wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length) != 0) { #ifdef HAVE_ECC /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ @@ -3154,6 +3714,20 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (!eccKey) ret = SSL_BAD_FILE; } else { + /* check that the size of the RSA key is enough */ + int RsaSz = wc_RsaEncryptSize((RsaKey*)key); + if (ssl) { + if (RsaSz < ssl->options.minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG("Private Key size too small"); + } + } + else if(ctx) { + if (RsaSz < ctx->minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG("Private Key size too small"); + } + } rsaKey = 1; (void)rsaKey; /* for no ecc builds */ } @@ -3162,7 +3736,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret != 0) @@ -3176,10 +3750,28 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ecc_key key; wc_ecc_init(&key); - if (wc_EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { + if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key, + der->length) != 0) { wc_ecc_free(&key); return SSL_BAD_FILE; } + + /* check for minimum ECC key size and then free */ + if (ssl) { + if (wc_ecc_size(&key) < ssl->options.minEccKeySz) { + wc_ecc_free(&key); + WOLFSSL_MSG("ECC private key too small"); + return ECC_KEY_SIZE_E; + } + } + else if (ctx) { + if (wc_ecc_size(&key) < ctx->minEccKeySz) { + wc_ecc_free(&key); + WOLFSSL_MSG("ECC private key too small"); + return ECC_KEY_SIZE_E; + } + } + wc_ecc_free(&key); eccKey = 1; if (ctx) @@ -3197,19 +3789,19 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif WOLFSSL_MSG("Checking cert signature type"); - InitDecodedCert(cert, der.buffer, der.length, heap); + InitDecodedCert(cert, der->buffer, der->length, heap); if (DecodeToKey(cert, 0) < 0) { WOLFSSL_MSG("Decode to key failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return SSL_BAD_FILE; } @@ -3252,10 +3844,58 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } #endif + /* check key size of cert unless specified not to */ + switch (cert->keyOID) { + #ifndef NO_RSA + case RSAk: + if (ssl && !ssl->options.verifyNone) { + if (ssl->options.minRsaKeySz < 0 || + cert->pubKeySize < (word16)ssl->options.minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG("Certificate RSA key size too small"); + } + } + else if (ctx && !ctx->verifyNone) { + if (ctx->minRsaKeySz < 0 || + cert->pubKeySize < (word16)ctx->minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG("Certificate RSA key size too small"); + } + } + break; + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + if (ssl && !ssl->options.verifyNone) { + if (ssl->options.minEccKeySz < 0 || + cert->pubKeySize < (word16)ssl->options.minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG("Certificate ECC key size error"); + } + } + else if (ctx && !ctx->verifyNone) { + if (ctx->minEccKeySz < 0 || + cert->pubKeySize < (word16)ctx->minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG("Certificate ECC key size error"); + } + } + break; + #endif /* HAVE_ECC */ + + default: + WOLFSSL_MSG("No key size check done on certificate"); + break; /* do no check if not a case for the key */ + } + FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + + if (ret != 0) { + return ret; + } } return SSL_SUCCESS; @@ -3429,7 +4069,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, long sz, int format) { int ret = 0; - buffer der; + DerBuffer* der = NULL; #ifdef WOLFSSL_SMALL_STACK DecodedCert* cert = NULL; #else @@ -3439,15 +4079,12 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer"); #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif - der.buffer = NULL; - der.length = 0; - if (format == SSL_FILETYPE_PEM) { int eccKey = 0; /* not used */ #ifdef WOLFSSL_SMALL_STACK @@ -3457,10 +4094,10 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #endif #ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), cm->heap, DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -3470,10 +4107,10 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, info->consumed = 0; ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey); - InitDecodedCert(cert, der.buffer, der.length, cm->heap); + InitDecodedCert(cert, der->buffer, der->length, cm->heap); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif } else @@ -3488,10 +4125,9 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #endif FreeDecodedCert(cert); - - XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT); + FreeDer(&der); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret == 0 ? SSL_SUCCESS : ret; @@ -3823,7 +4459,8 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; else { - if (type == CA_TYPE && format == SSL_FILETYPE_PEM) + if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE) + && format == SSL_FILETYPE_PEM) ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl); #ifdef HAVE_CRL else if (type == CRL_TYPE) @@ -3953,6 +4590,25 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, } +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Used to specify a peer cert to match when connecting + ctx : the ctx structure to load in peer cert + file: the string name of cert file + type: type of format such as PEM/DER + */ +int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type) +{ + WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert"); + + if (ctx == NULL || file == NULL) { + return SSL_FAILURE; + } + + return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL); +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + /* Verify the certificate, SSL_SUCCESS for ok, < 0 for error */ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname, int format) @@ -4246,12 +4902,13 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int ecc = 0; long sz = 0; XFILE file = XFOPEN(fileName, "rb"); - buffer converted; + DerBuffer* converted = NULL; WOLFSSL_ENTER("wolfSSL_PemCertToDer"); - if (file == XBADFILE) + if (file == XBADFILE) { ret = SSL_BAD_FILE; + } else { XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); @@ -4268,11 +4925,10 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) dynamic = 1; } - converted.buffer = 0; - if (ret == 0) { - if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) + if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) { ret = SSL_BAD_FILE; + } else { #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, @@ -4291,15 +4947,15 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) } if (ret == 0) { - if (converted.length < (word32)derSz) { - XMEMCPY(derBuf, converted.buffer, converted.length); - ret = converted.length; + if (converted->length < (word32)derSz) { + XMEMCPY(derBuf, converted->buffer, converted->length); + ret = converted->length; } else ret = BUFFER_E; } - XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); + FreeDer(&converted); } XFCLOSE(file); @@ -4328,12 +4984,13 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, int ret = 0; long sz = 0; XFILE file = XFOPEN(fileName, "rb"); - buffer converted; + DerBuffer* converted = NULL; WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer"); - if (file == XBADFILE) + if (file == XBADFILE) { ret = SSL_BAD_FILE; + } else { XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); @@ -4349,9 +5006,6 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, else dynamic = 1; } - - converted.buffer = 0; - if (ret == 0) { if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -4360,15 +5014,15 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, 0, NULL, NULL); if (ret == 0) { - if (converted.length < (word32)derSz) { - XMEMCPY(derBuf, converted.buffer, converted.length); - ret = converted.length; + if (converted->length < (word32)derSz) { + XMEMCPY(derBuf, converted->buffer, converted->length); + ret = converted->length; } else ret = BUFFER_E; } - XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); + FreeDer(&converted); } XFCLOSE(file); @@ -4384,8 +5038,8 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, int buffSz) { - int ret; - buffer der; + int ret; + DerBuffer* der = NULL; WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer"); @@ -4394,16 +5048,14 @@ int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz, return BAD_FUNC_ARG; } - der.buffer = NULL; - ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL); if (ret < 0) { WOLFSSL_MSG("Bad Pem To Der"); } else { - if (der.length <= (word32)buffSz) { - XMEMCPY(buff, der.buffer, der.length); - ret = der.length; + if (der->length <= (word32)buffSz) { + XMEMCPY(buff, der->buffer, der->length); + ret = der->length; } else { WOLFSSL_MSG("Bad der length"); @@ -4411,7 +5063,7 @@ int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz, } } - XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY); + FreeDer(&der); return ret; } @@ -5704,8 +6356,6 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) { int result = SSL_SUCCESS; - DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); - ssl->dtls_msg_list = NULL; if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) { result = SSL_FATAL_ERROR; } @@ -6059,7 +6709,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } } #endif /* NO_HANDSHAKE_DONE_CB */ - FreeHandshakeResources(ssl); + + if (!ssl->options.dtls) { + FreeHandshakeResources(ssl); + } +#ifdef WOLFSSL_DTLS + else { + ssl->options.dtlsHsRetain = 1; + } +#endif /* WOLFSSL_DTLS */ + WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS); return SSL_SUCCESS; @@ -6127,8 +6786,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, { word16 havePSK = 0; word16 haveAnon = 0; - - WOLFSSL_ENTER("wolfSSL_accept"); + WOLFSSL_ENTER("SSL_accept()"); #ifdef HAVE_ERRNO_H errno = 0; @@ -6152,12 +6810,14 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifndef NO_CERTS /* in case used set_accept_state after init */ if (!havePSK && !haveAnon && - (ssl->buffers.certificate.buffer == NULL || - ssl->buffers.key.buffer == NULL)) { - WOLFSSL_MSG("accept error: don't have server cert and key"); - ssl->error = NO_PRIVATE_KEY; - WOLFSSL_ERROR(ssl->error); - return SSL_FATAL_ERROR; + (!ssl->buffers.certificate || + !ssl->buffers.certificate->buffer || + !ssl->buffers.key || + !ssl->buffers.key->buffer)) { + WOLFSSL_MSG("accept error: don't have server cert and key"); + ssl->error = NO_PRIVATE_KEY; + WOLFSSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; } #endif @@ -6334,7 +6994,26 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } } #endif /* NO_HANDSHAKE_DONE_CB */ - FreeHandshakeResources(ssl); + + if (!ssl->options.dtls) { + FreeHandshakeResources(ssl); + } +#ifdef WOLFSSL_DTLS + else { + ssl->options.dtlsHsRetain = 1; + } +#endif /* WOLFSSL_DTLS */ + +#ifdef WOLFSSL_SESSION_EXPORT + if (ssl->dtls_export) { + if ((ssl->error = wolfSSL_send_session(ssl)) != 0) { + WOLFSSL_MSG("Export DTLS session error"); + WOLFSSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; + } + } +#endif + WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS); return SSL_SUCCESS; @@ -7415,6 +8094,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } +#ifdef WOLFSSL_TRUST_PEER_CERT + int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, + long sz, int format) + { + WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer"); + + /* sanity check on arguments */ + if (sz < 0 || in == NULL || ctx == NULL) { + return BAD_FUNC_ARG; + } + + if (format == SSL_FILETYPE_PEM) + return ProcessChainBuffer(ctx, in, sz, format, + TRUSTED_PEER_TYPE, NULL); + else + return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, + NULL,NULL,0); + } +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, long sz, int format) { @@ -7447,9 +8148,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const unsigned char* buf, long sz, int format) { - buffer der; + DerBuffer* der = NULL; int ret = 0; - int weOwnDer = 0; word32 pSz = MAX_DH_SIZE; word32 gSz = MAX_DH_SIZE; #ifdef WOLFSSL_SMALL_STACK @@ -7463,8 +8163,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ctx == NULL || buf == NULL) return BAD_FUNC_ARG; - der.buffer = (byte*)buf; - der.length = (word32)sz; + ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap); + if (ret != 0) { + return ret; + } + der->buffer = (byte*)buf; + der->length = (word32)sz; #ifdef WOLFSSL_SMALL_STACK p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -7481,13 +8185,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ret = SSL_BAD_FILETYPE; else { if (format == SSL_FILETYPE_PEM) { - der.buffer = NULL; - ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL); - weOwnDer = 1; + FreeDer(&der); + ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, + NULL, NULL); } if (ret == 0) { - if (wc_DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0) + if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0) ret = SSL_BAD_FILETYPE; else if (ssl) ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); @@ -7496,8 +8200,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } } - if (weOwnDer) - XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY); + FreeDer(&der); #ifdef WOLFSSL_SMALL_STACK XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -7564,31 +8267,29 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return BAD_FUNC_ARG; } - if (ssl->buffers.weOwnCert) { + if (ssl->buffers.weOwnCert && !ssl->keepCert) { WOLFSSL_MSG("Unloading cert"); - XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT); + FreeDer(&ssl->buffers.certificate); + #ifdef KEEP_OUR_CERT + FreeX509(ssl->ourCert); + if (ssl->ourCert) { + XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); + ssl->ourCert = NULL; + } + #endif ssl->buffers.weOwnCert = 0; - ssl->buffers.certificate.length = 0; - ssl->buffers.certificate.buffer = NULL; } if (ssl->buffers.weOwnCertChain) { WOLFSSL_MSG("Unloading cert chain"); - XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT); + FreeDer(&ssl->buffers.certChain); ssl->buffers.weOwnCertChain = 0; - ssl->buffers.certChain.length = 0; - ssl->buffers.certChain.buffer = NULL; } if (ssl->buffers.weOwnKey) { WOLFSSL_MSG("Unloading key"); - if (ssl->buffers.key.buffer) { - ForceZero(ssl->buffers.key.buffer, ssl->buffers.key.length); - } - XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); + FreeDer(&ssl->buffers.key); ssl->buffers.weOwnKey = 0; - ssl->buffers.key.length = 0; - ssl->buffers.key.buffer = NULL; } return SSL_SUCCESS; @@ -7605,6 +8306,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return wolfSSL_CertManagerUnloadCAs(ctx->cm); } + +#ifdef WOLFSSL_TRUST_PEER_CERT + int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx) + { + WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + return wolfSSL_CertManagerUnload_trust_peers(ctx->cm); + } +#endif /* WOLFSSL_TRUST_PEER_CERT */ /* old NO_FILESYSTEM end */ #endif /* !NO_CERTS */ @@ -8074,6 +8787,35 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + /* WOLFSSL_DES_key_schedule is a unsigned char array of size 8 */ + void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, + unsigned char* output, long sz, + WOLFSSL_DES_key_schedule* ks1, + WOLFSSL_DES_key_schedule* ks2, + WOLFSSL_DES_key_schedule* ks3, + WOLFSSL_DES_cblock* ivec, int enc) + { + Des3 des; + byte key[24];/* EDE uses 24 size key */ + + WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt"); + + XMEMSET(key, 0, sizeof(key)); + XMEMCPY(key, *ks1, DES_BLOCK_SIZE); + XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE); + XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE); + + if (enc) { + wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION); + wc_Des3_CbcEncrypt(&des, output, input, (word32)sz); + } + else { + wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION); + wc_Des3_CbcDecrypt(&des, output, input, (word32)sz); + } + } + + /* correctly sets ivec for next call */ void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, unsigned char* output, long length, @@ -8228,7 +8970,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* KEEP_PEER_CERT */ -#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSSL_EXTRA) +#ifndef NO_CERTS +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSL_EXTRA) /* user externally called free X509, if dynamic go ahead with free, otherwise * don't */ @@ -8238,6 +8981,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (x509) { if (x509->dynamicMemory) { FreeX509(x509); + XFREE(x509, NULL, DYNAMIC_TYPE_X509); } else { WOLFSSL_MSG("free called on non dynamic object, not freeing"); } @@ -8254,7 +8998,6 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) ExternalFreeX509(x509); } - /* return the next, if any, altname from the peer cert */ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) { @@ -8529,6 +9272,72 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz); return textSz; } + + int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name, + int nid, int pos) + { + int ret = -1; + + WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID"); + + if (name == NULL) { + return BAD_FUNC_ARG; + } + + /* these index values are already stored in DecodedName + use those when available */ + if (name->fullName.fullName && name->fullName.fullNameLen > 0) { + switch (nid) { + case ASN_COMMON_NAME: + ret = name->fullName.cnIdx; + break; + default: + WOLFSSL_MSG("NID not yet implemented"); + break; + } + } + + WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret); + + (void)pos; + (void)nid; + + return ret; + } + + + WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data( + WOLFSSL_X509_NAME_ENTRY* in) + { + WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data"); + return in->value; + } + + + char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) + { + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data"); + + if (asn) { + return asn->data; + } + else { + return NULL; + } + } + + + int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn) + { + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length"); + + if (asn) { + return asn->length; + } + else { + return 0; + } + } #endif @@ -8610,8 +9419,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (x509 == NULL || outSz == NULL) return NULL; - *outSz = (int)x509->derCert.length; - return x509->derCert.buffer; + *outSz = (int)x509->derCert->length; + return x509->derCert->buffer; } @@ -8825,7 +9634,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFILE file; WOLFSSL_X509* x509 = NULL; - buffer der; + DerBuffer* der = NULL; WOLFSSL_ENTER("wolfSSL_X509_load_certificate"); @@ -8865,9 +9674,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) XFCLOSE(file); - der.buffer = NULL; - der.length = 0; - if (format == SSL_FILETYPE_PEM) { int ecc = 0; #ifdef WOLFSSL_SMALL_STACK @@ -8878,7 +9684,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); @@ -8891,15 +9697,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) info->ctx = NULL; info->consumed = 0; - if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) - { - /* Only time this should fail, and leave `der` with a buffer - is when the Base64 Decode fails. Release `der.buffer` in - that case. */ - if (der.buffer != NULL) { - XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT); - der.buffer = NULL; - } + if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { + FreeDer(&der); } #ifdef WOLFSSL_SMALL_STACK @@ -8907,10 +9706,9 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #endif } else { - der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT); - if (der.buffer != NULL) { - XMEMCPY(der.buffer, fileBuffer, sz); - der.length = (word32)sz; + ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL); + if (ret == 0) { + XMEMCPY(der->buffer, fileBuffer, sz); } } @@ -8919,7 +9717,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) /* At this point we want `der` to have the certificate in DER format */ /* ready to be decoded. */ - if (der.buffer != NULL) { + if (der != NULL && der->buffer != NULL) { #ifdef WOLFSSL_SMALL_STACK DecodedCert* cert = NULL; #else @@ -8932,7 +9730,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) if (cert != NULL) #endif { - InitDecodedCert(cert, der.buffer, der.length, NULL); + InitDecodedCert(cert, der->buffer, der->length, NULL); if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); @@ -8951,7 +9749,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #endif } - XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT); + FreeDer(&der); } return x509; @@ -8961,6 +9759,40 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #endif /* KEEP_PEER_CERT || SESSION_CERTS */ +/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function + KEEP_OUR_CERT is to insure ability for returning ssl certificate */ +#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) +WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) +{ + if (ssl == NULL) { + return NULL; + } + + if (ssl->buffers.weOwnCert) { + if (ssl->ourCert == NULL) { + ssl->ourCert = wolfSSL_X509_d2i(NULL, + ssl->buffers.certificate->buffer, + ssl->buffers.certificate->length); + } + return ssl->ourCert; + } + else { /* if cert not owned get parent ctx cert or return null */ + if (ssl->ctx) { + if (ssl->ctx->ourCert == NULL) { + ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL, + ssl->ctx->certificate->buffer, + ssl->ctx->certificate->length); + } + return ssl->ctx->ourCert; + } + else { + return NULL; + } + } +} +#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ +#endif /* NO_CERTS */ + #ifdef OPENSSL_EXTRA int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, @@ -9365,6 +10197,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + #ifndef NO_DES3 + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: + return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; + #endif #endif #ifndef NO_HC128 #ifndef NO_MD5 @@ -9453,8 +10289,16 @@ const char* wolfSSL_get_cipher(WOLFSSL* ssl) return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); } +/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ +const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) +{ + /* get access to cipher_name_idx in internal.c */ + return wolfSSL_get_cipher_name_internal(ssl); +} #ifdef OPENSSL_EXTRA + + char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len) { (void)cipher; @@ -9464,18 +10308,23 @@ char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len) } +#ifndef NO_SESSION_CACHE + WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) { /* sessions are stored statically, no need for reference count */ return wolfSSL_get_session(ssl); } +#endif /* NO_SESSION_CACHE */ +#ifndef NO_CERTS void wolfSSL_X509_free(WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_X509_free"); ExternalFreeX509(x509); } +#endif /* NO_CERTS */ /* was do nothing */ @@ -9671,26 +10520,32 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, } +#ifndef NO_CERTS int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) { int result = SSL_FATAL_ERROR; WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); - if (store != NULL && store->cm != NULL && x509 != NULL) { - buffer derCert; - derCert.buffer = (byte*)XMALLOC(x509->derCert.length, - NULL, DYNAMIC_TYPE_CERT); - if (derCert.buffer != NULL) { - derCert.length = x509->derCert.length; - /* AddCA() frees the buffer. */ - XMEMCPY(derCert.buffer, - x509->derCert.buffer, x509->derCert.length); - result = AddCA(store->cm, derCert, WOLFSSL_USER_CA, 1); - if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR; + if (store != NULL && store->cm != NULL && x509 != NULL + && x509->derCert != NULL) { + DerBuffer* derCert = NULL; + + result = AllocDer(&derCert, x509->derCert->length, + x509->derCert->type, NULL); + if (result == 0) { + /* AddCA() frees the buffer. */ + XMEMCPY(derCert->buffer, + x509->derCert->buffer, x509->derCert->length); + result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, 1); } } WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result); + + if (result != SSL_SUCCESS) { + result = SSL_FATAL_ERROR; + } + return result; } @@ -9794,14 +10649,15 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) { if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL - && ctx->current_cert != NULL) { + && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, - ctx->current_cert->derCert.buffer, - ctx->current_cert->derCert.length, + ctx->current_cert->derCert->buffer, + ctx->current_cert->derCert->length, SSL_FILETYPE_ASN1); } return SSL_FATAL_ERROR; } +#endif /* NO_CERTS */ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) @@ -9924,6 +10780,66 @@ int wolfSSL_ASN1_TIME_print(WOLFCRYPT_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime } +#if defined(WOLFSSL_MYSQL_COMPATIBLE) +char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len) +{ + struct tm t; + int idx = 0; + int format; + int dateLen; + byte* date = (byte*)time; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string"); + + if (time == NULL || buf == NULL || len < 5) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + format = *date; date++; + dateLen = *date; date++; + if (dateLen > len) { + return "error"; + } + + if (!ExtractDate(date, format, &t, &idx)) { + return "error"; + } + + if (date[idx] != 'Z') { + WOLFSSL_MSG("UTCtime, not Zulu") ; + return "Not Zulu"; + } + + /* place month in buffer */ + buf[0] = '\0'; + switch(t.tm_mon) { + case 0: XSTRNCAT(buf, "Jan ", 4); break; + case 1: XSTRNCAT(buf, "Feb ", 4); break; + case 2: XSTRNCAT(buf, "Mar ", 4); break; + case 3: XSTRNCAT(buf, "Apr ", 4); break; + case 4: XSTRNCAT(buf, "May ", 4); break; + case 5: XSTRNCAT(buf, "Jun ", 4); break; + case 6: XSTRNCAT(buf, "Jul ", 4); break; + case 7: XSTRNCAT(buf, "Aug ", 4); break; + case 8: XSTRNCAT(buf, "Sep ", 4); break; + case 9: XSTRNCAT(buf, "Oct ", 4); break; + case 10: XSTRNCAT(buf, "Nov ", 4); break; + case 11: XSTRNCAT(buf, "Dec ", 4); break; + default: + return "error"; + + } + idx = 4; /* use idx now for char buffer */ + buf[idx] = ' '; + + XSNPRINTF(buf + idx, len - idx, "%2d %02d:%02d:%02d %d GMT", + t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, t.tm_year + 1900); + + return buf; +} +#endif /* WOLFSSL_MYSQL_COMPATIBLE */ + int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b) @@ -10103,14 +11019,16 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) { - (void)myDes; - (void)key; + if (myDes != NULL && key != NULL) { + XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock)); + } } void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) { (void)myDes; + WOLFSSL_STUB("wolfSSL_DES_set_odd_parity"); } @@ -10121,11 +11039,11 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, (void)desb; (void)key; (void)len; + WOLFSSL_STUB("wolfSSL_DES_ecb_encrypt"); } #endif /* NO_DES3 */ - int wolfSSL_ASN1_UTCTIME_print(WOLFCRYPT_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) { (void)bio; @@ -10242,11 +11160,10 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) XFILE file = XBADFILE; long sz = 0; int eccKey = 0; - WOLFSSL_CTX* ctx = ssl->ctx; - WOLFSSL_X509* peer_cert = &ssl->peerCert; - buffer fileDer; + WOLFSSL_CTX* ctx = ssl->ctx; + WOLFSSL_X509* peer_cert = &ssl->peerCert; + DerBuffer* fileDer = NULL; - fileDer.buffer = 0; file = XFOPEN(fname, "rb"); if (file == XBADFILE) return SSL_BAD_FILE; @@ -10278,10 +11195,10 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) (XFREAD(myBuffer, sz, 1, file) > 0) && (PemToDer(myBuffer, sz, CERT_TYPE, &fileDer, ctx->heap, info, &eccKey) == 0) && - (fileDer.length != 0) && - (fileDer.length == peer_cert->derCert.length) && - (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer, - fileDer.length) == 0)) + (fileDer->length != 0) && + (fileDer->length == peer_cert->derCert->length) && + (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer, + fileDer->length) == 0)) { ret = 0; } @@ -10291,7 +11208,8 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) #endif } - XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT); + FreeDer(&fileDer); + if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); @@ -12498,7 +13416,6 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) } - void* wolfSSL_EVP_X_STATE(const WOLFCRYPT_EVP_CIPHER_CTX* ctx) { WOLFSSL_MSG("wolfSSL_EVP_X_STATE"); @@ -12542,7 +13459,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFCRYPT_EVP_CIPHER_CTX* ctx) #ifndef NO_DES3 void wolfSSL_3des_iv(WOLFCRYPT_EVP_CIPHER_CTX* ctx, int doset, - unsigned char* iv, int len) + unsigned char* iv, int len) { (void)len; @@ -12565,7 +13482,7 @@ void wolfSSL_3des_iv(WOLFCRYPT_EVP_CIPHER_CTX* ctx, int doset, #ifndef NO_AES void wolfSSL_aes_ctr_iv(WOLFCRYPT_EVP_CIPHER_CTX* ctx, int doset, - unsigned char* iv, int len) + unsigned char* iv, int len) { (void)len; @@ -12704,7 +13621,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, unsigned char **pem, int *plen) { - byte *der, *tmp, *cipherInfo = NULL; + byte *derBuf, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey"); @@ -12728,17 +13645,17 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, */ der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; - der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; } /* Key to DER */ - derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, der, der_max_len); + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_RsaKeyToDer failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } @@ -12746,11 +13663,11 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, if (passwd != NULL && passwdSz > 0 && cipher != NULL) { int ret; - ret = EncryptDerKey(der, &derSz, cipher, + ret = EncryptDerKey(derBuf, &derSz, cipher, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -12764,23 +13681,23 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } /* DER to PEM */ - *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE); + *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -13488,16 +14405,12 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) switch(group->curve_nid) { case NID_X9_62_prime256v1: return 256; - break; case NID_secp384r1: return 384; - break; case NID_secp521r1: return 521; - break; default : return SSL_FAILURE; - break; } } @@ -14087,7 +15000,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, unsigned char* passwd, int passwdSz, unsigned char **pem, int *plen) { - byte *der, *tmp, *cipherInfo = NULL; + byte *derBuf, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey"); @@ -14110,17 +15023,17 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, */ der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE; - der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; } /* Key to DER */ - derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, der, der_max_len); + derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } @@ -14128,11 +15041,11 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, if (passwd != NULL && passwdSz > 0 && cipher != NULL) { int ret; - ret = EncryptDerKey(der, &derSz, cipher, + ret = EncryptDerKey(derBuf, &derSz, cipher, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -14146,23 +15059,23 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } /* DER to PEM */ - *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE); + *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -14262,7 +15175,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, unsigned char* passwd, int passwdSz, unsigned char **pem, int *plen) { - byte *der, *tmp, *cipherInfo = NULL; + byte *derBuf, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey"); @@ -14285,17 +15198,17 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, */ der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; - der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; } /* Key to DER */ - derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, der, der_max_len); + derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } @@ -14303,11 +15216,11 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, if (passwd != NULL && passwdSz > 0 && cipher != NULL) { int ret; - ret = EncryptDerKey(der, &derSz, cipher, + ret = EncryptDerKey(derBuf, &derSz, cipher, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -14321,23 +15234,23 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } /* DER to PEM */ - *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE); + *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); return SSL_FAILURE; } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (cipherInfo != NULL) XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -14501,19 +15414,19 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* NO_FILESYSTEM */ /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ -int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) +int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { word32 idx = 0; int ret; WOLFSSL_ENTER("wolfSSL_RSA_LoadDer"); - if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) { + if (rsa == NULL || rsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); return SSL_FATAL_ERROR; } - ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz); + ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); if (ret < 0) { WOLFSSL_MSG("RsaPrivateKeyDecode failed"); return SSL_FATAL_ERROR; @@ -14533,19 +15446,19 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) #ifndef NO_DSA /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ -int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) +int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz) { word32 idx = 0; int ret; WOLFSSL_ENTER("wolfSSL_DSA_LoadDer"); - if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) { + if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); return SSL_FATAL_ERROR; } - ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz); + ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz); if (ret < 0) { WOLFSSL_MSG("DsaPrivateKeyDecode failed"); return SSL_FATAL_ERROR; @@ -14565,19 +15478,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) #ifdef HAVE_ECC /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, - const unsigned char* der, int derSz) + const unsigned char* derBuf, int derSz) { word32 idx = 0; int ret; WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer"); - if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) { + if (key == NULL || key->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); return SSL_FATAL_ERROR; } - ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz); + ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, derSz); if (ret < 0) { WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); return SSL_FATAL_ERROR; @@ -14938,7 +15851,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/ -#ifdef HAVE_LIGHTY +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { @@ -14967,6 +15880,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } + WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) { + WOLFSSL_ENTER("wolfSSL_BIO_s_file"); + WOLFSSL_STUB("wolfSSL_BIO_s_file"); + + return NULL; + } + const char * wolf_OBJ_nid2sn(int n) { (void)n; WOLFSSL_ENTER("wolf_OBJ_nid2sn"); @@ -15036,20 +15956,44 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) { + WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( + WOLFSSL_X509_NAME *name, int loc) { + + int maxLoc = name->fullName.fullNameLen; + + WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); + + if (loc < 0 || loc > maxLoc) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + /* common name index case */ + if (loc == name->fullName.cnIdx) { + /* get CN shortcut from x509 since it has null terminator */ + name->cnEntry.data.data = name->x509->subjectCN; + name->cnEntry.data.length = name->fullName.cnLen; + name->cnEntry.data.type = ASN_COMMON_NAME; + name->cnEntry.set = 1; + return &(name->cnEntry); + } + + /* additionall cases to check for go here */ + + WOLFSSL_MSG("Entry not found or implemented"); (void)name; (void)loc; - WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); - WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry"); return NULL; } +#ifndef NO_CERTS void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name); WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); WOLFSSL_STUB("wolfSSL_X509_NAME_free"); } +#endif /* NO_CERTS */ void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){ (void) sk; @@ -15075,7 +16019,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } -#endif +#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */ #endif @@ -15172,7 +16116,8 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #endif /* OPENSSL_EXTRA */ -#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) +#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) char * wolf_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolf_OBJ_nid2ln"); @@ -15255,7 +16200,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } #endif /* NO_DH */ -#endif /* HAVE_LIGHTY || HAVE_STUNNEL */ +#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ /* stunnel compatibility functions*/ @@ -15277,6 +16222,7 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) return SSL_FAILURE; } + int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, CRYPTO_free_func* cb3) { @@ -15579,6 +16525,7 @@ int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) } +#ifndef NO_WOLFSSL_SERVER const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) { void * serverName = NULL; @@ -15587,6 +16534,7 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) TLSX_SNI_GetRequest(ssl->extensions, type, &serverName); return (const char *)serverName; } +#endif /* NO_WOLFSSL_SERVER */ #endif /* HAVE_SNI */ @@ -16053,6 +17001,120 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl) #endif /* WOLFSSL_JNI */ +#ifdef HAVE_WOLF_EVENT +static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) +{ + WOLF_EVENT* event, *event_prev = NULL; + int count = 0, ret = SSL_ERROR_NONE; + + if (ctx == NULL || maxEvents <= 0) { + return BAD_FUNC_ARG; + } + + /* Events arg can be NULL only if peek */ + if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) { + return BAD_FUNC_ARG; + } + +#ifndef SINGLE_THREADED + /* In single threaded mode "event_queue.lock" doesn't exist */ + if (LockMutex(&ctx->event_queue.lock) != 0) { + return BAD_MUTEX_E; + } +#endif + + /* Itterate event queue */ + for (event = ctx->event_queue.head; event != NULL; event = event->next) + { + byte removeEvent = 0; + + /* Optionally filter by ssl object pointer */ + if (ssl == NULL || (ssl == event->ssl)) { + if (flags & WOLF_POLL_FLAG_PEEK) { + if (events) { + /* Copy event data to provided buffer */ + XMEMCPY(&events[count], event, sizeof(WOLF_EVENT)); + } + count++; + } + else { + /* Check hardware */ + if (flags & WOLF_POLL_FLAG_CHECK_HW) { + #ifdef WOLFSSL_ASYNC_CRYPT + if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && + event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) + { + ret = wolfSSL_async_poll(event, flags); + } + #endif /* WOLFSSL_ASYNC_CRYPT */ + } + + /* If event is done then return in 'events' argument */ + if (event->done) { + /* Copy event data to provided buffer */ + XMEMCPY(&events[count], event, sizeof(WOLF_EVENT)); + count++; + removeEvent = 1; + } + } + } + + if (removeEvent) { + /* Remove from queue list */ + if (event_prev == NULL) { + ctx->event_queue.head = event->next; + if (ctx->event_queue.head == NULL) { + ctx->event_queue.tail = NULL; + } + } + else { + event_prev->next = event->next; + } + } + else { + /* Leave in queue, save prev pointer */ + event_prev = event; + } + + /* Check to make sure our event list isn't full */ + if (events && count >= maxEvents) { + break; /* Exit for */ + } + + /* Check for error */ + if (ret < 0) { + break; /* Exit for */ + } + } + +#ifndef SINGLE_THREADED + UnLockMutex(&ctx->event_queue.lock); +#endif + + /* Return number of properly populated events */ + if (eventCount) { + *eventCount = count; + } + + return ret; +} + +int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) +{ + return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount); +} + +int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) +{ + return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags, + eventCount); +} + +#endif /* HAVE_WOLF_EVENT */ + #ifdef OPENSSL_EXTRA typedef struct { diff --git a/src/tls.c b/src/tls.c index 7356aff06..3b6e0a879 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,8 +1,8 @@ /* tls.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -3400,13 +3402,13 @@ static void TLSX_QSHAgreement(TLSX** extensions) { TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); QSHScheme* format = NULL; - QSHScheme* delete = NULL; + QSHScheme* del = NULL; QSHScheme* prev = NULL; if (extension == NULL) return; - format = extension->data; + format = (QSHScheme*)extension->data; while (format) { if (format->PKLen == 0) { /* case of head */ @@ -3415,10 +3417,10 @@ static void TLSX_QSHAgreement(TLSX** extensions) } if (prev) prev->next = format->next; - delete = format; + del = format; format = format->next; - XFREE(delete, 0, DYNAMIC_TYPE_TMP_ARRAY); - delete = NULL; + XFREE(del, 0, DYNAMIC_TYPE_TMP_ARRAY); + del = NULL; } else { prev = format; format = format->next; @@ -3866,7 +3868,7 @@ void TLSX_FreeAll(TLSX* list) break; case TLSX_QUANTUM_SAFE_HYBRID: - QSH_FREE_ALL(extension->data); + QSH_FREE_ALL((QSHScheme*)extension->data); break; case TLSX_APPLICATION_LAYER_PROTOCOL: @@ -3941,7 +3943,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) break; case TLSX_QUANTUM_SAFE_HYBRID: - length += QSH_GET_SIZE(extension->data, isRequest); + length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest); break; case TLSX_APPLICATION_LAYER_PROTOCOL: @@ -4023,9 +4025,9 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, case TLSX_QUANTUM_SAFE_HYBRID: if (isRequest) { - offset += QSH_WRITE(extension->data, output + offset); + offset += QSH_WRITE((QSHScheme*)extension->data, output + offset); } - offset += QSHPK_WRITE(extension->data, output + offset); + offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset); offset += QSH_SERREQ(output + offset, isRequest); break; @@ -4102,6 +4104,8 @@ static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type) static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) { + QSHKey* current; + if (key == NULL) return BAD_FUNC_ARG; @@ -4110,7 +4114,7 @@ static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) return 0; /* first element to be added to the list */ - QSHKey* current = *list; + current = *list; if (current == NULL) { *list = key; return 0; diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 04ceb5ed9..5e7757bde 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,8 +1,8 @@ /* snifftest.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -312,8 +313,8 @@ int main(int argc, char** argv) } if (ret > 0) { data[ret] = 0; - printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data); - ssl_FreeDecodeBuffer(&data, err); + printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data); + ssl_FreeZeroDecodeBuffer(&data, ret, err); } } else if (saveFile) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 30e8eba24..2c05e7b70 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.8.1 +Version: 3.9.1 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/swig/wolfssl.i b/swig/wolfssl.i index ca1492269..d46134177 100644 --- a/swig/wolfssl.i +++ b/swig/wolfssl.i @@ -1,8 +1,8 @@ /* wolfssl.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + %module wolfssl %{ #include diff --git a/swig/wolfssl_adds.c b/swig/wolfssl_adds.c index 00267c926..13bfbdbcc 100644 --- a/swig/wolfssl_adds.c +++ b/swig/wolfssl_adds.c @@ -1,8 +1,8 @@ /* wolfssl_adds.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -168,7 +169,8 @@ int wolfSSL_swig_connect(WOLFSSL* ssl, const char* server, int port) int ret = tcp_connect(&sockfd, server, port); if (ret != 0) return ret; - wolfSSL_set_fd(ssl, sockfd); + ret = wolfSSL_set_fd(ssl, sockfd); + if (ret != SSL_SUCCESS) return ret; return wolfSSL_connect(ssl); } diff --git a/tests/api.c b/tests/api.c index 7f4dd4ba8..b6954cd90 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,8 +1,8 @@ /* api.c API unit tests * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /*----------------------------------------------------------------------------* | Includes *----------------------------------------------------------------------------*/ @@ -39,6 +40,10 @@ #include #include +#ifdef OPENSSL_EXTRA + #include +#endif + /* enable testing buffer load functions */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 @@ -58,7 +63,13 @@ static const char* passed = "passed"; static const char* failed = "failed"; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) -static const char* bogusFile = "/dev/null"; + static const char* bogusFile = + #ifdef _WIN32 + "NUL" + #else + "/dev/null" + #endif + ; #endif /*----------------------------------------------------------------------------* @@ -212,6 +223,57 @@ static void test_wolfSSL_CTX_use_PrivateKey_file(void) } +/* test both file and buffer versions along with unloading trusted peer certs */ +static void test_wolfSSL_CTX_trust_peer_cert(void) +{ +#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) + WOLFSSL_CTX *ctx; + + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + +#if !defined(NO_FILESYSTEM) + /* invalid file */ + assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL, + SSL_FILETYPE_PEM) != SSL_SUCCESS); + assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, + SSL_FILETYPE_PEM) != SSL_SUCCESS); + assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCert, + SSL_FILETYPE_ASN1) != SSL_SUCCESS); + + /* success */ + assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCert, SSL_FILETYPE_PEM) + == SSL_SUCCESS); + + /* unload cert */ + assert(wolfSSL_CTX_Unload_trust_peers(NULL) != SSL_SUCCESS); + assert(wolfSSL_CTX_Unload_trust_peers(ctx) == SSL_SUCCESS); +#endif + + /* Test of loading certs from buffers */ + + /* invalid buffer */ + assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, + SSL_FILETYPE_ASN1) != SSL_SUCCESS); + + /* success */ +#ifdef USE_CERT_BUFFERS_1024 + assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, + sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1) == SSL_SUCCESS); +#endif +#ifdef USE_CERT_BUFFERS_2048 + assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) == SSL_SUCCESS); +#endif + + /* unload cert */ + assert(wolfSSL_CTX_Unload_trust_peers(NULL) != SSL_SUCCESS); + assert(wolfSSL_CTX_Unload_trust_peers(ctx) == SSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif +} + + static void test_wolfSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) @@ -308,7 +370,9 @@ static void test_server_wolfSSL_new(void) /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); +#ifndef WOLFSSL_SESSION_EXPORT AssertNull(ssl = wolfSSL_new(ctx_nocert)); +#endif /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); @@ -430,11 +494,39 @@ static void test_wolfSSL_SetTmpDH_buffer(void) /* helper functions */ #ifdef HAVE_IO_TESTS_DEPENDENCIES +#ifdef WOLFSSL_SESSION_EXPORT +/* set up function for sending session information */ +static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) +{ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + AssertNotNull(inSsl); + AssertNotNull(buf); + AssertIntNE(0, sz); + + /* Set ctx to DTLS 1.2 */ + ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); + AssertNotNull(ctx); + + ssl = wolfSSL_new(ctx); + AssertNotNull(ssl); + + AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + (void)userCtx; + return SSL_SUCCESS; +} +#endif + + static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; - word16 port = wolfSSLPort; + word16 port; WOLFSSL_METHOD* method = 0; WOLFSSL_CTX* ctx = 0; @@ -452,10 +544,16 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) method = wolfSSLv23_server_method(); ctx = wolfSSL_CTX_new(method); -#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ - !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ - !defined(WOLFSSL_TIRTOS) +#if defined(USE_WINDOWS_API) + /* Generate random port for testing */ + port = GetRandomPort(); +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ port = 0; +#else + /* Use default port */ + port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, @@ -489,7 +587,10 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 1); CloseSocket(sockfd); - wolfSSL_set_fd(ssl, clientfd); + if (wolfSSL_set_fd(ssl, clientfd) != SSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) @@ -598,7 +699,11 @@ static void test_client_nofail(void* args) ssl = wolfSSL_new(ctx); tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl); - wolfSSL_set_fd(ssl, sockfd); + if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done2; + } + if (wolfSSL_connect(ssl) != SSL_SUCCESS) { int err = wolfSSL_get_error(ssl, 0); @@ -620,8 +725,6 @@ static void test_client_nofail(void* args) reply[input] = 0; printf("Server response: %s\n", reply); } - else - printf("wolfSSL_read failed"); done2: wolfSSL_free(ssl); @@ -1218,8 +1321,9 @@ done2: #endif /* OPENSSL_EXTRA */ -/* SNI / ALPN helper functions */ -#if defined(HAVE_SNI) || defined(HAVE_ALPN) + +/* SNI / ALPN / session export helper functions */ +#if defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLFSSL_SESSION_EXPORT) static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { @@ -1229,7 +1333,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; - word16 port = wolfSSLPort; + word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); @@ -1241,10 +1345,16 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) #endif ((func_args*)args)->return_code = TEST_FAIL; -#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ - !defined(WOLFSSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ - !defined(WOLFSSL_TIRTOS) +#if defined(USE_WINDOWS_API) + /* Generate random port for testing */ + port = GetRandomPort(); +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ port = 0; +#else + /* Use default port */ + port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, @@ -1253,6 +1363,9 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) #ifdef OPENSSL_EXTRA wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif +#ifdef WOLFSSL_SESSION_EXPORT + AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export)); +#endif AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCert, 0)); @@ -1267,11 +1380,23 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); + if (wolfSSL_dtls(ssl)) { + SOCKADDR_IN_T cliAddr; + socklen_t cliLen; - tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1); - CloseSocket(sfd); + cliLen = sizeof(cliAddr); + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0); + idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK, + (struct sockaddr*)&cliAddr, &cliLen); + AssertIntGT(idx, 0); + wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); + } + else { + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1); + CloseSocket(sfd); + } - wolfSSL_set_fd(ssl, cfd); + AssertIntEQ(SSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) @@ -1297,6 +1422,20 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); +#if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) + if (wolfSSL_dtls(ssl)) { + byte* import; + word32 sz; + + wolfSSL_dtls_export(ssl, NULL, &sz); + import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(import); + idx = wolfSSL_dtls_export(ssl, import, &sz); + AssertIntGE(idx, 0); + AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0); + XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif #ifdef WOLFSSL_TIRTOS Task_yield(); #endif @@ -1362,8 +1501,13 @@ static void run_wolfssl_client(void* args) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); - tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl); - wolfSSL_set_fd(ssl, sfd); + if (wolfSSL_dtls(ssl)) { + tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, ssl); + } + else { + tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl); + } + AssertIntEQ(SSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); @@ -1395,7 +1539,8 @@ static void run_wolfssl_client(void* args) #endif } -#endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) */ +#endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) || + defined(WOLFSSL_SESSION_EXPORT) */ #endif /* io tests dependencies */ @@ -1453,10 +1598,10 @@ static void test_wolfSSL_read_write(void) #endif } -#if defined(OPENSSL_EXTRA) static void test_wolfSSL_read_write_bio(void) { +#if defined(OPENSSL_EXTRA) #ifdef HAVE_IO_TESTS_DEPENDENCIES /* The unit testing for read and write shall happen simutaneously, since * one can't do anything with one without the other. (Except for a failure @@ -1506,11 +1651,13 @@ static void test_wolfSSL_read_write_bio(void) fdOpenSession(Task_self()); #endif -#endif +#endif /* HAVE_IO_TESTS_DEPENDENCIES */ +#endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_read_write_bio_full(void) { +#if defined(OPENSSL_EXTRA) #ifdef TEST_IPV6 /* nothing to do */ #else @@ -1565,10 +1712,12 @@ static void test_wolfSSL_read_write_bio_full(void) #endif /* HAVE_IO_TESTS_DEPENDENCIES */ #endif /* TEST_IPV6 */ +#endif /* OPENSSL_EXTRA */ } static void test_wolfSSL_read_write_bio_ssl(void) { +#if defined(OPENSSL_EXTRA) #ifdef HAVE_IO_TESTS_DEPENDENCIES /* The unit testing for read and write shall happen simutaneously, since * one can't do anything with one without the other. (Except for a failure @@ -1619,9 +1768,54 @@ static void test_wolfSSL_read_write_bio_ssl(void) #endif #endif /* HAVE_IO_TESTS_DEPENDENCIES */ +#endif /* OPENSSL_EXTRA */ } -#endif /* OPENSSL_EXTRA */ + +static void test_wolfSSL_dtls_export(void) +{ +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ + defined(WOLFSSL_SESSION_EXPORT) + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions server_cbf; + callback_functions client_cbf; +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + InitTcpReady(&ready); + + /* set using dtls */ + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + server_cbf.method = wolfDTLSv1_2_server_method; + client_cbf.method = wolfDTLSv1_2_client_method; + server_args.callbacks = &server_cbf; + client_args.callbacks = &client_cbf; + + server_args.signal = &ready; + client_args.signal = &ready; + + start_thread(run_wolfssl_server, &server_args, &serverThread); + wait_tcp_ready(&server_args); + run_wolfssl_client(&client_args); + join_thread(serverThread); + + AssertTrue(client_args.return_code); + AssertTrue(server_args.return_code); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + printf(testingFmt, "wolfSSL_dtls_export()"); + printf(resultFmt, passed); +#endif +} /*----------------------------------------------------------------------------* | TLS extensions tests @@ -2339,6 +2533,54 @@ static void test_wolfSSL_UseALPN(void) #endif } +/*----------------------------------------------------------------------------* + | X509 Tests + *----------------------------------------------------------------------------*/ +static void test_wolfSSL_X509_NAME_get_entry(void) +{ +#ifndef NO_CERTS +#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \ + && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) + printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); + + { + /* use openssl like name to test mapping */ + X509_NAME_ENTRY* ne = NULL; + X509_NAME* name = NULL; + char* subCN = NULL; + X509* x509; + ASN1_STRING* asn; + int idx; + + #ifndef NO_FILESYSTEM + x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); + AssertNotNull(x509); + + name = X509_get_subject_name(x509); + + idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); + AssertIntGE(idx, 0); + + ne = X509_NAME_get_entry(name, idx); + AssertNotNull(ne); + + asn = X509_NAME_ENTRY_get_data(ne); + AssertNotNull(asn); + + subCN = (char*)ASN1_STRING_data(asn); + AssertNotNull(subCN); + + wolfSSL_FreeX509(x509); + #endif + + } + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +#endif /* !NO_CERTS */ +} + + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -2353,6 +2595,7 @@ void ApiTest(void) test_wolfSSL_CTX_use_certificate_file(); test_wolfSSL_CTX_use_PrivateKey_file(); test_wolfSSL_CTX_load_verify_locations(); + test_wolfSSL_CTX_trust_peer_cert(); test_wolfSSL_CTX_SetTmpDH_file(); test_wolfSSL_CTX_SetTmpDH_buffer(); test_server_wolfSSL_new(); @@ -2361,11 +2604,12 @@ void ApiTest(void) test_wolfSSL_SetTmpDH_buffer(); test_wolfSSL_read_write(); -#if defined(OPENSSL_EXTRA) + /* BIO tests */ test_wolfSSL_read_write_bio_full(); test_wolfSSL_read_write_bio(); test_wolfSSL_read_write_bio_ssl(); -#endif + + test_wolfSSL_dtls_export(); /* TLS extensions tests */ test_wolfSSL_UseSNI(); @@ -2374,6 +2618,9 @@ void ApiTest(void) test_wolfSSL_UseSupportedCurve(); test_wolfSSL_UseALPN(); + /* X509 tests */ + test_wolfSSL_X509_NAME_get_entry(); + test_wolfSSL_Cleanup(); printf(" End API Tests\n"); } diff --git a/tests/hash.c b/tests/hash.c index e28a71a03..4cf19d8bb 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,8 +1,8 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/tests/include.am b/tests/include.am index e0a82a405..63768e663 100644 --- a/tests/include.am +++ b/tests/include.am @@ -3,7 +3,7 @@ # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_TESTS check_PROGRAMS += tests/unit.test noinst_PROGRAMS += tests/unit.test tests_unit_test_SOURCES = \ diff --git a/tests/srp.c b/tests/srp.c index ac92bf9f8..3314a69b6 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -1,24 +1,25 @@ /* srp.c SRP unit tests * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU Geteral Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Geteral Public License for more details. + * GNU General Public License for more details. * - * You should have received a copy of the GNU Geteral Public License + * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/tests/suites.c b/tests/suites.c index 4a16770e6..a330c608d 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,8 +1,8 @@ /* suites.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -473,7 +474,7 @@ int SuiteTest(void) cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); - exit(EXIT_FAILURE); + exit(EXIT_FAILURE); } /* default case */ @@ -482,7 +483,7 @@ int SuiteTest(void) test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); - exit(EXIT_FAILURE); + exit(EXIT_FAILURE); } /* any extra cases will need another argument */ @@ -499,6 +500,7 @@ int SuiteTest(void) } #endif #ifndef WC_STRICT_SIG +#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */ /* add extra signature test suites */ strcpy(argv0[1], "tests/test-sig.conf"); printf("starting sig extra cipher suite tests\n"); @@ -507,7 +509,8 @@ int SuiteTest(void) printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } -#endif +#endif /* HAVE_RSA and HAVE_ECC */ +#endif /* !WC_STRICT_SIG */ #ifdef HAVE_QSH /* add QSH extra suites */ strcpy(argv0[1], "tests/test-qsh.conf"); diff --git a/tests/test.conf b/tests/test.conf index 1bd560de9..40beed1cc 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1126,6 +1126,22 @@ -v 2 -l DHE-RSA-AES256-SHA256 +# server TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# server TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA diff --git a/tests/unit.c b/tests/unit.c index 41ee8a1d4..4b64d1082 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -1,8 +1,8 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Name change compatibility layer no longer need to be included here */ #ifdef HAVE_CONFIG_H @@ -59,6 +60,11 @@ int unit_test(int argc, char** argv) err_sys("Cavium OpenNitroxDevice failed"); #endif /* HAVE_CAVIUM */ +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) + err_sys("Whitewood netRandom global config failed"); +#endif /* HAVE_WNR */ + #ifndef WOLFSSL_TIRTOS ChangeToWolfRoot(); #endif @@ -83,6 +89,11 @@ int unit_test(int argc, char** argv) CspShutdown(CAVIUM_DEV_ID); #endif +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + return 0; } @@ -151,6 +162,7 @@ void join_thread(THREAD_TYPE thread) assert(res == WAIT_OBJECT_0); res = CloseHandle((HANDLE)thread); assert(res); + (void)res; /* Suppress un-used variable warning */ #endif } diff --git a/tests/unit.h b/tests/unit.h index 1a038a21f..c28afe1d7 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -1,8 +1,8 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef CyaSSL_UNIT_H #define CyaSSL_UNIT_H diff --git a/testsuite/include.am b/testsuite/include.am index 86b6f9784..ed2604427 100644 --- a/testsuite/include.am +++ b/testsuite/include.am @@ -3,7 +3,7 @@ # All paths should be given relative to the root -if BUILD_EXAMPLES +if BUILD_TESTS check_PROGRAMS += testsuite/testsuite.test noinst_PROGRAMS += testsuite/testsuite.test testsuite_testsuite_test_SOURCES = \ diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index cb063d75c..c342609fa 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,8 +1,8 @@ /* testsuite.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -89,6 +90,13 @@ int testsuite_test(int argc, char** argv) err_sys("Cavium OpenNitroxDevice failed"); #endif /* HAVE_CAVIUM */ +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) { + err_sys("Whitewood netRandom global config failed"); + return -1237; + } +#endif /* HAVE_WNR */ + StartTCP(); server_args.argc = argc; @@ -199,6 +207,12 @@ int testsuite_test(int argc, char** argv) #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + printf("\nAll tests passed!\n"); return EXIT_SUCCESS; } @@ -331,6 +345,7 @@ void join_thread(THREAD_TYPE thread) assert(res == WAIT_OBJECT_0); res = CloseHandle((HANDLE)thread); assert(res); + (void)res; /* Suppress un-used variable warning */ #endif } diff --git a/wnr-example.conf b/wnr-example.conf new file mode 100644 index 000000000..c460e22f5 --- /dev/null +++ b/wnr-example.conf @@ -0,0 +1,40 @@ +# Example netRandom client library configuration file +# +# This uses /dev/urandom for the seed, but could also +# be set up to use a network entropy source + +version = "1.0"; + +WnrClient: +{ + dir: + { + working = "/var/run/wnrentropy"; + socket = "/var/run/wnrentropy"; + }; + + drbg: + { + type = "SHA256"; + security_strength = 256; + reseed_interval = 1; + }; + + source: + { + seed = { + type = "FILEPATH"; + path = "/dev/urandom"; + }; + stream = { + type = "FILEPATH"; + path = "/dev/urandom"; + }; + }; + + buffer: + { + size = 8192; + threshold = 7168; + }; +}; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c3e875460..6768def47 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1,8 +1,8 @@ /* benchmark.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* wolfCrypt benchmark */ @@ -83,6 +84,11 @@ #ifdef HAVE_NTRU #include "libntruencrypt/ntru_crypto.h" #endif +#include + +#ifdef HAVE_WNR + const char* wnrConfigFile = "wnr-example.conf"; +#endif #if defined(WOLFSSL_MDK_ARM) extern FILE * wolfSSL_fopen(const char *fname, const char *mode) ; @@ -118,7 +124,7 @@ #ifdef HAVE_BLAKE2 #include void bench_blake2(void); -#endif +#endif #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ @@ -127,6 +133,10 @@ #include "wolfcrypt/benchmark/benchmark.h" +#ifdef USE_WOLFSSL_MEMORY + #include "wolfssl/wolfcrypt/mem_track.h" +#endif + void bench_des(void); void bench_idea(void); void bench_arc4(void); @@ -154,11 +164,16 @@ void bench_dh(void); #ifdef HAVE_ECC void bench_eccKeyGen(void); void bench_eccKeyAgree(void); + #ifdef HAVE_ECC_ENCRYPT + void bench_eccEncrypt(void); + #endif #endif #ifdef HAVE_CURVE25519 -void bench_curve25519KeyGen(void); -void bench_curve25519KeyAgree(void); -#endif + void bench_curve25519KeyGen(void); + #ifdef HAVE_CURVE25519_SHARED_SECRET + void bench_curve25519KeyAgree(void); + #endif /* HAVE_CURVE25519_SHARED_SECRET */ +#endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED25519 void bench_ed25519KeyGen(void); void bench_ed25519KeySign(void); @@ -167,6 +182,7 @@ void bench_ed25519KeySign(void); void bench_ntru(void); void bench_ntruKeyGen(void); #endif +void bench_rng(void); double current_time(int); @@ -199,7 +215,8 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif #if !defined(NO_RSA) || !defined(NO_DH) \ - || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) + || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) \ + || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #define HAVE_LOCAL_RNG static WC_RNG rng; #endif @@ -244,11 +261,15 @@ int main(int argc, char** argv) (void)argc; (void)argv; #else -int benchmark_test(void *args) +int benchmark_test(void *args) { (void)args; #endif +#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY) + InitMemoryTracker(); +#endif + wolfCrypt_Init(); #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) @@ -268,6 +289,13 @@ int benchmark_test(void *args) } #endif /* HAVE_CAVIUM */ + #ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { + printf("Whitewood netRandom config init failed\n"); + exit(-1); + } + #endif /* HAVE_WNR */ + #if defined(HAVE_LOCAL_RNG) { int rngRet = wc_InitRng(&rng); @@ -278,21 +306,23 @@ int benchmark_test(void *args) } #endif + bench_rng(); #ifndef NO_AES +#ifdef HAVE_AES_CBC bench_aes(0); bench_aes(1); #endif #ifdef HAVE_AESGCM bench_aesgcm(); #endif - #ifdef WOLFSSL_AES_COUNTER bench_aesctr(); #endif - #ifdef HAVE_AESCCM bench_aesccm(); #endif +#endif /* !NO_AES */ + #ifdef HAVE_CAMELLIA bench_camellia(); #endif @@ -317,7 +347,7 @@ int benchmark_test(void *args) #ifdef HAVE_IDEA bench_idea(); #endif - + printf("\n"); #ifndef NO_MD5 @@ -367,6 +397,9 @@ int benchmark_test(void *args) #ifdef HAVE_ECC bench_eccKeyGen(); bench_eccKeyAgree(); + #ifdef HAVE_ECC_ENCRYPT + bench_eccEncrypt(); + #endif #if defined(FP_ECC) wc_ecc_fp_free(); #endif @@ -374,7 +407,9 @@ int benchmark_test(void *args) #ifdef HAVE_CURVE25519 bench_curve25519KeyGen(); - bench_curve25519KeyAgree(); + #ifdef HAVE_CURVE25519_SHARED_SECRET + bench_curve25519KeyAgree(); + #endif #endif #ifdef HAVE_ED25519 @@ -386,6 +421,17 @@ int benchmark_test(void *args) wc_FreeRng(&rng); #endif +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) { + printf("Failed to free netRandom context\n"); + exit(-1); + } +#endif + +#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY) + ShowMemoryTracker(); +#endif + return 0; } @@ -408,9 +454,66 @@ enum BenchmarkBounds { static const char blockType[] = "megs"; /* used in printf output */ #endif +void bench_rng(void) +{ + int ret, i; + double start, total, persec; + int pos, len, remain; +#ifndef HAVE_LOCAL_RNG + WC_RNG rng; +#endif + +#ifndef HAVE_LOCAL_RNG + ret = wc_InitRng(&rng); + if (ret < 0) { + printf("InitRNG failed\n"); + return; + } +#endif + + start = current_time(1); + BEGIN_INTEL_CYCLES + + for(i = 0; i < numBlocks; i++) { + /* Split request to handle large RNG request */ + pos = 0; + remain = (int)sizeof(plain); + while (remain > 0) { + len = remain; + if (len > RNG_MAX_BLOCK_LEN) + len = RNG_MAX_BLOCK_LEN; + ret = wc_RNG_GenerateBlock(&rng, &plain[pos], len); + if (ret < 0) { + printf("wc_RNG_GenerateBlock failed %d\n", ret); + break; + } + remain -= len; + pos += len; + } + } + + END_INTEL_CYCLES + total = current_time(0) - start; + + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + printf("RNG %d %s took %5.3f seconds, %8.3f MB/s", numBlocks, + blockType, total, persec); + SHOW_INTEL_CYCLES + printf("\n"); + +#ifndef HAVE_LOCAL_RNG + wc_FreeRng(&rng); +#endif +} + #ifndef NO_AES +#ifdef HAVE_AES_CBC void bench_aes(int show) { Aes enc; @@ -446,7 +549,41 @@ void bench_aes(int show) #endif if (show) { - printf("AES %d %s took %5.3f seconds, %8.3f MB/s", numBlocks, + printf("AES enc %d %s took %5.3f seconds, %8.3f MB/s", numBlocks, + blockType, total, persec); + SHOW_INTEL_CYCLES + printf("\n"); + } +#ifdef HAVE_CAVIUM + wc_AesFreeCavium(&enc); + if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) { + printf("aes init cavium failed\n"); + return; + } +#endif + + ret = wc_AesSetKey(&enc, key, 16, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + return; + } + start = current_time(1); + BEGIN_INTEL_CYCLES + + for(i = 0; i < numBlocks; i++) + wc_AesCbcDecrypt(&enc, plain, cipher, sizeof(plain)); + + END_INTEL_CYCLES + total = current_time(0) - start; + + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + if (show) { + printf("AES dec %d %s took %5.3f seconds, %8.3f MB/s", numBlocks, blockType, total, persec); SHOW_INTEL_CYCLES printf("\n"); @@ -455,8 +592,7 @@ void bench_aes(int show) wc_AesFreeCavium(&enc); #endif } -#endif - +#endif /* HAVE_AES_CBC */ #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) static byte additional[13]; @@ -516,7 +652,8 @@ void bench_aesgcm(void) printf("\n"); #endif } -#endif +#endif /* HAVE_AESGCM */ + #ifdef WOLFSSL_AES_COUNTER void bench_aesctr(void) @@ -546,8 +683,7 @@ void bench_aesctr(void) SHOW_INTEL_CYCLES printf("\n"); } -#endif - +#endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AESCCM @@ -579,7 +715,8 @@ void bench_aesccm(void) SHOW_INTEL_CYCLES printf("\n"); } -#endif +#endif /* HAVE_AESCCM */ +#endif /* !NO_AES */ #ifdef HAVE_POLY1305 @@ -739,7 +876,7 @@ void bench_arc4(void) Arc4 enc; double start, total, persec; int i; - + #ifdef HAVE_CAVIUM if (wc_Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0) printf("arc4 init cavium failed\n"); @@ -777,7 +914,7 @@ void bench_hc128(void) HC128 enc; double start, total, persec; int i; - + wc_Hc128_SetKey(&enc, key, iv); start = current_time(1); BEGIN_INTEL_CYCLES @@ -807,7 +944,7 @@ void bench_rabbit(void) Rabbit enc; double start, total, persec; int i; - + wc_RabbitSetKey(&enc, key, iv); start = current_time(1); BEGIN_INTEL_CYCLES @@ -911,7 +1048,7 @@ void bench_md5(void) for(i = 0; i < numBlocks; i++) wc_Md5Update(&hash, plain, sizeof(plain)); - + wc_Md5Final(&hash, digest); END_INTEL_CYCLES @@ -937,7 +1074,7 @@ void bench_sha(void) byte digest[SHA_DIGEST_SIZE]; double start, total, persec; int i, ret; - + ret = wc_InitSha(&hash); if (ret != 0) { printf("InitSha failed, ret = %d\n", ret); @@ -945,10 +1082,10 @@ void bench_sha(void) } start = current_time(1); BEGIN_INTEL_CYCLES - + for(i = 0; i < numBlocks; i++) wc_ShaUpdate(&hash, plain, sizeof(plain)); - + wc_ShaFinal(&hash, digest); END_INTEL_CYCLES @@ -1064,7 +1201,7 @@ void bench_sha512(void) byte digest[SHA512_DIGEST_SIZE]; double start, total, persec; int i, ret; - + ret = wc_InitSha512(&hash); if (ret != 0) { printf("InitSha512 failed, ret = %d\n", ret); @@ -1072,7 +1209,7 @@ void bench_sha512(void) } start = current_time(1); BEGIN_INTEL_CYCLES - + for(i = 0; i < numBlocks; i++) { ret = wc_Sha512Update(&hash, plain, sizeof(plain)); if (ret != 0) { @@ -1109,14 +1246,14 @@ void bench_ripemd(void) byte digest[RIPEMD_DIGEST_SIZE]; double start, total, persec; int i; - + wc_InitRipeMd(&hash); start = current_time(1); BEGIN_INTEL_CYCLES - + for(i = 0; i < numBlocks; i++) wc_RipeMdUpdate(&hash, plain, sizeof(plain)); - + wc_RipeMdFinal(&hash, digest); END_INTEL_CYCLES @@ -1142,7 +1279,7 @@ void bench_blake2(void) byte digest[64]; double start, total, persec; int i, ret; - + ret = wc_InitBlake2b(&b2b, 64); if (ret != 0) { printf("InitBlake2b failed, ret = %d\n", ret); @@ -1150,7 +1287,7 @@ void bench_blake2(void) } start = current_time(1); BEGIN_INTEL_CYCLES - + for(i = 0; i < numBlocks; i++) { ret = wc_Blake2bUpdate(&b2b, plain, sizeof(plain)); if (ret != 0) { @@ -1158,7 +1295,7 @@ void bench_blake2(void) return; } } - + ret = wc_Blake2bFinal(&b2b, digest, 64); if (ret != 0) { printf("Blake2bFinal failed, ret = %d\n", ret); @@ -1296,7 +1433,7 @@ void bench_dh(void) int i ; size_t bytes; word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz; - const byte* tmp; + const byte* tmp = NULL; byte pub[256]; /* for 2048 bit */ byte pub2[256]; /* for 2048 bit */ @@ -1312,21 +1449,21 @@ void bench_dh(void) (void)tmp; -#ifdef USE_CERT_BUFFERS_1024 +#if defined(NO_ASN) + dhKeySz = 1024; + /* do nothing, but don't use default FILE */ +#elif defined(USE_CERT_BUFFERS_1024) tmp = dh_key_der_1024; bytes = sizeof_dh_key_der_1024; dhKeySz = 1024; #elif defined(USE_CERT_BUFFERS_2048) tmp = dh_key_der_2048; bytes = sizeof_dh_key_der_2048; -#elif defined(NO_ASN) - dhKeySz = 1024; - /* do nothing, but don't use default FILE */ #else #error "need to define a cert buffer size" #endif /* USE_CERT_BUFFERS */ - + wc_InitDhKey(&dhKey); #ifdef NO_ASN bytes = wc_DhSetKey(&dhKey, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); @@ -1373,12 +1510,12 @@ void bench_rsaKeyGen(void) RsaKey genKey; double start, total, each, milliEach; int i; - - /* 1024 bit */ + + /* 1024 bit */ start = current_time(1); for(i = 0; i < genTimes; i++) { - wc_InitRsaKey(&genKey, 0); + wc_InitRsaKey(&genKey, 0); wc_MakeRsaKey(&genKey, 1024, 65537, &rng); wc_FreeRsaKey(&genKey); } @@ -1394,7 +1531,7 @@ void bench_rsaKeyGen(void) start = current_time(1); for(i = 0; i < genTimes; i++) { - wc_InitRsaKey(&genKey, 0); + wc_InitRsaKey(&genKey, 0); wc_MakeRsaKey(&genKey, 2048, 65537, &rng); wc_FreeRsaKey(&genKey); } @@ -1646,8 +1783,8 @@ void bench_eccKeyGen(void) ecc_key genKey; double start, total, each, milliEach; int i; - - /* 256 bit */ + + /* 256 bit */ start = current_time(1); for(i = 0; i < genTimes; i++) { @@ -1671,7 +1808,7 @@ void bench_eccKeyAgree(void) double start, total, each, milliEach; int i, ret; byte shared[32]; -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(NO_ECC_SIGN) byte sig[64+16]; /* der encoding too */ #endif byte digest[32]; @@ -1714,7 +1851,7 @@ void bench_eccKeyAgree(void) digest[i] = (byte)i; -#ifndef NO_ASN +#if !defined(NO_ASN) && !defined(NO_ECC_SIGN) start = current_time(1); for(i = 0; i < agreeTimes; i++) { @@ -1722,7 +1859,7 @@ void bench_eccKeyAgree(void) ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey); if (ret != 0) { printf("ecc_sign_hash failed\n"); - return; + return; } } @@ -1739,7 +1876,7 @@ void bench_eccKeyAgree(void) ret = wc_ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &genKey); if (ret != 0) { printf("ecc_verify_hash failed\n"); - return; + return; } } #endif @@ -1753,6 +1890,65 @@ void bench_eccKeyAgree(void) wc_ecc_free(&genKey2); wc_ecc_free(&genKey); } +#ifdef HAVE_ECC_ENCRYPT +void bench_eccEncrypt(void) +{ + ecc_key userA, userB; + byte msg[48]; + byte out[80]; + word32 outSz = sizeof(out); + word32 plainSz = sizeof(plain); + int ret, i; + double start, total, each, milliEach; + + wc_ecc_init(&userA); + wc_ecc_init(&userB); + + wc_ecc_make_key(&rng, 32, &userA); + wc_ecc_make_key(&rng, 32, &userB); + + for (i = 0; i < (int)sizeof(msg); i++) + msg[i] = i; + + start = current_time(1); + + for(i = 0; i < ntimes; i++) { + /* encrypt msg to B */ + ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); + if (ret != 0) { + printf("wc_ecc_encrypt failed! %d\n", ret); + return; + } + } + + total = current_time(0) - start; + each = total / ntimes; /* per second */ + milliEach = each * 1000; /* milliseconds */ + printf("ECC encrypt %6.3f milliseconds, avg over %d" + " iterations\n", milliEach, ntimes); + + start = current_time(1); + + for(i = 0; i < ntimes; i++) { + /* decrypt msg from A */ + ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); + if (ret != 0) { + printf("wc_ecc_decrypt failed! %d\n", ret); + return; + } + } + + total = current_time(0) - start; + each = total / ntimes; /* per second */ + milliEach = each * 1000; /* milliseconds */ + printf("ECC decrypt %6.3f milliseconds, avg over %d" + " iterations\n", milliEach, ntimes); + + /* cleanup */ + wc_ecc_free(&userB); + wc_ecc_free(&userA); +} +#endif #endif /* HAVE_ECC */ #ifdef HAVE_CURVE25519 @@ -1778,7 +1974,7 @@ void bench_curve25519KeyGen(void) " iterations\n", milliEach, genTimes); } - +#ifdef HAVE_CURVE25519_SHARED_SECRET void bench_curve25519KeyAgree(void) { curve25519_key genKey, genKey2; @@ -1822,6 +2018,7 @@ void bench_curve25519KeyAgree(void) wc_curve25519_free(&genKey2); wc_curve25519_free(&genKey); } +#endif /* HAVE_CURVE25519_SHARED_SECRET */ #endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED25519 @@ -1851,12 +2048,15 @@ void bench_ed25519KeyGen(void) void bench_ed25519KeySign(void) { + int ret; ed25519_key genKey; +#ifdef HAVE_ED25519_SIGN double start, total, each, milliEach; - int i, ret; + int i; byte sig[ED25519_SIG_SIZE]; byte msg[512]; word32 x = 0; +#endif wc_ed25519_init(&genKey); @@ -1865,11 +2065,12 @@ void bench_ed25519KeySign(void) printf("ed25519_make_key failed\n"); return; } + +#ifdef HAVE_ED25519_SIGN /* make dummy msg */ for (i = 0; i < (int)sizeof(msg); i++) msg[i] = (byte)i; - start = current_time(1); for(i = 0; i < agreeTimes; i++) { @@ -1887,6 +2088,7 @@ void bench_ed25519KeySign(void) printf("ED25519 sign time %6.3f milliseconds, avg over %d" " iterations\n", milliEach, agreeTimes); +#ifdef HAVE_ED25519_VERIFY start = current_time(1); for(i = 0; i < agreeTimes; i++) { @@ -1904,6 +2106,8 @@ void bench_ed25519KeySign(void) milliEach = each * 1000; /* milliseconds */ printf("ED25519 verify time %6.3f milliseconds, avg over %d" " iterations\n", milliEach, agreeTimes); +#endif /* HAVE_ED25519_VERIFY */ +#endif /* HAVE_ED25519_SIGN */ wc_ed25519_free(&genKey); } @@ -1919,7 +2123,7 @@ void bench_ed25519KeySign(void) { static int init = 0; static LARGE_INTEGER freq; - + LARGE_INTEGER count; (void)reset; @@ -1959,7 +2163,7 @@ void bench_ed25519KeySign(void) #elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || defined(WOLFSSL_USER_CURRTIME) extern double current_time(int reset); - + #elif defined FREERTOS double current_time(int reset) @@ -1987,6 +2191,22 @@ void bench_ed25519KeySign(void) return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000; } +#elif defined(WOLFSSL_EMBOS) + + #include "RTOS.h" + + double current_time(int reset) + { + double time_now; + double current_s = OS_GetTime() / 1000.0; + double current_us = OS_GetTime_us() / 1000000.0; + time_now = (double)( current_s + current_us); + + (void) reset; + + return time_now; + } + #else #include diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h index b916229d3..20feeb45d 100644 --- a/wolfcrypt/benchmark/benchmark.h +++ b/wolfcrypt/benchmark/benchmark.h @@ -1,8 +1,8 @@ /* wolfcrypt/benchmark/benchmark.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFCRYPT_BENCHMARK_H #define WOLFCRYPT_BENCHMARK_H diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 509063d47..6d5d9fa96 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1,8 +1,8 @@ /* aes.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -43,17 +44,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } +#ifdef HAVE_AES_CBC int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { return AesCbcEncrypt_fips(aes, out, in, sz); } - +#ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { return AesCbcDecrypt_fips(aes, out, in, sz); } - +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER @@ -70,12 +73,12 @@ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) AesEncryptDirect(aes, out, in); } - +#ifdef HAVE_AES_DECRYPT void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) { AesDecryptDirect(aes, out, in); } - +#endif /* HAVE_AES_DECRYPT */ int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) @@ -101,7 +104,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, authIn, authInSz); } - +#ifdef HAVE_AES_DECRYPT int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -110,7 +113,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); } - +#endif /* HAVE_AES_DECRYPT */ int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { @@ -149,7 +152,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return 0; } - +#ifdef HAVE_AES_DECRYPT int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, const byte* authTag, word32 authTagSz, @@ -158,6 +161,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz); } +#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AESCCM */ #ifdef HAVE_CAVIUM @@ -183,6 +187,7 @@ void wc_AesFreeCavium(Aes* aes) #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif #ifdef DEBUG_AESNI @@ -195,14 +200,98 @@ void wc_AesFreeCavium(Aes* aes) #pragma warning(disable: 4127) #endif - +/* Define AES implementation includes and functions */ #if defined(STM32F2_CRYPTO) /* STM32F2 hardware AES support for CBC, CTR modes through the STM32F2 * Standard Peripheral Library. Documentation located in STM32F2xx - * Standard Peripheral Library document (See note in README). - * NOTE: no support for AES-GCM/CCM/Direct */ + * Standard Peripheral Library document (See note in README). */ #include "stm32f2xx.h" #include "stm32f2xx_cryp.h" + + static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) + { + word32 *enc_key; + CRYP_InitTypeDef AES_CRYP_InitStructure; + CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; + + enc_key = aes->key; + + /* crypto structure initialization */ + CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); + CRYP_StructInit(&AES_CRYP_InitStructure); + + /* reset registers to their default values */ + CRYP_DeInit(); + + /* load key into correct registers */ + switch(aes->rounds) + { + case 10: /* 128-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; + break; + + case 12: /* 192-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; + break; + + case 14: /* 256-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; + AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; + break; + + default: + break; + } + CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + + /* set direction, mode, and datatype */ + AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_ECB; + AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&AES_CRYP_InitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + CRYP_DataIn(*(uint32_t*)&inBlock[0]); + CRYP_DataIn(*(uint32_t*)&inBlock[4]); + CRYP_DataIn(*(uint32_t*)&inBlock[8]); + CRYP_DataIn(*(uint32_t*)&inBlock[12]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&outBlock[0] = CRYP_DataOut(); + *(uint32_t*)&outBlock[4] = CRYP_DataOut(); + *(uint32_t*)&outBlock[8] = CRYP_DataOut(); + *(uint32_t*)&outBlock[12] = CRYP_DataOut(); + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + + return 0; + } + #elif defined(HAVE_COLDFIRE_SEC) /* Freescale Coldfire SEC support for CBC mode. * NOTE: no support for AES-CTR/GCM/CCM/Direct */ @@ -219,7 +308,7 @@ void wc_AesFreeCavium(Aes* aes) #include "cau_api.h" static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) - { + { int ret = wolfSSL_CryptHwMutexLock(); if(ret == 0) { cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); @@ -227,8 +316,9 @@ void wc_AesFreeCavium(Aes* aes) } return ret; } + #ifdef HAVE_AES_DECRYPT static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) - { + { int ret = wolfSSL_CryptHwMutexLock(); if(ret == 0) { cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); @@ -236,6 +326,7 @@ void wc_AesFreeCavium(Aes* aes) } return ret; } + #endif /* HAVE_AES_DECRYPT */ #elif defined(WOLFSSL_PIC32MZ_CRYPT) /* NOTE: no support for AES-CCM/Direct */ #define DEBUG_WOLFSSL @@ -249,14 +340,31 @@ void wc_AesFreeCavium(Aes* aes) static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length, const byte* iv); + #ifdef HAVE_AES_CBC static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length); + #ifdef HAVE_AES_DECRYPT static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AES_CBC */ +#elif defined(WOLFSSL_NRF51_AES) + /* Use built-in AES hardware - AES 128 ECB Encrypt Only */ + #include "wolfssl/wolfcrypt/port/nrf51.h" + + static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) + { + return nrf51_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); + } + #ifdef HAVE_AES_DECRYPT + #error nRF51 AES Hardware does not support decrypt + #endif /* HAVE_AES_DECRYPT */ + #else - /* using CTaoCrypt software AES implementation */ + + /* using wolfCrypt software AES implementation */ #define NEED_AES_TABLES -#endif /* STM32F2_CRYPTO */ +#endif #ifdef NEED_AES_TABLES @@ -937,6 +1045,7 @@ static const word32 Td[5][256] = { #define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y)))) + #ifdef WOLFSSL_AESNI /* Each platform needs to query info type 1 from cpuid to see if aesni is @@ -978,25 +1087,41 @@ static int haveAESNI = 0; /* tell C compiler these are asm functions in case any mix up of ABI underscore prefix between clang/gcc/llvm etc */ +#ifdef HAVE_AES_CBC void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) XASM_LINK("AES_CBC_encrypt"); - -void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, - unsigned char* ivec, unsigned long length, - const unsigned char* KS, int nr) - XASM_LINK("AES_CBC_decrypt"); +#ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_AESNI_BY4) + void AES_CBC_decrypt_by4(const unsigned char* in, unsigned char* out, + unsigned char* ivec, unsigned long length, + const unsigned char* KS, int nr) + XASM_LINK("AES_CBC_decrypt_by4"); + #elif defined(WOLFSSL_AESNI_BY6) + void AES_CBC_decrypt_by6(const unsigned char* in, unsigned char* out, + unsigned char* ivec, unsigned long length, + const unsigned char* KS, int nr) + XASM_LINK("AES_CBC_decrypt_by6"); + #else /* WOLFSSL_AESNI_BYx */ + void AES_CBC_decrypt_by8(const unsigned char* in, unsigned char* out, + unsigned char* ivec, unsigned long length, + const unsigned char* KS, int nr) + XASM_LINK("AES_CBC_decrypt_by8"); + #endif /* WOLFSSL_AESNI_BYx */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) XASM_LINK("AES_ECB_encrypt"); - +#ifdef HAVE_AES_DECRYPT void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) XASM_LINK("AES_ECB_decrypt"); +#endif void AES_128_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) @@ -1032,7 +1157,7 @@ static int AES_set_encrypt_key(const unsigned char *userKey, const int bits, return BAD_FUNC_ARG; } - +#ifdef HAVE_AES_DECRYPT static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, Aes* aes) { @@ -1075,11 +1200,11 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, return 0; } - - - +#endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AESNI */ +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) ||\ + defined(HAVE_AESGCM) static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { @@ -1259,7 +1384,10 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2)); XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); } +#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */ +#ifdef HAVE_AES_DECRYPT +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 s0, s1, s2, s3; @@ -1418,6 +1546,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2)); XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); } +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #endif /* NEED_AES_TABLES */ @@ -1429,6 +1559,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 *rk = aes->key; + (void)dir; + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) return BAD_FUNC_ARG; @@ -1438,13 +1570,13 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return wc_AesSetIV(aes, iv); } - - int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) - { - return wc_AesSetKey(aes, userKey, keylen, iv, dir); - } - + #if defined(WOLFSSL_AES_DIRECT) + int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKey(aes, userKey, keylen, iv, dir); + } + #endif #elif defined(HAVE_COLDFIRE_SEC) #if defined (HAVE_THREADX) #include "memory_pools.h" @@ -1521,15 +1653,38 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return BAD_FUNC_ARG; aes->rounds = keylen/4 + 6; - + ret = wolfSSL_CryptHwMutexLock(); if(ret == 0) { cau_aes_set_key(userKey, keylen*8, rk); wolfSSL_CryptHwMutexUnLock(); - + ret = wc_AesSetIV(aes, iv); } - + + return ret; + } + + int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKey(aes, userKey, keylen, iv, dir); + } +#elif defined(WOLFSSL_NRF51_AES) + int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + int ret; + + (void)dir; + (void)iv; + + if (keylen != 16) + return BAD_FUNC_ARG; + + aes->rounds = keylen/4 + 6; + ret = nrf51_aes_set_key(userKey); + return ret; } @@ -1574,6 +1729,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) switch(keylen) { +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 case 16: while (1) { @@ -1592,7 +1748,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) rk += 4; } break; +#endif /* 128 */ +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 case 24: /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */ while (1) @@ -1614,7 +1772,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) rk += 6; } break; +#endif /* 192 */ +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 case 32: while (1) { @@ -1643,11 +1803,13 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) rk += 8; } break; +#endif /* 256 */ default: return BAD_FUNC_ARG; } +#ifdef HAVE_AES_DECRYPT if (dir == AES_DECRYPTION) { unsigned int j; @@ -1686,6 +1848,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff]; } } +#endif /* HAVE_AES_DECRYPT */ return wc_AesSetIV(aes, iv); } @@ -1693,16 +1856,26 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { + #if defined(AES_MAX_KEY_SIZE) + const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); + #endif if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) return BAD_FUNC_ARG; - #ifdef HAVE_CAVIUM + #if defined(AES_MAX_KEY_SIZE) + /* Check key length */ + if (keylen > max_key_len) { + return BAD_FUNC_ARG; + } + #endif + + #ifdef HAVE_CAVIUM if (aes->magic == WOLFSSL_AES_CAVIUM_MAGIC) return wc_AesCaviumSetKey(aes, userKey, keylen, iv); - #endif + #endif - #ifdef WOLFSSL_AESNI + #ifdef WOLFSSL_AESNI if (checkAESNI == 0) { haveAESNI = Check_CPU_support_AES(); checkAESNI = 1; @@ -1713,10 +1886,12 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); if (dir == AES_ENCRYPTION) return AES_set_encrypt_key(userKey, keylen * 8, aes); + #ifdef HAVE_AES_DECRYPT else return AES_set_decrypt_key(userKey, keylen * 8, aes); + #endif } - #endif /* WOLFSSL_AESNI */ + #endif /* WOLFSSL_AESNI */ return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir); } @@ -1753,8 +1928,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* AES-DIRECT */ #if defined(WOLFSSL_AES_DIRECT) - #if defined(STM32F2_CRYPTO) - #error "STM32F2 crypto doesn't yet support AES direct" + #if defined(STM32F2_CRYPTO) && defined(HAVE_AES_DECRYPT) + #error "STM32F2 crypto doesn't yet support AES direct decrypt" #elif defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't yet support AES direct" @@ -1768,18 +1943,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { wc_AesEncrypt(aes, in, out); } - + #ifdef HAVE_AES_DECRYPT /* Allow direct access to one block decrypt */ void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) { wc_AesDecrypt(aes, in, out); } - + #endif /* HAVE_AES_DECRYPT */ #endif /* AES direct block */ #endif /* WOLFSSL_AES_DIRECT */ /* AES-CBC */ +#ifdef HAVE_AES_CBC #ifdef STM32F2_CRYPTO int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { @@ -1886,6 +2062,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } + #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 *dec_key, *iv; @@ -2006,7 +2183,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } - + #endif /* HAVE_AES_DECRYPT */ #elif defined(HAVE_COLDFIRE_SEC) static int wc_AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, word32 descHeader) @@ -2106,11 +2283,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)); } + #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz) { return (wc_AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)); } - + #endif /* HAVE_AES_DECRYPT */ #elif defined(FREESCALE_MMCAU) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { @@ -2147,7 +2325,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } - + #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int i; @@ -2169,7 +2347,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); wc_AesDecrypt(aes, in + offset, out + offset); - + /* XOR block with IV for CBC */ for (i = 0; i < AES_BLOCK_SIZE; i++) (out + offset)[i] ^= iv[i]; @@ -2183,7 +2361,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } - + #endif /* HAVE_AES_DECRYPT */ #elif defined(WOLFSSL_PIC32MZ_CRYPT) /* core hardware crypt engine driver */ static void wc_AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz, @@ -2286,13 +2464,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) PIC32_CRYPTOALGO_RCBC ); return 0 ; } - + #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { wc_AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC); return 0 ; } + #endif /* HAVE_AES_DECRYPT */ #else int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -2358,6 +2537,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } + #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; @@ -2381,8 +2561,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* if input and output same will overwrite input iv */ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, + #if defined(WOLFSSL_AESNI_BY4) + AES_CBC_decrypt_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key, aes->rounds); + #elif defined(WOLFSSL_AESNI_BY6) + AES_CBC_decrypt_by6(in, out, (byte*)aes->reg, sz, (byte*)aes->key, + aes->rounds); + #else /* WOLFSSL_AESNI_BYx */ + AES_CBC_decrypt_by8(in, out, (byte*)aes->reg, sz, (byte*)aes->key, + aes->rounds); + #endif /* WOLFSSL_AESNI_BYx */ /* store iv for next call */ XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); return 0; @@ -2401,8 +2589,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; } + #endif #endif /* STM32F2_CRYPTO, AES-CBC block */ +#endif /* HAVE_AES_CBC */ /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER @@ -2644,12 +2834,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) * number counter. */ -#ifdef STM32F2_CRYPTO - #error "STM32F2 crypto doesn't currently support AES-GCM mode" - -#elif defined(HAVE_COLDFIRE_SEC) +#if defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't currently support AES-GCM mode" +#elif defined(WOLFSSL_NRF51_AES) + #error "nRF51 doesn't currently support AES-GCM mode" + #endif enum { @@ -2967,6 +3157,7 @@ static void AES_GCM_encrypt(const unsigned char *in, } +#ifdef HAVE_AES_DECRYPT /* Figure 10. AES-GCM – Decrypt With Single Block Ghash at a Time */ static int AES_GCM_decrypt(const unsigned char *in, @@ -3185,7 +3376,7 @@ static int AES_GCM_decrypt(const unsigned char *in, return 1; /* when successful returns 1 */ } - +#endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AESNI */ @@ -3424,7 +3615,7 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz, static void GMULT(word64* X, word64* Y) { word64 Z[2] = {0,0}; - word64 V[2] ; + word64 V[2] ; int i, j; V[0] = X[0] ; V[1] = X[1] ; @@ -3466,7 +3657,7 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz, XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); + ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); #endif /* Hash in A, the Additional Authentication Data */ @@ -3525,7 +3716,7 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz, /* Hash in the lengths in bits of A and C */ { - word64 len[2] ; + word64 len[2] ; len[0] = aSz ; len[1] = cSz; /* Lengths are in bytes. Convert to bits. */ @@ -3764,6 +3955,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } +#ifdef HAVE_AES_DECRYPT int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -3845,7 +4037,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return 0; } - +#endif /* HAVE_AES_DECRYPT */ WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { @@ -3866,10 +4058,7 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, #ifdef HAVE_AESCCM -#ifdef STM32F2_CRYPTO - #error "STM32F2 crypto doesn't currently support AES-CCM mode" - -#elif defined(HAVE_COLDFIRE_SEC) +#if defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't currently support AES-CCM mode" #elif defined(WOLFSSL_PIC32MZ_CRYPT) @@ -4029,7 +4218,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return 0; } - +#ifdef HAVE_AES_DECRYPT int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, const byte* authTag, word32 authTagSz, @@ -4118,7 +4307,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return result; } - +#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AESCCM */ @@ -4174,7 +4363,7 @@ static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length, return wc_AesSetIV(aes, iv); } - +#ifdef HAVE_AES_CBC static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length) { @@ -4208,6 +4397,7 @@ static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, return 0; } +#ifdef HAVE_AES_DECRYPT static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length) { @@ -4242,6 +4432,8 @@ static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, } return 0; } +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ #endif /* HAVE_CAVIUM */ diff --git a/wolfcrypt/src/aes_asm.asm b/wolfcrypt/src/aes_asm.asm index 5453d2e45..3c625bc11 100644 --- a/wolfcrypt/src/aes_asm.asm +++ b/wolfcrypt/src/aes_asm.asm @@ -1,28 +1,28 @@ -; /*aes_asm . asm -; * -; *Copyright[C]2006 -2014 wolfSSL Inc . -; * -; *This file is part of wolfssl. (formerly known as CyaSSL) -; * -; *wolfSSL is free software/ you can redistribute it and/or modify -; *it under the terms of the GNU General Public License as published by -; *the Free Software Foundation/ either version 2 of the License, or -; *[at your option]any later version . -; * -; *wolfSSL ,is distributed in the hope that it will be useful -; *but WITHOUT ANY WARRANTY/ without even the implied warranty of -; *MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the -; *GNU General Public License for more details . -; * -; *You should have received a copy of the GNU General Public License -; *along with this program/ if not, write to the Free Software -; *Foundation,Inc .,51 Franklin Street,Fifth Floor,Boston,MA 02110-1301,USA -; */ +; /* aes_asm.asm +; * +; * Copyright (C) 2006-2016 wolfSSL Inc. +; * +; * This file is part of wolfssl. (formerly known as CyaSSL) +; * +; * wolfSSL is free software; you can redistribute it and/or modify +; * it under the term of the GNU General Public License as published by +; * the Free Software Foundation/either version 2 of the License, or +; * (at your option) any later version. +; * +; * wolfSSL is distributed in the hope that it will be useful, +; * but WITHOUT ANY WARRANTY; without even the implied warranty of +; * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +; * GNU General Public License for more details. +; * +; * You should have received a copy of the GNU General Public License +; * along with this program; if not, write to the Free Software +; * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +; */ ; ; -; /*See IntelA dvanced Encryption Standard[AES]Instructions Set White Paper -; *by Israel,Intel Mobility Group Development Center,Israel Shay Gueron -; */ +; /* See Intel Advanced Encryption Standard (AES) Instructions Set White Paper +; * by Israel, Intel Mobility Group Development Center, Israel Shay Gueron +; */ ; ; /* This file is in intel asm syntax, see .s for at&t syntax */ ; @@ -101,220 +101,753 @@ LAST: AES_CBC_encrypt ENDP +; void AES_CBC_decrypt_by4(const unsigned char* in, +; unsigned char* out, +; unsigned char ivec[16], +; unsigned long length, +; const unsigned char* KS, +; int nr) +AES_CBC_decrypt_by4 PROC +; parameter 1: rdi +; parameter 2: rsi +; parameter 3: rdx +; parameter 4: rcx +; parameter 5: r8 +; parameter 6: r9d -; /* -; AES_CBC_decrypt[const ,unsigned char*in -; unsigned ,char*out -; unsigned ,char ivec+16 -; unsigned ,long length -; const ,unsigned char*KS -; int nr] -; */ -; . globl AES_CBC_decrypt -AES_CBC_decrypt PROC -;# parameter 1: rdi -;# parameter 2: rsi -;# parameter 3: rdx -;# parameter 4: rcx -;# parameter 5: r8 -;# parameter 6: r9d - -; save rdi and rsi to rax and r11, restore before ret - mov rax,rdi - mov r11,rsi - -; convert to what we had for att&t convention - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,[rsp+40] - mov r9d,[rsp+48] - -; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end - sub rsp,8+8*16 ; 8 = align stack , 8 xmm6-12,15 16 bytes each - movdqa [rsp+0], xmm6 - movdqa [rsp+16], xmm7 - movdqa [rsp+32], xmm8 - movdqa [rsp+48], xmm9 - movdqa [rsp+64], xmm10 - movdqa [rsp+80], xmm11 - movdqa [rsp+96], xmm12 - movdqa [rsp+112], xmm15 - - mov r10,rcx - shr rcx,4 - shl r10,60 - je DNO_PARTS_4 - add rcx,1 + ; save rdi and rsi to rax and r11, restore before ret + mov rax, rdi + mov r11, rsi + ; convert to what we had for att&t convention + mov rdi, rcx + mov rsi, rdx + mov rdx, r8 + mov rcx,r9 + mov r8, [rsp+40] + mov r9d, [rsp+48] + ; on microsoft xmm6-xmm15 are non volatile, + ; let's save on stack and restore at end + sub rsp, 8+8*16 ; 8 = align stack , 8 xmm6-12,15 16 bytes each + movdqa [rsp+0], xmm6 + movdqa [rsp+16], xmm7 + movdqa [rsp+32], xmm8 + movdqa [rsp+48], xmm9 + movdqa [rsp+64], xmm10 + movdqa [rsp+80], xmm11 + movdqa [rsp+96], xmm12 + movdqa [rsp+112], xmm15 + ; back to our original code, more or less + mov r10, rcx + shr rcx, 4 + shl r10, 60 + je DNO_PARTS_4 + add rcx, 1 DNO_PARTS_4: - mov r10,rcx - shl r10,62 - shr r10,62 - shr rcx,2 - movdqu xmm5,[rdx] - je DREMAINDER_4 - sub rsi,64 + mov r10, rcx + shl r10, 62 + shr r10, 62 + shr rcx, 2 + movdqu xmm5, [rdx] + je DREMAINDER_4 + sub rsi, 64 DLOOP_4: - movdqu xmm1,[rdi] - movdqu xmm2,16[rdi] - movdqu xmm3,32[rdi] - movdqu xmm4,48[rdi] - movdqa xmm6,xmm1 - movdqa xmm7,xmm2 - movdqa xmm8,xmm3 - movdqa xmm15,xmm4 - movdqa xmm9,[r8] - movdqa xmm10,16[r8] - movdqa xmm11,32[r8] - movdqa xmm12,48[r8] - pxor xmm1,xmm9 - pxor xmm2,xmm9 - pxor xmm3,xmm9 - - pxor xmm4,xmm9 - aesdec xmm1,xmm10 - aesdec xmm2,xmm10 - aesdec xmm3,xmm10 - aesdec xmm4,xmm10 - aesdec xmm1,xmm11 - aesdec xmm2,xmm11 - aesdec xmm3,xmm11 - aesdec xmm4,xmm11 - aesdec xmm1,xmm12 - aesdec xmm2,xmm12 - aesdec xmm3,xmm12 - aesdec xmm4,xmm12 - movdqa xmm9,64[r8] - movdqa xmm10,80[r8] - movdqa xmm11,96[r8] - movdqa xmm12,112[r8] - aesdec xmm1,xmm9 - aesdec xmm2,xmm9 - aesdec xmm3,xmm9 - aesdec xmm4,xmm9 - aesdec xmm1,xmm10 - aesdec xmm2,xmm10 - aesdec xmm3,xmm10 - aesdec xmm4,xmm10 - aesdec xmm1,xmm11 - aesdec xmm2,xmm11 - aesdec xmm3,xmm11 - aesdec xmm4,xmm11 - aesdec xmm1,xmm12 - aesdec xmm2,xmm12 - aesdec xmm3,xmm12 - aesdec xmm4,xmm12 - movdqa xmm9,128[r8] - movdqa xmm10,144[r8] - movdqa xmm11,160[r8] - cmp r9d,12 - aesdec xmm1,xmm9 - aesdec xmm2,xmm9 - aesdec xmm3,xmm9 - aesdec xmm4,xmm9 - aesdec xmm1,xmm10 - aesdec xmm2,xmm10 - aesdec xmm3,xmm10 - aesdec xmm4,xmm10 - jb DLAST_4 - movdqa xmm9,160[r8] - movdqa xmm10,176[r8] - movdqa xmm11,192[r8] - cmp r9d,14 - aesdec xmm1,xmm9 - aesdec xmm2,xmm9 - aesdec xmm3,xmm9 - aesdec xmm4,xmm9 - aesdec xmm1,xmm10 - aesdec xmm2,xmm10 - aesdec xmm3,xmm10 - aesdec xmm4,xmm10 - jb DLAST_4 - - movdqa xmm9,192[r8] - movdqa xmm10,208[r8] - movdqa xmm11,224[r8] - aesdec xmm1,xmm9 - aesdec xmm2,xmm9 - aesdec xmm3,xmm9 - aesdec xmm4,xmm9 - aesdec xmm1,xmm10 - aesdec xmm2,xmm10 - aesdec xmm3,xmm10 - aesdec xmm4,xmm10 + movdqu xmm1, [rdi] + movdqu xmm2, 16[rdi] + movdqu xmm3, 32[rdi] + movdqu xmm4, 48[rdi] + movdqa xmm6, xmm1 + movdqa xmm7, xmm2 + movdqa xmm8, xmm3 + movdqa xmm15, xmm4 + movdqa xmm9, [r8] + movdqa xmm10, 16[r8] + movdqa xmm11, 32[r8] + movdqa xmm12, 48[r8] + pxor xmm1, xmm9 + pxor xmm2, xmm9 + pxor xmm3, xmm9 + pxor xmm4, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm1, xmm12 + aesdec xmm2, xmm12 + aesdec xmm3, xmm12 + aesdec xmm4, xmm12 + movdqa xmm9, 64[r8] + movdqa xmm10, 80[r8] + movdqa xmm11, 96[r8] + movdqa xmm12, 112[r8] + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm1, xmm12 + aesdec xmm2, xmm12 + aesdec xmm3, xmm12 + aesdec xmm4, xmm12 + movdqa xmm9, 128[r8] + movdqa xmm10, 144[r8] + movdqa xmm11, 160[r8] + cmp r9d, 12 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + jb DLAST_4 + movdqa xmm9, 160[r8] + movdqa xmm10, 176[r8] + movdqa xmm11, 192[r8] + cmp r9d, 14 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + jb DLAST_4 + movdqa xmm9, 192[r8] + movdqa xmm10, 208[r8] + movdqa xmm11, 224[r8] + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 DLAST_4: - add rdi,64 - add rsi,64 - dec rcx - aesdeclast xmm1,xmm11 - aesdeclast xmm2,xmm11 - aesdeclast xmm3,xmm11 - aesdeclast xmm4,xmm11 - pxor xmm1,xmm5 - pxor xmm2,xmm6 - pxor xmm3,xmm7 - pxor xmm4,xmm8 - movdqu [rsi],xmm1 - movdqu 16[rsi],xmm2 - movdqu 32[rsi],xmm3 - movdqu 48[rsi],xmm4 - movdqa xmm5,xmm15 - jne DLOOP_4 - add rsi,64 + add rdi, 64 + add rsi, 64 + dec rcx + aesdeclast xmm1, xmm11 + aesdeclast xmm2, xmm11 + aesdeclast xmm3, xmm11 + aesdeclast xmm4, xmm11 + pxor xmm1, xmm5 + pxor xmm2, xmm6 + pxor xmm3, xmm7 + pxor xmm4, xmm8 + movdqu [rsi], xmm1 + movdqu 16[rsi], xmm2 + movdqu 32[rsi], xmm3 + movdqu 48[rsi], xmm4 + movdqa xmm5, xmm15 + jne DLOOP_4 + add rsi, 64 DREMAINDER_4: - cmp r10,0 - je DEND_4 + cmp r10, 0 + je DEND_4 DLOOP_4_2: - movdqu xmm1,[rdi] - movdqa xmm15,xmm1 - add rdi,16 - pxor xmm1,[r8] - movdqu xmm2,160[r8] - cmp r9d,12 - aesdec xmm1,16[r8] - aesdec xmm1,32[r8] - aesdec xmm1,48[r8] - aesdec xmm1,64[r8] - aesdec xmm1,80[r8] - aesdec xmm1,96[r8] - aesdec xmm1,112[r8] - aesdec xmm1,128[r8] - aesdec xmm1,144[r8] - jb DLAST_4_2 - movdqu xmm2,192[r8] - cmp r9d,14 - aesdec xmm1,160[r8] - aesdec xmm1,176[r8] - jb DLAST_4_2 - movdqu xmm2,224[r8] - aesdec xmm1,192[r8] - aesdec xmm1,208[r8] + movdqu xmm1, [rdi] + movdqa xmm15, xmm1 + add rdi, 16 + pxor xmm1, [r8] + movdqu xmm2, 160[r8] + cmp r9d, 12 + aesdec xmm1, 16[r8] + aesdec xmm1, 32[r8] + aesdec xmm1, 48[r8] + aesdec xmm1, 64[r8] + aesdec xmm1, 80[r8] + aesdec xmm1, 96[r8] + aesdec xmm1, 112[r8] + aesdec xmm1, 128[r8] + aesdec xmm1, 144[r8] + jb DLAST_4_2 + movdqu xmm2, 192[r8] + cmp r9d, 14 + aesdec xmm1, 160[r8] + aesdec xmm1, 176[r8] + jb DLAST_4_2 + movdqu xmm2, 224[r8] + aesdec xmm1, 192[r8] + aesdec xmm1, 208[r8] DLAST_4_2: - aesdeclast xmm1,xmm2 - pxor xmm1,xmm5 - movdqa xmm5,xmm15 - movdqu [rsi],xmm1 - - add rsi,16 - dec r10 - jne DLOOP_4_2 + aesdeclast xmm1, xmm2 + pxor xmm1, xmm5 + movdqa xmm5, xmm15 + movdqu [rsi], xmm1 + add rsi, 16 + dec r10 + jne DLOOP_4_2 DEND_4: - ; restore non volatile rdi,rsi - mov rdi,rax - mov rsi,r11 - ; restore non volatile xmms from stack - movdqa xmm6, [rsp+0] - movdqa xmm7, [rsp+16] - movdqa xmm8, [rsp+32] - movdqa xmm9, [rsp+48] - movdqa xmm10, [rsp+64] - movdqa xmm11, [rsp+80] - movdqa xmm12, [rsp+96] - movdqa xmm15, [rsp+112] - add rsp,8+8*16 ; 8 = align stack , 8 xmm6-12,15 16 bytes each - ret -AES_CBC_decrypt ENDP + ; restore non volatile rdi,rsi + mov rdi, rax + mov rsi, r11 + ; restore non volatile xmms from stack + movdqa xmm6, [rsp+0] + movdqa xmm7, [rsp+16] + movdqa xmm8, [rsp+32] + movdqa xmm9, [rsp+48] + movdqa xmm10, [rsp+64] + movdqa xmm11, [rsp+80] + movdqa xmm12, [rsp+96] + movdqa xmm15, [rsp+112] + add rsp, 8+8*16 ; 8 = align stack , 8 xmm6-12,15 16 bytes each + ret +AES_CBC_decrypt_by4 ENDP + + +; void AES_CBC_decrypt_by6(const unsigned char *in, +; unsigned char *out, +; unsigned char ivec[16], +; unsigned long length, +; const unsigned char *KS, +; int nr) +AES_CBC_decrypt_by6 PROC +; parameter 1: rdi - in +; parameter 2: rsi - out +; parameter 3: rdx - ivec +; parameter 4: rcx - length +; parameter 5: r8 - KS +; parameter 6: r9d - nr + + ; save rdi and rsi to rax and r11, restore before ret + mov rax, rdi + mov r11, rsi + ; convert to what we had for att&t convention + mov rdi, rcx + mov rsi, rdx + mov rdx, r8 + mov rcx, r9 + mov r8, [rsp+40] + mov r9d, [rsp+48] + ; on microsoft xmm6-xmm15 are non volatile, + ; let's save on stack and restore at end + sub rsp, 8+9*16 ; 8 = align stack , 9 xmm6-14 16 bytes each + movdqa [rsp+0], xmm6 + movdqa [rsp+16], xmm7 + movdqa [rsp+32], xmm8 + movdqa [rsp+48], xmm9 + movdqa [rsp+64], xmm10 + movdqa [rsp+80], xmm11 + movdqa [rsp+96], xmm12 + movdqa [rsp+112], xmm13 + movdqa [rsp+128], xmm14 + ; back to our original code, more or less + mov r10, rcx + shr rcx, 4 + shl r10, 60 + je DNO_PARTS_6 + add rcx, 1 +DNO_PARTS_6: + mov r12, rax + mov r13, rdx + mov r14, rbx + mov rdx, 0 + mov rax, rcx + mov rbx, 6 + div rbx + mov rcx, rax + mov r10, rdx + mov rax, r12 + mov rdx, r13 + mov rbx, r14 + cmp rcx, 0 + movdqu xmm7, [rdx] + je DREMAINDER_6 + sub rsi, 96 +DLOOP_6: + movdqu xmm1, [rdi] + movdqu xmm2, 16[rdi] + movdqu xmm3, 32[rdi] + movdqu xmm4, 48[rdi] + movdqu xmm5, 64[rdi] + movdqu xmm6, 80[rdi] + movdqa xmm8, [r8] + movdqa xmm9, 16[r8] + movdqa xmm10, 32[r8] + movdqa xmm11, 48[r8] + pxor xmm1, xmm8 + pxor xmm2, xmm8 + pxor xmm3, xmm8 + pxor xmm4, xmm8 + pxor xmm5, xmm8 + pxor xmm6, xmm8 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm5, xmm9 + aesdec xmm6, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + movdqa xmm8, 64[r8] + movdqa xmm9, 80[r8] + movdqa xmm10, 96[r8] + movdqa xmm11, 112[r8] + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm5, xmm9 + aesdec xmm6, xmm9 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + movdqa xmm8, 128[r8] + movdqa xmm9, 144[r8] + movdqa xmm10, 160[r8] + cmp r9d, 12 + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm5, xmm9 + aesdec xmm6, xmm9 + jb DLAST_6 + movdqa xmm8, 160[r8] + movdqa xmm9, 176[r8] + movdqa xmm10, 192[r8] + cmp r9d, 14 + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm5, xmm9 + aesdec xmm6, xmm9 + jb DLAST_6 + movdqa xmm8, 192[r8] + movdqa xmm9, 208[r8] + movdqa xmm10, 224[r8] + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm1, xmm9 + aesdec xmm2, xmm9 + aesdec xmm3, xmm9 + aesdec xmm4, xmm9 + aesdec xmm5, xmm9 + aesdec xmm6, xmm9 +DLAST_6: + add rsi, 96 + aesdeclast xmm1, xmm10 + aesdeclast xmm2, xmm10 + aesdeclast xmm3, xmm10 + aesdeclast xmm4, xmm10 + aesdeclast xmm5, xmm10 + aesdeclast xmm6, xmm10 + movdqu xmm8, [rdi] + movdqu xmm9, 16[rdi] + movdqu xmm10, 32[rdi] + movdqu xmm11, 48[rdi] + movdqu xmm12, 64[rdi] + movdqu xmm13, 80[rdi] + pxor xmm1, xmm7 + pxor xmm2, xmm8 + pxor xmm3, xmm9 + pxor xmm4, xmm10 + pxor xmm5, xmm11 + pxor xmm6, xmm12 + movdqu xmm7, xmm13 + movdqu [rsi], xmm1 + movdqu 16[rsi], xmm2 + movdqu 32[rsi], xmm3 + movdqu 48[rsi], xmm4 + movdqu 64[rsi], xmm5 + movdqu 80[rsi], xmm6 + add rdi, 96 + dec rcx + jne DLOOP_6 + add rsi, 96 +DREMAINDER_6: + cmp r10, 0 + je DEND_6 +DLOOP_6_2: + movdqu xmm1, [rdi] + movdqa xmm10, xmm1 + add rdi, 16 + pxor xmm1, [r8] + movdqu xmm2, 160[r8] + cmp r9d, 12 + aesdec xmm1, 16[r8] + aesdec xmm1, 32[r8] + aesdec xmm1, 48[r8] + aesdec xmm1, 64[r8] + aesdec xmm1, 80[r8] + aesdec xmm1, 96[r8] + aesdec xmm1, 112[r8] + aesdec xmm1, 128[r8] + aesdec xmm1, 144[r8] + jb DLAST_6_2 + movdqu xmm2, 192[r8] + cmp r9d, 14 + aesdec xmm1, 160[r8] + aesdec xmm1, 176[r8] + jb DLAST_6_2 + movdqu xmm2, 224[r8] + aesdec xmm1, 192[r8] + aesdec xmm1, 208[r8] +DLAST_6_2: + aesdeclast xmm1, xmm2 + pxor xmm1, xmm7 + movdqa xmm7, xmm10 + movdqu [rsi], xmm1 + add rsi, 16 + dec r10 + jne DLOOP_6_2 +DEND_6: + ; restore non volatile rdi,rsi + mov rdi, rax + mov rsi, r11 + ; restore non volatile xmms from stack + movdqa xmm6, [rsp+0] + movdqa xmm7, [rsp+16] + movdqa xmm8, [rsp+32] + movdqa xmm9, [rsp+48] + movdqa xmm10, [rsp+64] + movdqa xmm11, [rsp+80] + movdqa xmm12, [rsp+96] + movdqa xmm13, [rsp+112] + movdqa xmm14, [rsp+128] + add rsp, 8+9*16 ; 8 = align stack , 9 xmm6-14 16 bytes each + ret +AES_CBC_decrypt_by6 ENDP + + +; void AES_CBC_decrypt_by8(const unsigned char *in, +; unsigned char *out, +; unsigned char ivec[16], +; unsigned long length, +; const unsigned char *KS, +; int nr) +AES_CBC_decrypt_by8 PROC +; parameter 1: rdi - in +; parameter 2: rsi - out +; parameter 3: rdx - ivec +; parameter 4: rcx - length +; parameter 5: r8 - KS +; parameter 6: r9d - nr + + ; save rdi and rsi to rax and r11, restore before ret + mov rax, rdi + mov r11, rsi + ; convert to what we had for att&t convention + mov rdi, rcx + mov rsi, rdx + mov rdx, r8 + mov rcx,r9 + mov r8, [rsp+40] + mov r9d, [rsp+48] + ; on microsoft xmm6-xmm15 are non volatile, + ; let's save on stack and restore at end + sub rsp, 8+8*16 ; 8 = align stack , 8 xmm6-13 16 bytes each + movdqa [rsp+0], xmm6 + movdqa [rsp+16], xmm7 + movdqa [rsp+32], xmm8 + movdqa [rsp+48], xmm9 + movdqa [rsp+64], xmm10 + movdqa [rsp+80], xmm11 + movdqa [rsp+96], xmm12 + movdqa [rsp+112], xmm13 + ; back to our original code, more or less + mov r10, rcx + shr rcx, 4 + shl r10, 60 + je DNO_PARTS_8 + add rcx, 1 +DNO_PARTS_8: + mov r10, rcx + shl r10, 61 + shr r10, 61 + shr rcx, 3 + movdqu xmm9, [rdx] + je DREMAINDER_8 + sub rsi, 128 +DLOOP_8: + movdqu xmm1, [rdi] + movdqu xmm2, 16[rdi] + movdqu xmm3, 32[rdi] + movdqu xmm4, 48[rdi] + movdqu xmm5, 64[rdi] + movdqu xmm6, 80[rdi] + movdqu xmm7, 96[rdi] + movdqu xmm8, 112[rdi] + movdqa xmm10, [r8] + movdqa xmm11, 16[r8] + movdqa xmm12, 32[r8] + movdqa xmm13, 48[r8] + pxor xmm1, xmm10 + pxor xmm2, xmm10 + pxor xmm3, xmm10 + pxor xmm4, xmm10 + pxor xmm5, xmm10 + pxor xmm6, xmm10 + pxor xmm7, xmm10 + pxor xmm8, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + aesdec xmm7, xmm11 + aesdec xmm8, xmm11 + aesdec xmm1, xmm12 + aesdec xmm2, xmm12 + aesdec xmm3, xmm12 + aesdec xmm4, xmm12 + aesdec xmm5, xmm12 + aesdec xmm6, xmm12 + aesdec xmm7, xmm12 + aesdec xmm8, xmm12 + aesdec xmm1, xmm13 + aesdec xmm2, xmm13 + aesdec xmm3, xmm13 + aesdec xmm4, xmm13 + aesdec xmm5, xmm13 + aesdec xmm6, xmm13 + aesdec xmm7, xmm13 + aesdec xmm8, xmm13 + movdqa xmm10, 64[r8] + movdqa xmm11, 80[r8] + movdqa xmm12, 96[r8] + movdqa xmm13, 112[r8] + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm7, xmm10 + aesdec xmm8, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + aesdec xmm7, xmm11 + aesdec xmm8, xmm11 + aesdec xmm1, xmm12 + aesdec xmm2, xmm12 + aesdec xmm3, xmm12 + aesdec xmm4, xmm12 + aesdec xmm5, xmm12 + aesdec xmm6, xmm12 + aesdec xmm7, xmm12 + aesdec xmm8, xmm12 + aesdec xmm1, xmm13 + aesdec xmm2, xmm13 + aesdec xmm3, xmm13 + aesdec xmm4, xmm13 + aesdec xmm5, xmm13 + aesdec xmm6, xmm13 + aesdec xmm7, xmm13 + aesdec xmm8, xmm13 + movdqa xmm10, 128[r8] + movdqa xmm11, 144[r8] + movdqa xmm12, 160[r8] + cmp r9d, 12 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm7, xmm10 + aesdec xmm8, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + aesdec xmm7, xmm11 + aesdec xmm8, xmm11 + jb DLAST_8 + movdqa xmm10, 160[r8] + movdqa xmm11, 176[r8] + movdqa xmm12, 192[r8] + cmp r9d, 14 + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm7, xmm10 + aesdec xmm8, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + aesdec xmm7, xmm11 + aesdec xmm8, xmm11 + jb DLAST_8 + movdqa xmm10, 192[r8] + movdqa xmm11, 208[r8] + movdqa xmm12, 224[r8] + aesdec xmm1, xmm10 + aesdec xmm2, xmm10 + aesdec xmm3, xmm10 + aesdec xmm4, xmm10 + aesdec xmm5, xmm10 + aesdec xmm6, xmm10 + aesdec xmm7, xmm10 + aesdec xmm8, xmm10 + aesdec xmm1, xmm11 + aesdec xmm2, xmm11 + aesdec xmm3, xmm11 + aesdec xmm4, xmm11 + aesdec xmm5, xmm11 + aesdec xmm6, xmm11 + aesdec xmm7, xmm11 + aesdec xmm8, xmm11 +DLAST_8: + add rsi, 128 + aesdeclast xmm1, xmm12 + aesdeclast xmm2, xmm12 + aesdeclast xmm3, xmm12 + aesdeclast xmm4, xmm12 + aesdeclast xmm5, xmm12 + aesdeclast xmm6, xmm12 + aesdeclast xmm7, xmm12 + aesdeclast xmm8, xmm12 + movdqu xmm10, [rdi] + movdqu xmm11, 16[rdi] + movdqu xmm12, 32[rdi] + movdqu xmm13, 48[rdi] + pxor xmm1, xmm9 + pxor xmm2, xmm10 + pxor xmm3, xmm11 + pxor xmm4, xmm12 + pxor xmm5, xmm13 + movdqu xmm10, 64[rdi] + movdqu xmm11, 80[rdi] + movdqu xmm12, 96[rdi] + movdqu xmm9, 112[rdi] + pxor xmm6, xmm10 + pxor xmm7, xmm11 + pxor xmm8, xmm12 + movdqu [rsi], xmm1 + movdqu 16[rsi], xmm2 + movdqu 32[rsi], xmm3 + movdqu 48[rsi], xmm4 + movdqu 64[rsi], xmm5 + movdqu 80[rsi], xmm6 + movdqu 96[rsi], xmm7 + movdqu 112[rsi], xmm8 + add rdi, 128 + dec rcx + jne DLOOP_8 + add rsi, 128 +DREMAINDER_8: + cmp r10, 0 + je DEND_8 +DLOOP_8_2: + movdqu xmm1, [rdi] + movdqa xmm10, xmm1 + add rdi, 16 + pxor xmm1, [r8] + movdqu xmm2, 160[r8] + cmp r9d, 12 + aesdec xmm1, 16[r8] + aesdec xmm1, 32[r8] + aesdec xmm1, 48[r8] + aesdec xmm1, 64[r8] + aesdec xmm1, 80[r8] + aesdec xmm1, 96[r8] + aesdec xmm1, 112[r8] + aesdec xmm1, 128[r8] + aesdec xmm1, 144[r8] + jb DLAST_8_2 + movdqu xmm2, 192[r8] + cmp r9d, 14 + aesdec xmm1, 160[r8] + aesdec xmm1, 176[r8] + jb DLAST_8_2 + movdqu xmm2, 224[r8] + aesdec xmm1, 192[r8] + aesdec xmm1, 208[r8] +DLAST_8_2: + aesdeclast xmm1, xmm2 + pxor xmm1, xmm9 + movdqa xmm9, xmm10 + movdqu [rsi], xmm1 + add rsi, 16 + dec r10 + jne DLOOP_8_2 +DEND_8: + ; restore non volatile rdi,rsi + mov rdi, rax + mov rsi, r11 + ; restore non volatile xmms from stack + movdqa xmm6, [rsp+0] + movdqa xmm7, [rsp+16] + movdqa xmm8, [rsp+32] + movdqa xmm9, [rsp+48] + movdqa xmm10, [rsp+64] + movdqa xmm11, [rsp+80] + movdqa xmm12, [rsp+96] + movdqa xmm13, [rsp+112] + add rsp, 8+8*16 ; 8 = align stack , 8 xmm6-13 16 bytes each + ret +AES_CBC_decrypt_by8 ENDP + ; /* ; AES_ECB_encrypt[const ,unsigned char*in diff --git a/wolfcrypt/src/aes_asm.s b/wolfcrypt/src/aes_asm.s index 46f7e29e6..ac67a09ee 100644 --- a/wolfcrypt/src/aes_asm.s +++ b/wolfcrypt/src/aes_asm.s @@ -1,8 +1,8 @@ /* aes_asm.s * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* This file is in at&t asm syntax, see .asm for intel syntax */ /* See Intel® Advanced Encryption Standard (AES) Instructions Set White Paper @@ -85,18 +86,18 @@ jne LOOP ret - +#if defined(WOLFSSL_AESNI_BY4) /* -AES_CBC_decrypt (const unsigned char *in, +AES_CBC_decrypt_by4 (const unsigned char *in, unsigned char *out, unsigned char ivec[16], unsigned long length, const unsigned char *KS, int nr) */ -.globl AES_CBC_decrypt -AES_CBC_decrypt: +.globl AES_CBC_decrypt_by4 +AES_CBC_decrypt_by4: # parameter 1: %rdi # parameter 2: %rsi # parameter 3: %rdx @@ -104,165 +105,638 @@ AES_CBC_decrypt: # parameter 5: %r8 # parameter 6: %r9d -movq %rcx, %r10 -shrq $4, %rcx -shlq $60, %r10 -je DNO_PARTS_4 -addq $1, %rcx + movq %rcx, %r10 + shrq $4, %rcx + shlq $60, %r10 + je DNO_PARTS_4 + addq $1, %rcx DNO_PARTS_4: -movq %rcx, %r10 -shlq $62, %r10 -shrq $62, %r10 -shrq $2, %rcx -movdqu (%rdx),%xmm5 -je DREMAINDER_4 -subq $64, %rsi + movq %rcx, %r10 + shlq $62, %r10 + shrq $62, %r10 + shrq $2, %rcx + movdqu (%rdx),%xmm5 + je DREMAINDER_4 + subq $64, %rsi DLOOP_4: -movdqu (%rdi), %xmm1 -movdqu 16(%rdi), %xmm2 -movdqu 32(%rdi), %xmm3 -movdqu 48(%rdi), %xmm4 -movdqa %xmm1, %xmm6 -movdqa %xmm2, %xmm7 -movdqa %xmm3, %xmm8 -movdqa %xmm4, %xmm15 -movdqa (%r8), %xmm9 -movdqa 16(%r8), %xmm10 -movdqa 32(%r8), %xmm11 -movdqa 48(%r8), %xmm12 -pxor %xmm9, %xmm1 -pxor %xmm9, %xmm2 -pxor %xmm9, %xmm3 - -pxor %xmm9, %xmm4 -aesdec %xmm10, %xmm1 -aesdec %xmm10, %xmm2 -aesdec %xmm10, %xmm3 -aesdec %xmm10, %xmm4 -aesdec %xmm11, %xmm1 -aesdec %xmm11, %xmm2 -aesdec %xmm11, %xmm3 -aesdec %xmm11, %xmm4 -aesdec %xmm12, %xmm1 -aesdec %xmm12, %xmm2 -aesdec %xmm12, %xmm3 -aesdec %xmm12, %xmm4 -movdqa 64(%r8), %xmm9 -movdqa 80(%r8), %xmm10 -movdqa 96(%r8), %xmm11 -movdqa 112(%r8), %xmm12 -aesdec %xmm9, %xmm1 -aesdec %xmm9, %xmm2 -aesdec %xmm9, %xmm3 -aesdec %xmm9, %xmm4 -aesdec %xmm10, %xmm1 -aesdec %xmm10, %xmm2 -aesdec %xmm10, %xmm3 -aesdec %xmm10, %xmm4 -aesdec %xmm11, %xmm1 -aesdec %xmm11, %xmm2 -aesdec %xmm11, %xmm3 -aesdec %xmm11, %xmm4 -aesdec %xmm12, %xmm1 -aesdec %xmm12, %xmm2 -aesdec %xmm12, %xmm3 -aesdec %xmm12, %xmm4 -movdqa 128(%r8), %xmm9 -movdqa 144(%r8), %xmm10 -movdqa 160(%r8), %xmm11 -cmpl $12, %r9d -aesdec %xmm9, %xmm1 -aesdec %xmm9, %xmm2 -aesdec %xmm9, %xmm3 -aesdec %xmm9, %xmm4 -aesdec %xmm10, %xmm1 -aesdec %xmm10, %xmm2 -aesdec %xmm10, %xmm3 -aesdec %xmm10, %xmm4 -jb DLAST_4 -movdqa 160(%r8), %xmm9 -movdqa 176(%r8), %xmm10 -movdqa 192(%r8), %xmm11 -cmpl $14, %r9d -aesdec %xmm9, %xmm1 -aesdec %xmm9, %xmm2 -aesdec %xmm9, %xmm3 -aesdec %xmm9, %xmm4 -aesdec %xmm10, %xmm1 -aesdec %xmm10, %xmm2 -aesdec %xmm10, %xmm3 -aesdec %xmm10, %xmm4 -jb DLAST_4 - -movdqa 192(%r8), %xmm9 -movdqa 208(%r8), %xmm10 -movdqa 224(%r8), %xmm11 -aesdec %xmm9, %xmm1 -aesdec %xmm9, %xmm2 -aesdec %xmm9, %xmm3 -aesdec %xmm9, %xmm4 -aesdec %xmm10, %xmm1 -aesdec %xmm10, %xmm2 -aesdec %xmm10, %xmm3 -aesdec %xmm10, %xmm4 + movdqu (%rdi), %xmm1 + movdqu 16(%rdi), %xmm2 + movdqu 32(%rdi), %xmm3 + movdqu 48(%rdi), %xmm4 + movdqa %xmm1, %xmm6 + movdqa %xmm2, %xmm7 + movdqa %xmm3, %xmm8 + movdqa %xmm4, %xmm15 + movdqa (%r8), %xmm9 + movdqa 16(%r8), %xmm10 + movdqa 32(%r8), %xmm11 + movdqa 48(%r8), %xmm12 + pxor %xmm9, %xmm1 + pxor %xmm9, %xmm2 + pxor %xmm9, %xmm3 + pxor %xmm9, %xmm4 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm12, %xmm1 + aesdec %xmm12, %xmm2 + aesdec %xmm12, %xmm3 + aesdec %xmm12, %xmm4 + movdqa 64(%r8), %xmm9 + movdqa 80(%r8), %xmm10 + movdqa 96(%r8), %xmm11 + movdqa 112(%r8), %xmm12 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm12, %xmm1 + aesdec %xmm12, %xmm2 + aesdec %xmm12, %xmm3 + aesdec %xmm12, %xmm4 + movdqa 128(%r8), %xmm9 + movdqa 144(%r8), %xmm10 + movdqa 160(%r8), %xmm11 + cmpl $12, %r9d + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + jb DLAST_4 + movdqa 160(%r8), %xmm9 + movdqa 176(%r8), %xmm10 + movdqa 192(%r8), %xmm11 + cmpl $14, %r9d + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + jb DLAST_4 + movdqa 192(%r8), %xmm9 + movdqa 208(%r8), %xmm10 + movdqa 224(%r8), %xmm11 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 DLAST_4: -addq $64, %rdi -addq $64, %rsi -decq %rcx -aesdeclast %xmm11, %xmm1 -aesdeclast %xmm11, %xmm2 -aesdeclast %xmm11, %xmm3 -aesdeclast %xmm11, %xmm4 -pxor %xmm5 ,%xmm1 -pxor %xmm6 ,%xmm2 -pxor %xmm7 ,%xmm3 -pxor %xmm8 ,%xmm4 -movdqu %xmm1, (%rsi) -movdqu %xmm2, 16(%rsi) -movdqu %xmm3, 32(%rsi) -movdqu %xmm4, 48(%rsi) -movdqa %xmm15,%xmm5 -jne DLOOP_4 -addq $64, %rsi + addq $64, %rdi + addq $64, %rsi + decq %rcx + aesdeclast %xmm11, %xmm1 + aesdeclast %xmm11, %xmm2 + aesdeclast %xmm11, %xmm3 + aesdeclast %xmm11, %xmm4 + pxor %xmm5, %xmm1 + pxor %xmm6, %xmm2 + pxor %xmm7, %xmm3 + pxor %xmm8, %xmm4 + movdqu %xmm1, (%rsi) + movdqu %xmm2, 16(%rsi) + movdqu %xmm3, 32(%rsi) + movdqu %xmm4, 48(%rsi) + movdqa %xmm15,%xmm5 + jne DLOOP_4 + addq $64, %rsi DREMAINDER_4: -cmpq $0, %r10 -je DEND_4 + cmpq $0, %r10 + je DEND_4 DLOOP_4_2: -movdqu (%rdi), %xmm1 -movdqa %xmm1 ,%xmm15 -addq $16, %rdi -pxor (%r8), %xmm1 -movdqu 160(%r8), %xmm2 -cmpl $12, %r9d -aesdec 16(%r8), %xmm1 -aesdec 32(%r8), %xmm1 -aesdec 48(%r8), %xmm1 -aesdec 64(%r8), %xmm1 -aesdec 80(%r8), %xmm1 -aesdec 96(%r8), %xmm1 -aesdec 112(%r8), %xmm1 -aesdec 128(%r8), %xmm1 -aesdec 144(%r8), %xmm1 -jb DLAST_4_2 -movdqu 192(%r8), %xmm2 -cmpl $14, %r9d -aesdec 160(%r8), %xmm1 -aesdec 176(%r8), %xmm1 -jb DLAST_4_2 -movdqu 224(%r8), %xmm2 -aesdec 192(%r8), %xmm1 -aesdec 208(%r8), %xmm1 + movdqu (%rdi), %xmm1 + movdqa %xmm1, %xmm15 + addq $16, %rdi + pxor (%r8), %xmm1 + movdqu 160(%r8), %xmm2 + cmpl $12, %r9d + aesdec 16(%r8), %xmm1 + aesdec 32(%r8), %xmm1 + aesdec 48(%r8), %xmm1 + aesdec 64(%r8), %xmm1 + aesdec 80(%r8), %xmm1 + aesdec 96(%r8), %xmm1 + aesdec 112(%r8), %xmm1 + aesdec 128(%r8), %xmm1 + aesdec 144(%r8), %xmm1 + jb DLAST_4_2 + movdqu 192(%r8), %xmm2 + cmpl $14, %r9d + aesdec 160(%r8), %xmm1 + aesdec 176(%r8), %xmm1 + jb DLAST_4_2 + movdqu 224(%r8), %xmm2 + aesdec 192(%r8), %xmm1 + aesdec 208(%r8), %xmm1 DLAST_4_2: -aesdeclast %xmm2, %xmm1 -pxor %xmm5, %xmm1 -movdqa %xmm15, %xmm5 -movdqu %xmm1, (%rsi) - -addq $16, %rsi -decq %r10 -jne DLOOP_4_2 + aesdeclast %xmm2, %xmm1 + pxor %xmm5, %xmm1 + movdqa %xmm15, %xmm5 + movdqu %xmm1, (%rsi) + addq $16, %rsi + decq %r10 + jne DLOOP_4_2 DEND_4: -ret + ret + +#elif defined(WOLFSSL_AESNI_BY6) + +/* +AES_CBC_decrypt_by6 (const unsigned char *in, + unsigned char *out, + unsigned char ivec[16], + unsigned long length, + const unsigned char *KS, + int nr) +*/ +.globl AES_CBC_decrypt_by6 +AES_CBC_decrypt_by6: +# parameter 1: %rdi - in +# parameter 2: %rsi - out +# parameter 3: %rdx - ivec +# parameter 4: %rcx - length +# parameter 5: %r8 - KS +# parameter 6: %r9d - nr + + movq %rcx, %r10 + shrq $4, %rcx + shlq $60, %r10 + je DNO_PARTS_6 + addq $1, %rcx +DNO_PARTS_6: + movq %rax, %r12 + movq %rdx, %r13 + movq %rbx, %r14 + movq $0, %rdx + movq %rcx, %rax + movq $6, %rbx + div %rbx + movq %rax, %rcx + movq %rdx, %r10 + movq %r12, %rax + movq %r13, %rdx + movq %r14, %rbx + cmpq $0, %rcx + movdqu (%rdx), %xmm7 + je DREMAINDER_6 + subq $96, %rsi +DLOOP_6: + movdqu (%rdi), %xmm1 + movdqu 16(%rdi), %xmm2 + movdqu 32(%rdi), %xmm3 + movdqu 48(%rdi), %xmm4 + movdqu 64(%rdi), %xmm5 + movdqu 80(%rdi), %xmm6 + movdqa (%r8), %xmm8 + movdqa 16(%r8), %xmm9 + movdqa 32(%r8), %xmm10 + movdqa 48(%r8), %xmm11 + pxor %xmm8, %xmm1 + pxor %xmm8, %xmm2 + pxor %xmm8, %xmm3 + pxor %xmm8, %xmm4 + pxor %xmm8, %xmm5 + pxor %xmm8, %xmm6 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm9, %xmm5 + aesdec %xmm9, %xmm6 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + movdqa 64(%r8), %xmm8 + movdqa 80(%r8), %xmm9 + movdqa 96(%r8), %xmm10 + movdqa 112(%r8), %xmm11 + aesdec %xmm8, %xmm1 + aesdec %xmm8, %xmm2 + aesdec %xmm8, %xmm3 + aesdec %xmm8, %xmm4 + aesdec %xmm8, %xmm5 + aesdec %xmm8, %xmm6 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm9, %xmm5 + aesdec %xmm9, %xmm6 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + movdqa 128(%r8), %xmm8 + movdqa 144(%r8), %xmm9 + movdqa 160(%r8), %xmm10 + cmpl $12, %r9d + aesdec %xmm8, %xmm1 + aesdec %xmm8, %xmm2 + aesdec %xmm8, %xmm3 + aesdec %xmm8, %xmm4 + aesdec %xmm8, %xmm5 + aesdec %xmm8, %xmm6 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm9, %xmm5 + aesdec %xmm9, %xmm6 + jb DLAST_6 + movdqa 160(%r8), %xmm8 + movdqa 176(%r8), %xmm9 + movdqa 192(%r8), %xmm10 + cmpl $14, %r9d + aesdec %xmm8, %xmm1 + aesdec %xmm8, %xmm2 + aesdec %xmm8, %xmm3 + aesdec %xmm8, %xmm4 + aesdec %xmm8, %xmm5 + aesdec %xmm8, %xmm6 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm9, %xmm5 + aesdec %xmm9, %xmm6 + jb DLAST_6 + movdqa 192(%r8), %xmm8 + movdqa 208(%r8), %xmm9 + movdqa 224(%r8), %xmm10 + aesdec %xmm8, %xmm1 + aesdec %xmm8, %xmm2 + aesdec %xmm8, %xmm3 + aesdec %xmm8, %xmm4 + aesdec %xmm8, %xmm5 + aesdec %xmm8, %xmm6 + aesdec %xmm9, %xmm1 + aesdec %xmm9, %xmm2 + aesdec %xmm9, %xmm3 + aesdec %xmm9, %xmm4 + aesdec %xmm9, %xmm5 + aesdec %xmm9, %xmm6 +DLAST_6: + addq $96, %rsi + aesdeclast %xmm10, %xmm1 + aesdeclast %xmm10, %xmm2 + aesdeclast %xmm10, %xmm3 + aesdeclast %xmm10, %xmm4 + aesdeclast %xmm10, %xmm5 + aesdeclast %xmm10, %xmm6 + movdqu (%rdi), %xmm8 + movdqu 16(%rdi), %xmm9 + movdqu 32(%rdi), %xmm10 + movdqu 48(%rdi), %xmm11 + movdqu 64(%rdi), %xmm12 + movdqu 80(%rdi), %xmm13 + pxor %xmm7, %xmm1 + pxor %xmm8, %xmm2 + pxor %xmm9, %xmm3 + pxor %xmm10, %xmm4 + pxor %xmm11, %xmm5 + pxor %xmm12, %xmm6 + movdqu %xmm13, %xmm7 + movdqu %xmm1, (%rsi) + movdqu %xmm2, 16(%rsi) + movdqu %xmm3, 32(%rsi) + movdqu %xmm4, 48(%rsi) + movdqu %xmm5, 64(%rsi) + movdqu %xmm6, 80(%rsi) + addq $96, %rdi + decq %rcx + jne DLOOP_6 + addq $96, %rsi +DREMAINDER_6: + cmpq $0, %r10 + je DEND_6 +DLOOP_6_2: + movdqu (%rdi), %xmm1 + movdqa %xmm1, %xmm10 + addq $16, %rdi + pxor (%r8), %xmm1 + movdqu 160(%r8), %xmm2 + cmpl $12, %r9d + aesdec 16(%r8), %xmm1 + aesdec 32(%r8), %xmm1 + aesdec 48(%r8), %xmm1 + aesdec 64(%r8), %xmm1 + aesdec 80(%r8), %xmm1 + aesdec 96(%r8), %xmm1 + aesdec 112(%r8), %xmm1 + aesdec 128(%r8), %xmm1 + aesdec 144(%r8), %xmm1 + jb DLAST_6_2 + movdqu 192(%r8), %xmm2 + cmpl $14, %r9d + aesdec 160(%r8), %xmm1 + aesdec 176(%r8), %xmm1 + jb DLAST_6_2 + movdqu 224(%r8), %xmm2 + aesdec 192(%r8), %xmm1 + aesdec 208(%r8), %xmm1 +DLAST_6_2: + aesdeclast %xmm2, %xmm1 + pxor %xmm7, %xmm1 + movdqa %xmm10, %xmm7 + movdqu %xmm1, (%rsi) + addq $16, %rsi + decq %r10 + jne DLOOP_6_2 +DEND_6: + ret + +#else /* WOLFSSL_AESNI_BYx */ + +/* +AES_CBC_decrypt_by8 (const unsigned char *in, + unsigned char *out, + unsigned char ivec[16], + unsigned long length, + const unsigned char *KS, + int nr) +*/ +.globl AES_CBC_decrypt_by8 +AES_CBC_decrypt_by8: +# parameter 1: %rdi - in +# parameter 2: %rsi - out +# parameter 3: %rdx - ivec +# parameter 4: %rcx - length +# parameter 5: %r8 - KS +# parameter 6: %r9d - nr + + movq %rcx, %r10 + shrq $4, %rcx + shlq $60, %r10 + je DNO_PARTS_8 + addq $1, %rcx +DNO_PARTS_8: + movq %rcx, %r10 + shlq $61, %r10 + shrq $61, %r10 + shrq $3, %rcx + movdqu (%rdx), %xmm9 + je DREMAINDER_8 + subq $128, %rsi +DLOOP_8: + movdqu (%rdi), %xmm1 + movdqu 16(%rdi), %xmm2 + movdqu 32(%rdi), %xmm3 + movdqu 48(%rdi), %xmm4 + movdqu 64(%rdi), %xmm5 + movdqu 80(%rdi), %xmm6 + movdqu 96(%rdi), %xmm7 + movdqu 112(%rdi), %xmm8 + movdqa (%r8), %xmm10 + movdqa 16(%r8), %xmm11 + movdqa 32(%r8), %xmm12 + movdqa 48(%r8), %xmm13 + pxor %xmm10, %xmm1 + pxor %xmm10, %xmm2 + pxor %xmm10, %xmm3 + pxor %xmm10, %xmm4 + pxor %xmm10, %xmm5 + pxor %xmm10, %xmm6 + pxor %xmm10, %xmm7 + pxor %xmm10, %xmm8 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + aesdec %xmm11, %xmm7 + aesdec %xmm11, %xmm8 + aesdec %xmm12, %xmm1 + aesdec %xmm12, %xmm2 + aesdec %xmm12, %xmm3 + aesdec %xmm12, %xmm4 + aesdec %xmm12, %xmm5 + aesdec %xmm12, %xmm6 + aesdec %xmm12, %xmm7 + aesdec %xmm12, %xmm8 + aesdec %xmm13, %xmm1 + aesdec %xmm13, %xmm2 + aesdec %xmm13, %xmm3 + aesdec %xmm13, %xmm4 + aesdec %xmm13, %xmm5 + aesdec %xmm13, %xmm6 + aesdec %xmm13, %xmm7 + aesdec %xmm13, %xmm8 + movdqa 64(%r8), %xmm10 + movdqa 80(%r8), %xmm11 + movdqa 96(%r8), %xmm12 + movdqa 112(%r8), %xmm13 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm10, %xmm7 + aesdec %xmm10, %xmm8 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + aesdec %xmm11, %xmm7 + aesdec %xmm11, %xmm8 + aesdec %xmm12, %xmm1 + aesdec %xmm12, %xmm2 + aesdec %xmm12, %xmm3 + aesdec %xmm12, %xmm4 + aesdec %xmm12, %xmm5 + aesdec %xmm12, %xmm6 + aesdec %xmm12, %xmm7 + aesdec %xmm12, %xmm8 + aesdec %xmm13, %xmm1 + aesdec %xmm13, %xmm2 + aesdec %xmm13, %xmm3 + aesdec %xmm13, %xmm4 + aesdec %xmm13, %xmm5 + aesdec %xmm13, %xmm6 + aesdec %xmm13, %xmm7 + aesdec %xmm13, %xmm8 + movdqa 128(%r8), %xmm10 + movdqa 144(%r8), %xmm11 + movdqa 160(%r8), %xmm12 + cmpl $12, %r9d + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm10, %xmm7 + aesdec %xmm10, %xmm8 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + aesdec %xmm11, %xmm7 + aesdec %xmm11, %xmm8 + jb DLAST_8 + movdqa 160(%r8), %xmm10 + movdqa 176(%r8), %xmm11 + movdqa 192(%r8), %xmm12 + cmpl $14, %r9d + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm10, %xmm7 + aesdec %xmm10, %xmm8 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + aesdec %xmm11, %xmm7 + aesdec %xmm11, %xmm8 + jb DLAST_8 + movdqa 192(%r8), %xmm10 + movdqa 208(%r8), %xmm11 + movdqa 224(%r8), %xmm12 + aesdec %xmm10, %xmm1 + aesdec %xmm10, %xmm2 + aesdec %xmm10, %xmm3 + aesdec %xmm10, %xmm4 + aesdec %xmm10, %xmm5 + aesdec %xmm10, %xmm6 + aesdec %xmm10, %xmm7 + aesdec %xmm10, %xmm8 + aesdec %xmm11, %xmm1 + aesdec %xmm11, %xmm2 + aesdec %xmm11, %xmm3 + aesdec %xmm11, %xmm4 + aesdec %xmm11, %xmm5 + aesdec %xmm11, %xmm6 + aesdec %xmm11, %xmm7 + aesdec %xmm11, %xmm8 +DLAST_8: + addq $128, %rsi + aesdeclast %xmm12, %xmm1 + aesdeclast %xmm12, %xmm2 + aesdeclast %xmm12, %xmm3 + aesdeclast %xmm12, %xmm4 + aesdeclast %xmm12, %xmm5 + aesdeclast %xmm12, %xmm6 + aesdeclast %xmm12, %xmm7 + aesdeclast %xmm12, %xmm8 + movdqu (%rdi), %xmm10 + movdqu 16(%rdi), %xmm11 + movdqu 32(%rdi), %xmm12 + movdqu 48(%rdi), %xmm13 + pxor %xmm9, %xmm1 + pxor %xmm10, %xmm2 + pxor %xmm11, %xmm3 + pxor %xmm12, %xmm4 + pxor %xmm13, %xmm5 + movdqu 64(%rdi), %xmm10 + movdqu 80(%rdi), %xmm11 + movdqu 96(%rdi), %xmm12 + movdqu 112(%rdi), %xmm9 + pxor %xmm10, %xmm6 + pxor %xmm11, %xmm7 + pxor %xmm12, %xmm8 + movdqu %xmm1, (%rsi) + movdqu %xmm2, 16(%rsi) + movdqu %xmm3, 32(%rsi) + movdqu %xmm4, 48(%rsi) + movdqu %xmm5, 64(%rsi) + movdqu %xmm6, 80(%rsi) + movdqu %xmm7, 96(%rsi) + movdqu %xmm8, 112(%rsi) + addq $128, %rdi + decq %rcx + jne DLOOP_8 + addq $128, %rsi +DREMAINDER_8: + cmpq $0, %r10 + je DEND_8 +DLOOP_8_2: + movdqu (%rdi), %xmm1 + movdqa %xmm1, %xmm10 + addq $16, %rdi + pxor (%r8), %xmm1 + movdqu 160(%r8), %xmm2 + cmpl $12, %r9d + aesdec 16(%r8), %xmm1 + aesdec 32(%r8), %xmm1 + aesdec 48(%r8), %xmm1 + aesdec 64(%r8), %xmm1 + aesdec 80(%r8), %xmm1 + aesdec 96(%r8), %xmm1 + aesdec 112(%r8), %xmm1 + aesdec 128(%r8), %xmm1 + aesdec 144(%r8), %xmm1 + jb DLAST_8_2 + movdqu 192(%r8), %xmm2 + cmpl $14, %r9d + aesdec 160(%r8), %xmm1 + aesdec 176(%r8), %xmm1 + jb DLAST_8_2 + movdqu 224(%r8), %xmm2 + aesdec 192(%r8), %xmm1 + aesdec 208(%r8), %xmm1 +DLAST_8_2: + aesdeclast %xmm2, %xmm1 + pxor %xmm9, %xmm1 + movdqa %xmm10, %xmm9 + movdqu %xmm1, (%rsi) + addq $16, %rsi + decq %r10 + jne DLOOP_8_2 +DEND_8: + ret + +#endif /* WOLFSSL_AESNI_BYx */ /* diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c index 17c4a16c3..a30d11117 100644 --- a/wolfcrypt/src/arc4.c +++ b/wolfcrypt/src/arc4.c @@ -1,8 +1,8 @@ /* arc4.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index 9f8458588..8976204c6 100644 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -1,8 +1,8 @@ /* asm.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 567f26820..e64f56f86 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1,8 +1,8 @@ /* asn.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -53,6 +54,7 @@ ASN Options: #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -725,7 +727,7 @@ static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3}; static const byte curve256v1Oid[] = {42, 134, 72, 206, 61, 3, 1, 7}; #endif /* HAVE_ALL_CURVES || HAVE_ECC256 */ #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) - static const byte curve160r1Oid[] = {43, 129, 4, 0, 2}; + static const byte curve160r1Oid[] = {43, 129, 4, 0, 8}; #endif /* HAVE_ALL_CURVES || HAVE_ECC160 */ #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) static const byte curve224r1Oid[] = {43, 129, 4, 0, 33}; @@ -788,7 +790,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) switch (type) { - case hashType: + case oidHashType: switch (id) { case MD2h: oid = hashMd2hOid; @@ -817,7 +819,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case sigType: + case oidSigType: switch (id) { #ifndef NO_DSA case CTC_SHAwDSA: @@ -874,7 +876,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case keyType: + case oidKeyType: switch (id) { #ifndef NO_DSA case DSAk: @@ -906,7 +908,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) break; #ifdef HAVE_ECC - case curveType: + case oidCurveType: switch (id) { #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) case ECC_256R1: @@ -950,7 +952,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) break; #endif /* HAVE_ECC */ - case blkType: + case oidBlkType: switch (id) { case DESb: oid = blkDesCbcOid; @@ -964,7 +966,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) break; #ifdef HAVE_OCSP - case ocspType: + case oidOcspType: switch (id) { case OCSP_BASIC_OID: oid = ocspBasicOid; @@ -978,7 +980,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) break; #endif /* HAVE_OCSP */ - case certExtType: + case oidCertExtType: switch (id) { case BASIC_CA_OID: oid = extBasicCaOid; @@ -1027,7 +1029,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case certAuthInfoType: + case oidCertAuthInfoType: switch (id) { case AIA_OCSP_OID: oid = extAuthInfoOcspOid; @@ -1040,7 +1042,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case certPolicyType: + case oidCertPolicyType: switch (id) { case CP_ANY_OID: oid = extCertPolicyAnyOid; @@ -1049,7 +1051,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case certAltNameType: + case oidCertAltNameType: switch (id) { case HW_NAME_OID: oid = extAltNamesHwNameOid; @@ -1058,7 +1060,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case certKeyUseType: + case oidCertKeyUseType: switch (id) { case EKU_ANY_OID: oid = extExtKeyUsageAnyOid; @@ -1078,7 +1080,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) break; } - case kdfType: + case oidKdfType: switch (id) { case PBKDF2_OID: oid = pbkdf2Oid; @@ -1087,7 +1089,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz) } break; - case ignoreType: + case oidIgnoreType: default: break; } @@ -1138,7 +1140,7 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, const byte* checkOid = NULL; word32 checkOidSz; - if (oidType != ignoreType) { + if (oidType != oidIgnoreType) { checkOid = OidFromId(*oid, oidType, &checkOidSz); if (checkOid != NULL && @@ -1317,7 +1319,7 @@ int ToTraditional(byte* input, word32 sz) if (GetMyVersion(input, &inOutIdx, &version) < 0) return ASN_PARSE_E; - if (GetAlgoId(input, &inOutIdx, &oid, sigType, sz) < 0) + if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0) return ASN_PARSE_E; if (input[inOutIdx] == ASN_OBJECT_ID) { @@ -1594,7 +1596,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) if (GetSequence(input, &inOutIdx, &length, sz) < 0) return ASN_PARSE_E; - if (GetAlgoId(input, &inOutIdx, &oid, sigType, sz) < 0) + if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0) return ASN_PARSE_E; first = input[inOutIdx - 2]; /* PKCS version always 2nd to last byte */ @@ -1608,7 +1610,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) if (GetSequence(input, &inOutIdx, &length, sz) < 0) return ASN_PARSE_E; - if (GetAlgoId(input, &inOutIdx, &oid, kdfType, sz) < 0) + if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0) return ASN_PARSE_E; if (oid != PBKDF2_OID) @@ -1654,7 +1656,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) if (version == PKCS5v2) { /* get encryption algo */ /* JOHN: New type. Need a little more research. */ - if (GetAlgoId(input, &inOutIdx, &oid, blkType, sz) < 0) { + if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2352,7 +2354,7 @@ static int GetKey(DecodedCert* cert) return ASN_PARSE_E; if (GetAlgoId(cert->source, &cert->srcIdx, - &cert->keyOID, keyType, cert->maxIdx) < 0) + &cert->keyOID, oidKeyType, cert->maxIdx) < 0) return ASN_PARSE_E; switch (cert->keyOID) { @@ -2443,7 +2445,7 @@ static int GetKey(DecodedCert* cert) byte b; if (GetObjectId(cert->source, &cert->srcIdx, - &cert->pkCurveOID, curveType, cert->maxIdx) < 0) + &cert->pkCurveOID, oidCurveType, cert->maxIdx) < 0) return ASN_PARSE_E; if (CheckCurve(cert->pkCurveOID) < 0) @@ -2998,6 +3000,35 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b) return DateGreaterThan(b,a); } + +int ExtractDate(const unsigned char* date, unsigned char format, + struct tm* certTime, int* idx) +{ + XMEMSET(certTime, 0, sizeof(struct tm)); + + if (format == ASN_UTC_TIME) { + if (btoi(date[0]) >= 5) + certTime->tm_year = 1900; + else + certTime->tm_year = 2000; + } + else { /* format == GENERALIZED_TIME */ + certTime->tm_year += btoi(date[*idx]) * 1000; *idx = *idx + 1; + certTime->tm_year += btoi(date[*idx]) * 100; *idx = *idx + 1; + } + + /* adjust tm_year, tm_mon */ + GetTime((int*)&certTime->tm_year, date, idx); certTime->tm_year -= 1900; + GetTime((int*)&certTime->tm_mon, date, idx); certTime->tm_mon -= 1; + GetTime((int*)&certTime->tm_mday, date, idx); + GetTime((int*)&certTime->tm_hour, date, idx); + GetTime((int*)&certTime->tm_min, date, idx); + GetTime((int*)&certTime->tm_sec, date, idx); + + return 1; +} + + /* like atoi but only use first byte */ /* Make sure before and after dates are valid */ int ValidateDate(const byte* date, byte format, int dateType) @@ -3019,26 +3050,10 @@ int ValidateDate(const byte* date, byte format, int dateType) #endif ltime = XTIME(0); - XMEMSET(&certTime, 0, sizeof(certTime)); - - if (format == ASN_UTC_TIME) { - if (btoi(date[0]) >= 5) - certTime.tm_year = 1900; - else - certTime.tm_year = 2000; + if (!ExtractDate(date, format, &certTime, &i)) { + WOLFSSL_MSG("Error extracting the date"); + return 0; } - else { /* format == GENERALIZED_TIME */ - certTime.tm_year += btoi(date[i++]) * 1000; - certTime.tm_year += btoi(date[i++]) * 100; - } - - /* adjust tm_year, tm_mon */ - GetTime((int*)&certTime.tm_year, date, &i); certTime.tm_year -= 1900; - GetTime((int*)&certTime.tm_mon, date, &i); certTime.tm_mon -= 1; - GetTime((int*)&certTime.tm_mday, date, &i); - GetTime((int*)&certTime.tm_hour, date, &i); - GetTime((int*)&certTime.tm_min, date, &i); - GetTime((int*)&certTime.tm_sec, date, &i); if ((date[i] == '+') || (date[i] == '-')) { WOLFSSL_MSG("Using time differential, not Zulu") ; @@ -3146,7 +3161,7 @@ int DecodeToKey(DecodedCert* cert, int verify) WOLFSSL_MSG("Got Cert Header"); if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, - sigType, cert->maxIdx)) < 0) + oidSigType, cert->maxIdx)) < 0) return ret; WOLFSSL_MSG("Got Algo ID"); @@ -3370,6 +3385,17 @@ static int SetCurve(ecc_key* key, byte* output) #endif /* HAVE_ECC && WOLFSSL_CERT_GEN */ +static INLINE int IsSigAlgoECDSA(int algoOID) +{ + /* ECDSA sigAlgo must not have ASN1 NULL parameters */ + if (algoOID == CTC_SHAwECDSA || algoOID == CTC_SHA256wECDSA || + algoOID == CTC_SHA384wECDSA || algoOID == CTC_SHA512wECDSA) { + return 1; + } + + return 0; +} + WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) { word32 tagSz, idSz, seqSz, algoSz = 0; @@ -3377,8 +3403,9 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) byte ID_Length[MAX_LENGTH_SZ]; byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ - tagSz = (type == hashType || type == sigType || - (type == keyType && algoOID == RSAk)) ? 2 : 0; + tagSz = (type == oidHashType || + (type == oidSigType && !IsSigAlgoECDSA(algoOID)) || + (type == oidKeyType && algoOID == RSAk)) ? 2 : 0; algoName = OidFromId(algoOID, type, &algoSz); @@ -3414,7 +3441,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, word32 encDigSz, algoSz, seqSz; encDigSz = SetDigest(digest, digSz, digArray); - algoSz = SetAlgoID(hashOID, algoArray, hashType, 0); + algoSz = SetAlgoID(hashOID, algoArray, oidHashType, 0); seqSz = SetSequence(encDigSz + algoSz, seqArray); XMEMCPY(out, seqArray, seqSz); @@ -3586,13 +3613,12 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, break; /* not confirmed */ } #endif - - if (sigSz > MAX_ENCODED_SIG_SZ) { - WOLFSSL_MSG("Verify Signature is too big"); - } - else if (wc_InitRsaKey(pubKey, heap) != 0) { + if (wc_InitRsaKey(pubKey, heap) != 0) { WOLFSSL_MSG("InitRsaKey failed"); } + else if (sigSz > MAX_ENCODED_SIG_SZ) { + WOLFSSL_MSG("Verify Signature is too big"); + } else if (wc_RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) { WOLFSSL_MSG("ASN Key decode error RSA"); } @@ -3987,7 +4013,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) /* Consume the rest of this sequence. */ length -= (strLen + idx - lenStartIdx); - if (GetObjectId(input, &idx, &oid, certAltNameType, sz) < 0) { + if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) { WOLFSSL_MSG("\tbad OID"); return ASN_PARSE_E; } @@ -4238,7 +4264,7 @@ static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; oid = 0; - if (GetObjectId(input, &idx, &oid, certAuthInfoType, sz) < 0) + if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0) return ASN_PARSE_E; /* Only supporting URIs right now. */ @@ -4384,7 +4410,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) #endif while (idx < (word32)sz) { - if (GetObjectId(input, &idx, &oid, certKeyUseType, sz) < 0) + if (GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz) < 0) return ASN_PARSE_E; switch (oid) { @@ -4597,87 +4623,80 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) #endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) + /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert) { word32 idx = 0; - int total_length = 0, length = 0; + int total_length = 0, policy_length = 0, length = 0; WOLFSSL_ENTER("DecodeCertPolicy"); - /* Unwrap certificatePolicies */ if (GetSequence(input, &idx, &total_length, sz) < 0) { - WOLFSSL_MSG("\tdeviceType isn't OID"); + WOLFSSL_MSG("\tGet CertPolicy total seq failed"); return ASN_PARSE_E; } - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tdeviceType isn't OID"); - return ASN_PARSE_E; - } - total_length -= (length+1); - - if (input[idx++] != ASN_OBJECT_ID) { - WOLFSSL_MSG("\tdeviceType isn't OID"); - return ASN_PARSE_E; - } - total_length--; - - if (GetLength(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tCouldn't read length of deviceType"); + /* Validate total length (2 is the CERT_POLICY_OID+SEQ) */ + if ((total_length + 2) != sz) { + WOLFSSL_MSG("\tCertPolicy length mismatch"); return ASN_PARSE_E; } - if (length > 0) { -#if defined(WOLFSSL_SEP) - cert->deviceType = (byte*)XMALLOC(length, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->deviceType == NULL) { - WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); - return MEMORY_E; - } - cert->deviceTypeSz = length; - XMEMCPY(cert->deviceType, input + idx, length); -#elif defined(WOLFSSL_CERT_EXT) - /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[0], MAX_CERTPOL_SZ, - input+idx, length) != 0) { - WOLFSSL_MSG("\tCouldn't read Policy OID 1"); + /* Unwrap certificatePolicies */ + do { + if (GetSequence(input, &idx, &policy_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy seq failed"); return ASN_PARSE_E; } - cert->extCertPoliciesNb++; - /* check if we have a second value */ - if (total_length) { - idx += length; + if (input[idx++] != ASN_OBJECT_ID) { + WOLFSSL_MSG("\tCertPolicy isn't OID"); + return ASN_PARSE_E; + } + policy_length--; - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tdeviceType isn't OID"); + if (GetLength(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy length failed"); + return ASN_PARSE_E; + } + policy_length--; + + if (length > 0) { + /* Verify length won't overrun buffer */ + if (length > (sz - (int)idx)) { + WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); return ASN_PARSE_E; } - if (input[idx++] != ASN_OBJECT_ID) { - WOLFSSL_MSG("\tdeviceType isn't OID"); - return ASN_PARSE_E; + #if defined(WOLFSSL_SEP) + cert->deviceType = (byte*)XMALLOC(length, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->deviceType == NULL) { + WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); + return MEMORY_E; } - - if (GetLength(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tCouldn't read length of deviceType"); - return ASN_PARSE_E; - } - + cert->deviceTypeSz = length; + XMEMCPY(cert->deviceType, input + idx, length); + break; + #elif defined(WOLFSSL_CERT_EXT) /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[1], MAX_CERTPOL_SZ, - input+idx, length) != 0) { - WOLFSSL_MSG("\tCouldn't read Policy OID 2"); + if (DecodePolicyOID(cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) != 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); return ASN_PARSE_E; } cert->extCertPoliciesNb++; + #else + WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); + return 0; + #endif } -#else - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - return 0; -#endif - } + idx += policy_length; + } while((int)idx < total_length + #if defined(WOLFSSL_CERT_EXT) + && cert->extCertPoliciesNb < MAX_CERTPOL_NB + #endif + ); WOLFSSL_LEAVE("DecodeCertPolicy", 0); return 0; @@ -4726,7 +4745,7 @@ static int DecodeCertExtensions(DecodedCert* cert) } oid = 0; - if (GetObjectId(input, &idx, &oid, certExtType, sz) < 0) { + if (GetObjectId(input, &idx, &oid, oidCertExtType, sz) < 0) { WOLFSSL_MSG("\tfail: OBJECT ID"); return ASN_PARSE_E; } @@ -4803,7 +4822,6 @@ static int DecodeCertExtensions(DecodedCert* cert) break; case CERT_POLICY_OID: - WOLFSSL_MSG("Certificate Policy extension not supported yet."); #ifdef WOLFSSL_SEP #ifdef OPENSSL_EXTRA cert->extCertPolicySet = 1; @@ -4811,8 +4829,11 @@ static int DecodeCertExtensions(DecodedCert* cert) #endif #endif #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - if (DecodeCertPolicy(&input[idx], length, cert) < 0) - return ASN_PARSE_E; + if (DecodeCertPolicy(&input[idx], length, cert) < 0) { + return ASN_PARSE_E; + } + #else + WOLFSSL_MSG("Certificate Policy extension not supported yet."); #endif break; @@ -4914,7 +4935,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) #endif -#ifdef WOLFCRYPT_ONLY +#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS) /* dummy functions, not using wolfSSL so don't need actual ones */ Signer* GetCA(void* signers, byte* hash) @@ -4933,7 +4954,7 @@ Signer* GetCAByName(void* signers, byte* hash) } #endif /* NO_SKID */ -#endif /* WOLFCRYPT_ONLY */ +#endif /* WOLFCRYPT_ONLY || NO_CERTS */ #ifndef NO_ASN_TIME int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) @@ -4976,7 +4997,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID, - sigType, cert->maxIdx)) < 0) + oidSigType, cert->maxIdx)) < 0) return ret; if ((ret = GetSignature(cert)) < 0) @@ -5000,7 +5021,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } #endif - if (verify && type != CA_TYPE) { + if (verify && type != CA_TYPE && type != TRUSTED_PEER_TYPE) { Signer* ca = NULL; #ifndef NO_SKID if (cert->extAuthKeyIdSet) @@ -5116,6 +5137,48 @@ void FreeSignerTable(Signer** table, int rows, void* heap) } } +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Free an individual trusted peer cert */ +void FreeTrustedPeer(TrustedPeerCert* tp, void* heap) +{ + if (tp == NULL) { + return; + } + + if (tp->name) { + XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); + } + + if (tp->sig) { + XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); + } + #ifndef IGNORE_NAME_CONSTRAINTS + if (tp->permittedNames) + FreeNameSubtrees(tp->permittedNames, heap); + if (tp->excludedNames) + FreeNameSubtrees(tp->excludedNames, heap); + #endif + XFREE(tp, heap, DYNAMIC_TYPE_CERT); + + (void)heap; +} + +/* Free the whole Trusted Peer linked list */ +void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap) +{ + int i; + + for (i = 0; i < rows; i++) { + TrustedPeerCert* tp = table[i]; + while (tp) { + TrustedPeerCert* next = tp->next; + FreeTrustedPeer(tp, heap); + tp = next; + } + table[i] = NULL; + } +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header) { @@ -5486,7 +5549,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, #else byte algo[MAX_ALGO_SZ]; #endif - algoSz = SetAlgoID(RSAk, algo, keyType, 0); + algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0); lenSz = SetLength(seqSz + nSz + eSz + 1, len); len[lenSz++] = 0; /* trailing 0 */ @@ -5839,14 +5902,13 @@ static int SetSerial(const byte* serial, byte* output) return length + CTC_SERIAL_SIZE; } - -#ifdef HAVE_ECC - +#endif /* defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) */ +#if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) /* Write a public ECC key to output */ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header) { - byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ + byte len[MAX_LENGTH_SZ + TRAILING_ZERO]; int algoSz; int curveSz; int lenSz; @@ -5902,9 +5964,9 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header) return MEMORY_E; } #endif - algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz); + algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, curveSz); - lenSz = SetLength(pubSz + 1, len); + lenSz = SetLength(pubSz + TRAILING_ZERO, len); len[lenSz++] = 0; /* trailing 0 */ /* write, 1 is for ASN_BIT_STRING */ @@ -5940,8 +6002,44 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header) } -#endif /* HAVE_ECC */ +/* returns the size of buffer used, the public ECC key in DER format is stored + in output buffer + with_AlgCurve is a flag for when to include a header that has the Algorithm + and Curve infromation */ +int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, + int with_AlgCurve) +{ + word32 infoSz = 0; + word32 keySz = 0; + int ret; + if (output == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + + if (with_AlgCurve) { + /* buffer space for algorithm/curve */ + infoSz += MAX_SEQ_SZ; + infoSz += 2 * MAX_ALGO_SZ; + + /* buffer space for public key sequence */ + infoSz += MAX_SEQ_SZ; + infoSz += TRAILING_ZERO; + } + + if ((ret = wc_ecc_export_x963(key, NULL, &keySz)) != LENGTH_ONLY_E) { + WOLFSSL_MSG("Error in getting ECC public key size"); + return ret; + } + + if (inLen < keySz + infoSz) { + return BUFFER_E; + } + + return SetEccPublicKey(output, key, with_AlgCurve); +} +#endif /* HAVE_ECC && (WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN) */ +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) static INLINE byte itob(int number) { @@ -6619,6 +6717,14 @@ static int SetName(byte* output, word32 outputSz, CertName* name) continue; } + /* Restrict country code size */ + if (i == 0 && strLen != CTC_COUNTRY_SIZE) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ASN_COUNTRY_SIZE_E; + } + secondSz = SetLength(strLen, secondLen); thisLen += secondSz; if (email) { @@ -6751,8 +6857,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->serialSz = SetSerial(cert->serial, der->serial); /* signature algo */ - der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, sigType, 0); - if (der->sigAlgoSz == 0) + der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); + if (der->sigAlgoSz <= 0) return ALGO_ID_E; /* public key */ @@ -6801,7 +6907,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* date validity copy ? */ if (cert->beforeDateSz && cert->afterDateSz) { der->validitySz = CopyValidity(der->validity, cert); - if (der->validitySz == 0) + if (der->validitySz <= 0) return DATE_E; } #endif @@ -6809,19 +6915,19 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* date validity */ if (der->validitySz == 0) { der->validitySz = SetValidity(der->validity, cert->daysValid); - if (der->validitySz == 0) + if (der->validitySz <= 0) return DATE_E; } /* subject name */ der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject); - if (der->subjectSz == 0) + if (der->subjectSz <= 0) return SUBJECT_E; /* issuer name */ der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ? &cert->subject : &cert->issuer); - if (der->issuerSz == 0) + if (der->issuerSz <= 0) return ISSUER_E; /* set the extensions */ @@ -6830,7 +6936,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* CA */ if (cert->isCA) { der->caSz = SetCa(der->ca, sizeof(der->ca)); - if (der->caSz == 0) + if (der->caSz <= 0) return CA_TRUE_E; der->extensionsSz += der->caSz; @@ -6843,7 +6949,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, if (cert->altNamesSz) { der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), cert->altNames, cert->altNamesSz); - if (der->altNamesSz == 0) + if (der->altNamesSz <= 0) return ALT_NAME_E; der->extensionsSz += der->altNamesSz; @@ -6861,7 +6967,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->skidSz = SetSKID(der->skid, sizeof(der->skid), cert->skid, cert->skidSz); - if (der->skidSz == 0) + if (der->skidSz <= 0) return SKID_E; der->extensionsSz += der->skidSz; @@ -6877,7 +6983,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, cert->akidSz); - if (der->akidSz == 0) + if (der->akidSz <= 0) return AKID_E; der->extensionsSz += der->akidSz; @@ -6889,7 +6995,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, if (cert->keyUsage != 0){ der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), cert->keyUsage); - if (der->keyUsageSz == 0) + if (der->keyUsageSz <= 0) return KEYUSAGE_E; der->extensionsSz += der->keyUsageSz; @@ -6903,7 +7009,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, sizeof(der->certPolicies), cert->certPolicies, cert->certPoliciesNb); - if (der->certPoliciesSz == 0) + if (der->certPoliciesSz <= 0) return CERTPOLICIES_E; der->extensionsSz += der->certPoliciesSz; @@ -6919,7 +7025,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->extensionsSz = SetExtensionsHeader(der->extensions, sizeof(der->extensions), der->extensionsSz); - if (der->extensionsSz == 0) + if (der->extensionsSz <= 0) return EXTENSIONS_E; /* put CA */ @@ -6937,7 +7043,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->altNames, der->altNamesSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } #endif @@ -6948,7 +7054,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->skid, der->skidSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -6957,7 +7063,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->akid, der->akidSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -6966,7 +7072,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->keyUsage, der->keyUsageSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -6975,7 +7081,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->certPolicies, der->certPoliciesSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } #endif /* WOLFSSL_CERT_EXT */ @@ -7020,7 +7126,7 @@ static int WriteCertBody(DerCert* der, byte* buffer) if (der->extensionsSz) { /* extensions */ XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, - sizeof(der->extensions))); + (int)sizeof(der->extensions))); idx += der->extensionsSz; } @@ -7143,7 +7249,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, int idx = bodySz, seqSz; /* algo */ - idx += SetAlgoID(sigAlgoType, buffer + idx, sigType, 0); + idx += SetAlgoID(sigAlgoType, buffer + idx, oidSigType, 0); /* bit string */ buffer[idx++] = ASN_BIT_STRING; /* length */ @@ -7307,7 +7413,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, /* subject name */ der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject); - if (der->subjectSz == 0) + if (der->subjectSz <= 0) return SUBJECT_E; /* public key */ @@ -7336,7 +7442,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, /* CA */ if (cert->isCA) { der->caSz = SetCa(der->ca, sizeof(der->ca)); - if (der->caSz == 0) + if (der->caSz <= 0) return CA_TRUE_E; der->extensionsSz += der->caSz; @@ -7353,7 +7459,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, der->skidSz = SetSKID(der->skid, sizeof(der->skid), cert->skid, cert->skidSz); - if (der->skidSz == 0) + if (der->skidSz <= 0) return SKID_E; der->extensionsSz += der->skidSz; @@ -7365,7 +7471,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, if (cert->keyUsage != 0){ der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), cert->keyUsage); - if (der->keyUsageSz == 0) + if (der->keyUsageSz <= 0) return KEYUSAGE_E; der->extensionsSz += der->keyUsageSz; @@ -7380,7 +7486,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, /* put the start of sequence (ID, Size) */ der->extensionsSz = SetSequence(der->extensionsSz, der->extensions); - if (der->extensionsSz == 0) + if (der->extensionsSz <= 0) return EXTENSIONS_E; /* put CA */ @@ -7388,7 +7494,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->ca, der->caSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -7398,7 +7504,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->skid, der->skidSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -7407,7 +7513,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->akid, der->akidSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -7416,7 +7522,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, ret = SetExtensions(der->extensions, sizeof(der->extensions), &der->extensionsSz, der->keyUsage, der->keyUsageSz); - if (ret == 0) + if (ret <= 0) return EXTENSIONS_E; } @@ -7425,7 +7531,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, der->attribSz = SetReqAttrib(der->attrib, cert->challengePw, der->extensionsSz); - if (der->attribSz == 0) + if (der->attribSz <= 0) return REQ_ATTRIBUTE_E; der->total = der->versionSz + der->subjectSz + der->publicKeySz + @@ -7668,7 +7774,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) if (cert == NULL || file == NULL) return BAD_FUNC_ARG; - der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem"); return MEMORY_E; @@ -7684,14 +7790,14 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) /* Load PubKey in internal structure */ rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); if (rsakey == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); return MEMORY_E; } if (wc_InitRsaKey(rsakey, NULL) != 0) { WOLFSSL_MSG("wc_InitRsaKey failure"); XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); return MEMORY_E; } @@ -7706,7 +7812,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) /* Check to load ecc public key */ eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); if (eckey == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); return MEMORY_E; } @@ -7714,7 +7820,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) WOLFSSL_MSG("wc_ecc_init failure"); wc_ecc_free(eckey); XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); return MEMORY_E; } @@ -7722,17 +7828,17 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) ret = wc_EccPublicKeyDecode(der, &idx, eckey, derSz); if (ret != 0) { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); wc_ecc_free(eckey); return PUBLIC_KEY_E; } #else - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); return PUBLIC_KEY_E; #endif /* HAVE_ECC */ } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey); @@ -7950,7 +8056,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) decoded->srcIdx = startIdx; if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid, - certExtType, decoded->maxIdx) < 0) { + oidCertExtType, decoded->maxIdx) < 0) { ret = ASN_PARSE_E; break; } @@ -8709,7 +8815,7 @@ static int DecodeSingleResponse(byte* source, if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; /* Skip the hash algorithm */ - if (GetAlgoId(source, &idx, &oid, ignoreType, size) < 0) + if (GetAlgoId(source, &idx, &oid, oidIgnoreType, size) < 0) return ASN_PARSE_E; /* Save reference to the hash of CN */ if (source[idx++] != ASN_OCTET_STRING) @@ -8831,7 +8937,7 @@ static int DecodeOcspRespExtensions(byte* source, } oid = 0; - if (GetObjectId(source, &idx, &oid, ocspType, sz) < 0) { + if (GetObjectId(source, &idx, &oid, oidOcspType, sz) < 0) { WOLFSSL_MSG("\tfail: OBJECT ID"); return ASN_PARSE_E; } @@ -8984,7 +9090,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, return ASN_PARSE_E; /* Get the signature algorithm */ - if (GetAlgoId(source, &idx, &resp->sigOID, sigType, size) < 0) + if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) return ASN_PARSE_E; /* Obtain pointer to the start of the signature, and save the size */ @@ -9090,7 +9196,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm) return ASN_PARSE_E; /* Check ObjectID for the resposeBytes */ - if (GetObjectId(source, &idx, &oid, ocspType, size) < 0) + if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) return ASN_PARSE_E; if (oid != OCSP_BASIC_OID) return ASN_PARSE_E; @@ -9176,9 +9282,9 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) WOLFSSL_ENTER("EncodeOcspRequest"); #ifdef NO_SHA - algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0); + algoSz = SetAlgoID(SHA256h, algoArray, oidHashType, 0); #else - algoSz = SetAlgoID(SHAh, algoArray, hashType, 0); + algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0); #endif issuerSz = SetDigest(req->issuerHash, KEYID_SIZE, issuerArray); @@ -9568,7 +9674,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) return ASN_PARSE_E; } - if (GetAlgoId(buff, &idx, &oid, ignoreType, sz) < 0) + if (GetAlgoId(buff, &idx, &oid, oidIgnoreType, sz) < 0) return ASN_PARSE_E; if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0) @@ -9612,7 +9718,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) if (idx != dcrl->sigIndex) idx = dcrl->sigIndex; /* skip extensions */ - if (GetAlgoId(buff, &idx, &dcrl->signatureOID, sigType, sz) < 0) + if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) return ASN_PARSE_E; if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0) diff --git a/wolfcrypt/src/bio.c b/wolfcrypt/src/bio.c index 35e12aab1..aece1cdd1 100644 --- a/wolfcrypt/src/bio.c +++ b/wolfcrypt/src/bio.c @@ -57,11 +57,13 @@ #include #ifdef NO_INLINE - #include +#include #else - #include +#define WOLFSSL_MISC_INCLUDED +#include #endif + #include #include #include diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index d0d6d7739..9b2d05fac 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -12,9 +12,9 @@ */ /* blake2b.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/camellia.c b/wolfcrypt/src/camellia.c index fb8c4cead..95609371d 100644 --- a/wolfcrypt/src/camellia.c +++ b/wolfcrypt/src/camellia.c @@ -27,9 +27,9 @@ /* camellia.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,9 +43,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Algorithm Specification * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html @@ -66,6 +67,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index 26972906b..1402e49cf 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -1,8 +1,8 @@ /* chacha.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * * based from * chacha-ref.c version 20080118 @@ -25,6 +25,7 @@ */ + #ifdef HAVE_CONFIG_H #include #endif @@ -39,6 +40,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -77,12 +79,12 @@ */ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) { - word32 temp[3]; /* used for alignment of memory */ + word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */ #ifdef CHACHA_AEAD_TEST word32 i; printf("NONCE : "); - for (i = 0; i < 12; i++) { + for (i = 0; i < CHACHA_IV_BYTES; i++) { printf("%02x", inIv[i]); } printf("\n\n"); @@ -91,12 +93,12 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) if (ctx == NULL) return BAD_FUNC_ARG; - XMEMCPY(temp, inIv, 12); + XMEMCPY(temp, inIv, CHACHA_IV_BYTES); - ctx->X[12] = counter; /* block counter */ - ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */ - ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */ - ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */ + ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */ + ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed variable from nonce */ + ctx->X[CHACHA_IV_BYTES+2] = LITTLE32(temp[1]); /* counter from nonce */ + ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */ return 0; } @@ -174,12 +176,13 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) /** * Converts word into bytes with rotations having been done. */ -static INLINE void wc_Chacha_wordtobyte(word32 output[16], const word32 input[16]) +static INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS], + const word32 input[CHACHA_CHUNK_WORDS]) { - word32 x[16]; + word32 x[CHACHA_CHUNK_WORDS]; word32 i; - for (i = 0; i < 16; i++) { + for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { x[i] = input[i]; } @@ -194,11 +197,11 @@ static INLINE void wc_Chacha_wordtobyte(word32 output[16], const word32 input[16 QUARTERROUND(3, 4, 9, 14) } - for (i = 0; i < 16; i++) { + for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { x[i] = PLUS(x[i], input[i]); } - for (i = 0; i < 16; i++) { + for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { output[i] = LITTLE32(x[i]); } } @@ -210,7 +213,7 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, word32 bytes) { byte* output; - word32 temp[16]; /* used to make sure aligned */ + word32 temp[CHACHA_CHUNK_WORDS]; /* used to make sure aligned */ word32 i; output = (byte*)temp; @@ -218,19 +221,19 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, if (!bytes) return; for (;;) { wc_Chacha_wordtobyte(temp, ctx->X); - ctx->X[12] = PLUSONE(ctx->X[12]); - if (bytes <= 64) { + ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); + if (bytes <= CHACHA_CHUNK_BYTES) { for (i = 0; i < bytes; ++i) { c[i] = m[i] ^ output[i]; } return; } - for (i = 0; i < 64; ++i) { + for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) { c[i] = m[i] ^ output[i]; } - bytes -= 64; - c += 64; - m += 64; + bytes -= CHACHA_CHUNK_BYTES; + c += CHACHA_CHUNK_BYTES; + m += CHACHA_CHUNK_BYTES; } } diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index 71bacbb88..104bb5737 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -1,8 +1,8 @@ /* chacha.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -37,6 +38,7 @@ #ifdef NO_INLINE #include #else +#define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 909866a2a..f144b1130 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -1,8 +1,8 @@ /* coding.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -364,6 +365,9 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 inIdx = 0; word32 outIdx = 0; + if (in == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; + if (inLen == 1 && *outLen && in) { byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */ @@ -375,7 +379,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (b == BAD) return ASN_INPUT_E; - + out[outIdx++] = b; *outLen = outIdx; @@ -403,7 +407,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (b == BAD || b2 == BAD) return ASN_INPUT_E; - + out[outIdx++] = (byte)((b << 4) | b2); inLen -= 2; } @@ -418,6 +422,9 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 i; byte hb, lb; + if (in == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; + if (*outLen < (2 * inLen + 1)) return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/compat-wolfssl.c b/wolfcrypt/src/compat-wolfssl.c index 5e837d1da..eae28cb95 100644 --- a/wolfcrypt/src/compat-wolfssl.c +++ b/wolfcrypt/src/compat-wolfssl.c @@ -31,9 +31,11 @@ #ifdef NO_INLINE #include #else +#define WOLFSSL_MISC_INCLUDED #include #endif + #include diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c index a01c071dc..2423a0402 100644 --- a/wolfcrypt/src/compress.c +++ b/wolfcrypt/src/compress.c @@ -1,9 +1,9 @@ /* compress.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. * - * This file is part of wolfSSL. (formerly known as CyaSSL) - wc_* * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 56c5f04e0..3e7b0f52a 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -1,8 +1,8 @@ /* curve25519.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */ @@ -35,14 +36,15 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif const curve25519_set_type curve25519_sets[] = { -{ + { 32, "CURVE25519", -} + } }; @@ -79,6 +81,8 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) return ret; } +#ifdef HAVE_CURVE25519_SHARED_SECRET + int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen) @@ -125,6 +129,10 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, return ret; } +#endif /* HAVE_CURVE25519_SHARED_SECRET */ + +#ifdef HAVE_CURVE25519_KEY_EXPORT + /* export curve25519 public key (Big endian) * return 0 on success */ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen) @@ -165,6 +173,10 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, return 0; } +#endif /* HAVE_CURVE25519_KEY_EXPORT */ + +#ifdef HAVE_CURVE25519_KEY_IMPORT + /* import curve25519 public key (Big endian) * return 0 on success */ int wc_curve25519_import_public(const byte* in, word32 inLen, @@ -204,6 +216,10 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen, return 0; } +#endif /* HAVE_CURVE25519_KEY_IMPORT */ + + +#ifdef HAVE_CURVE25519_KEY_EXPORT /* export curve25519 private key only raw (Big endian) * outLen is in/out size @@ -276,6 +292,9 @@ int wc_curve25519_export_key_raw_ex(curve25519_key* key, return wc_curve25519_export_public_ex(key, pub, pubSz, endian); } +#endif /* HAVE_CURVE25519_KEY_EXPORT */ + +#ifdef HAVE_CURVE25519_KEY_IMPORT /* curve25519 private key import (Big endian) * Public key to match private key needs to be imported too @@ -348,6 +367,9 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, return 0; } +#endif /* HAVE_CURVE25519_KEY_IMPORT */ + + int wc_curve25519_init(curve25519_key* key) { if (key == NULL) diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index b59aded36..bac3e90a7 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1,8 +1,8 @@ /* des3.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -126,6 +127,7 @@ void wc_Des3_FreeCavium(Des3* des3) #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -153,6 +155,8 @@ void wc_Des3_FreeCavium(Des3* des3) int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { word32 *dkey = des->key; + + (void)dir; XMEMCPY(dkey, key, 8); ByteReverseWords(dkey, dkey, 8); @@ -167,6 +171,8 @@ void wc_Des3_FreeCavium(Des3* des3) word32 *dkey1 = des->key[0]; word32 *dkey2 = des->key[1]; word32 *dkey3 = des->key[2]; + + (void)dir; XMEMCPY(dkey1, key, 8); /* set key 1 */ XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ @@ -179,7 +185,7 @@ void wc_Des3_FreeCavium(Des3* des3) return wc_Des3_SetIV(des, iv); } - void DesCrypt(Des* des, byte* out, const byte* in, word32 sz, + static void DesCrypt(Des* des, byte* out, const byte* in, word32 sz, int dir, int mode) { word32 *dkey, *iv; @@ -275,7 +281,7 @@ void wc_Des3_FreeCavium(Des3* des3) return 0; } - void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, + static void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, int dir) { word32 *dkey1, *dkey2, *dkey3, *iv; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 05f5fb4d8..b300e5e0d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1,8 +1,8 @@ /* dh.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -55,8 +56,8 @@ void wc_InitDhKey(DhKey* key) (void)key; /* TomsFastMath doesn't use memory allocation */ #ifndef USE_FAST_MATH - key->p.dp = 0; - key->g.dp = 0; + key->p.dp = NULL; + key->g.dp = NULL; #endif } @@ -64,11 +65,8 @@ void wc_InitDhKey(DhKey* key) void wc_FreeDhKey(DhKey* key) { (void)key; -/* TomsFastMath doesn't use memory allocation */ -#ifndef USE_FAST_MATH mp_clear(&key->p); mp_clear(&key->g); -#endif } diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 13d4c9bb9..8eeb4efcf 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -1,8 +1,8 @@ /* dsa.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -346,7 +347,7 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) int ret, sz; byte buffer[DSA_HALF_SIZE]; - sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q)); + sz = min((int)sizeof(buffer), mp_unsigned_bin_size(&key->q)); /* generate k */ ret = wc_RNG_GenerateBlock(rng, buffer, sz); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 3376b9252..5bedd9d00 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1,8 +1,8 @@ /* ecc.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -65,6 +66,7 @@ ECC Curves: #include #include #include +#include #ifdef HAVE_ECC_ENCRYPT #include @@ -74,6 +76,7 @@ ECC Curves: #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -119,7 +122,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC112 { 14, - NID_secp111r1, + NID_secp112r1, "SECP112R1", "DB7C2ABF62E35E668076BEAD208B", "DB7C2ABF62E35E668076BEAD2088", @@ -265,285 +268,6 @@ static mp_digit get_digit(mp_int* a, int n) } -#if defined(USE_FAST_MATH) - -/* fast math accelerated version, but not for fp ecc yet */ - -/** - Add two ECC points - P The point to add - Q The point to add - R [out] The destination of the double - modulus The modulus of the field the ECC curve is in - mp The "b" value from montgomery_setup() - return MP_OKAY on success -*/ -int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, - mp_int* modulus, mp_digit* mp) -{ - fp_int t1, t2, x, y, z; - int err; - - if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL) - return ECC_BAD_ARG_E; - - if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) { - return err; - } - - /* should we dbl instead? */ - fp_sub(modulus, Q->y, &t1); - if ( (fp_cmp(P->x, Q->x) == FP_EQ) && - (get_digit_count(Q->z) && fp_cmp(P->z, Q->z) == FP_EQ) && - (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) { - return ecc_projective_dbl_point(P, R, modulus, mp); - } - - fp_copy(P->x, &x); - fp_copy(P->y, &y); - fp_copy(P->z, &z); - - /* if Z is one then these are no-operations */ - if (get_digit_count(Q->z)) { - /* T1 = Z' * Z' */ - fp_sqr(Q->z, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* X = X * T1 */ - fp_mul(&t1, &x, &x); - fp_montgomery_reduce(&x, modulus, *mp); - /* T1 = Z' * T1 */ - fp_mul(Q->z, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* Y = Y * T1 */ - fp_mul(&t1, &y, &y); - fp_montgomery_reduce(&y, modulus, *mp); - } - - /* T1 = Z*Z */ - fp_sqr(&z, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* T2 = X' * T1 */ - fp_mul(Q->x, &t1, &t2); - fp_montgomery_reduce(&t2, modulus, *mp); - /* T1 = Z * T1 */ - fp_mul(&z, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* T1 = Y' * T1 */ - fp_mul(Q->y, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - - /* Y = Y - T1 */ - fp_sub(&y, &t1, &y); - if (fp_cmp_d(&y, 0) == FP_LT) { - fp_add(&y, modulus, &y); - } - /* T1 = 2T1 */ - fp_add(&t1, &t1, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T1 = Y + T1 */ - fp_add(&t1, &y, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* X = X - T2 */ - fp_sub(&x, &t2, &x); - if (fp_cmp_d(&x, 0) == FP_LT) { - fp_add(&x, modulus, &x); - } - /* T2 = 2T2 */ - fp_add(&t2, &t2, &t2); - if (fp_cmp(&t2, modulus) != FP_LT) { - fp_sub(&t2, modulus, &t2); - } - /* T2 = X + T2 */ - fp_add(&t2, &x, &t2); - if (fp_cmp(&t2, modulus) != FP_LT) { - fp_sub(&t2, modulus, &t2); - } - - /* if Z' != 1 */ - if (get_digit_count(Q->z)) { - /* Z = Z * Z' */ - fp_mul(&z, Q->z, &z); - fp_montgomery_reduce(&z, modulus, *mp); - } - - /* Z = Z * X */ - fp_mul(&z, &x, &z); - fp_montgomery_reduce(&z, modulus, *mp); - - /* T1 = T1 * X */ - fp_mul(&t1, &x, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* X = X * X */ - fp_sqr(&x, &x); - fp_montgomery_reduce(&x, modulus, *mp); - /* T2 = T2 * x */ - fp_mul(&t2, &x, &t2); - fp_montgomery_reduce(&t2, modulus, *mp); - /* T1 = T1 * X */ - fp_mul(&t1, &x, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - - /* X = Y*Y */ - fp_sqr(&y, &x); - fp_montgomery_reduce(&x, modulus, *mp); - /* X = X - T2 */ - fp_sub(&x, &t2, &x); - if (fp_cmp_d(&x, 0) == FP_LT) { - fp_add(&x, modulus, &x); - } - - /* T2 = T2 - X */ - fp_sub(&t2, &x, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T2 = T2 - X */ - fp_sub(&t2, &x, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T2 = T2 * Y */ - fp_mul(&t2, &y, &t2); - fp_montgomery_reduce(&t2, modulus, *mp); - /* Y = T2 - T1 */ - fp_sub(&t2, &t1, &y); - if (fp_cmp_d(&y, 0) == FP_LT) { - fp_add(&y, modulus, &y); - } - /* Y = Y/2 */ - if (fp_isodd(&y)) { - fp_add(&y, modulus, &y); - } - fp_div_2(&y, &y); - - fp_copy(&x, R->x); - fp_copy(&y, R->y); - fp_copy(&z, R->z); - - return MP_OKAY; -} - - -/** - Double an ECC point - P The point to double - R [out] The destination of the double - modulus The modulus of the field the ECC curve is in - mp The "b" value from montgomery_setup() - return MP_OKAY on success -*/ -int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, - mp_digit* mp) -{ - fp_int t1, t2; - int err; - - if (P == NULL || R == NULL || modulus == NULL || mp == NULL) - return ECC_BAD_ARG_E; - - if (P != R) { - fp_copy(P->x, R->x); - fp_copy(P->y, R->y); - fp_copy(P->z, R->z); - } - - if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { - return err; - } - - /* t1 = Z * Z */ - fp_sqr(R->z, &t1); - fp_montgomery_reduce(&t1, modulus, *mp); - /* Z = Y * Z */ - fp_mul(R->z, R->y, R->z); - fp_montgomery_reduce(R->z, modulus, *mp); - /* Z = 2Z */ - fp_add(R->z, R->z, R->z); - if (fp_cmp(R->z, modulus) != FP_LT) { - fp_sub(R->z, modulus, R->z); - } - - /* &t2 = X - T1 */ - fp_sub(R->x, &t1, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T1 = X + T1 */ - fp_add(&t1, R->x, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T2 = T1 * T2 */ - fp_mul(&t1, &t2, &t2); - fp_montgomery_reduce(&t2, modulus, *mp); - /* T1 = 2T2 */ - fp_add(&t2, &t2, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T1 = T1 + T2 */ - fp_add(&t1, &t2, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - - /* Y = 2Y */ - fp_add(R->y, R->y, R->y); - if (fp_cmp(R->y, modulus) != FP_LT) { - fp_sub(R->y, modulus, R->y); - } - /* Y = Y * Y */ - fp_sqr(R->y, R->y); - fp_montgomery_reduce(R->y, modulus, *mp); - /* T2 = Y * Y */ - fp_sqr(R->y, &t2); - fp_montgomery_reduce(&t2, modulus, *mp); - /* T2 = T2/2 */ - if (fp_isodd(&t2)) { - fp_add(&t2, modulus, &t2); - } - fp_div_2(&t2, &t2); - /* Y = Y * X */ - fp_mul(R->y, R->x, R->y); - fp_montgomery_reduce(R->y, modulus, *mp); - - /* X = T1 * T1 */ - fp_sqr(&t1, R->x); - fp_montgomery_reduce(R->x, modulus, *mp); - /* X = X - Y */ - fp_sub(R->x, R->y, R->x); - if (fp_cmp_d(R->x, 0) == FP_LT) { - fp_add(R->x, modulus, R->x); - } - /* X = X - Y */ - fp_sub(R->x, R->y, R->x); - if (fp_cmp_d(R->x, 0) == FP_LT) { - fp_add(R->x, modulus, R->x); - } - - /* Y = Y - X */ - fp_sub(R->y, R->x, R->y); - if (fp_cmp_d(R->y, 0) == FP_LT) { - fp_add(R->y, modulus, R->y); - } - /* Y = Y * T1 */ - fp_mul(R->y, &t1, R->y); - fp_montgomery_reduce(R->y, modulus, *mp); - /* Y = Y - T2 */ - fp_sub(R->y, &t2, R->y); - if (fp_cmp_d(R->y, 0) == FP_LT) { - fp_add(R->y, modulus, R->y); - } - - return MP_OKAY; -} - -#else /* USE_FAST_MATH */ - /** Add two ECC points P The point to add @@ -556,43 +280,63 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, mp_int* modulus, mp_digit* mp) { - mp_int t1; - mp_int t2; - mp_int x; - mp_int y; - mp_int z; + mp_int t1, t2; +#if (defined(USE_FAST_MATH) && defined(ALT_ECC_SIZE)) || !defined(USE_FAST_MATH) + mp_int rx, ry, rz; +#endif + mp_int *x, *y, *z; int err; if (P == NULL || Q == NULL || R == NULL || modulus == NULL || mp == NULL) return ECC_BAD_ARG_E; - if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) { + if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { return err; } /* should we dbl instead? */ - err = mp_sub(modulus, Q->y, &t1); - + if (err == MP_OKAY) + err = mp_sub(modulus, Q->y, &t1); if (err == MP_OKAY) { if ( (mp_cmp(P->x, Q->x) == MP_EQ) && (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) && (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) { mp_clear(&t1); mp_clear(&t2); - mp_clear(&x); - mp_clear(&y); - mp_clear(&z); - return ecc_projective_dbl_point(P, R, modulus, mp); } } + + if (err != MP_OKAY) { + mp_clear(&t1); + mp_clear(&t2); + return err; + } + +#if (defined(USE_FAST_MATH) && defined(ALT_ECC_SIZE)) || !defined(USE_FAST_MATH) + /* Use local stack variable */ + x = ℞ + y = &ry; + z = &rz; + + if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { + mp_clear(&t1); + mp_clear(&t2); + return err; + } +#else + /* Use destination directly */ + x = R->x; + y = R->y; + z = R->z; +#endif if (err == MP_OKAY) - err = mp_copy(P->x, &x); + err = mp_copy(P->x, x); if (err == MP_OKAY) - err = mp_copy(P->y, &y); + err = mp_copy(P->y, y); if (err == MP_OKAY) - err = mp_copy(P->z, &z); + err = mp_copy(P->z, z); /* if Z is one then these are no-operations */ if (err == MP_OKAY) { @@ -604,9 +348,9 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, /* X = X * T1 */ if (err == MP_OKAY) - err = mp_mul(&t1, &x, &x); + err = mp_mul(&t1, x, x); if (err == MP_OKAY) - err = mp_montgomery_reduce(&x, modulus, *mp); + err = mp_montgomery_reduce(x, modulus, *mp); /* T1 = Z' * T1 */ if (err == MP_OKAY) @@ -616,15 +360,15 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, /* Y = Y * T1 */ if (err == MP_OKAY) - err = mp_mul(&t1, &y, &y); + err = mp_mul(&t1, y, y); if (err == MP_OKAY) - err = mp_montgomery_reduce(&y, modulus, *mp); + err = mp_montgomery_reduce(y, modulus, *mp); } } /* T1 = Z*Z */ if (err == MP_OKAY) - err = mp_sqr(&z, &t1); + err = mp_sqr(z, &t1); if (err == MP_OKAY) err = mp_montgomery_reduce(&t1, modulus, *mp); @@ -636,7 +380,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, /* T1 = Z * T1 */ if (err == MP_OKAY) - err = mp_mul(&z, &t1, &t1); + err = mp_mul(z, &t1, &t1); if (err == MP_OKAY) err = mp_montgomery_reduce(&t1, modulus, *mp); @@ -648,10 +392,10 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, /* Y = Y - T1 */ if (err == MP_OKAY) - err = mp_sub(&y, &t1, &y); + err = mp_sub(y, &t1, y); if (err == MP_OKAY) { - if (mp_cmp_d(&y, 0) == MP_LT) - err = mp_add(&y, modulus, &y); + if (mp_cmp_d(y, 0) == MP_LT) + err = mp_add(y, modulus, y); } /* T1 = 2T1 */ if (err == MP_OKAY) @@ -662,17 +406,17 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, } /* T1 = Y + T1 */ if (err == MP_OKAY) - err = mp_add(&t1, &y, &t1); + err = mp_add(&t1, y, &t1); if (err == MP_OKAY) { if (mp_cmp(&t1, modulus) != MP_LT) err = mp_sub(&t1, modulus, &t1); } /* X = X - T2 */ if (err == MP_OKAY) - err = mp_sub(&x, &t2, &x); + err = mp_sub(x, &t2, x); if (err == MP_OKAY) { - if (mp_cmp_d(&x, 0) == MP_LT) - err = mp_add(&x, modulus, &x); + if (mp_cmp_d(x, 0) == MP_LT) + err = mp_add(x, modulus, x); } /* T2 = 2T2 */ if (err == MP_OKAY) @@ -683,7 +427,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, } /* T2 = X + T2 */ if (err == MP_OKAY) - err = mp_add(&t2, &x, &t2); + err = mp_add(&t2, x, &t2); if (err == MP_OKAY) { if (mp_cmp(&t2, modulus) != MP_LT) err = mp_sub(&t2, modulus, &t2); @@ -692,103 +436,108 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, if (err == MP_OKAY) { if (get_digit_count(Q->z)) { /* Z = Z * Z' */ - err = mp_mul(&z, Q->z, &z); + err = mp_mul(z, Q->z, z); if (err == MP_OKAY) - err = mp_montgomery_reduce(&z, modulus, *mp); + err = mp_montgomery_reduce(z, modulus, *mp); } } /* Z = Z * X */ if (err == MP_OKAY) - err = mp_mul(&z, &x, &z); + err = mp_mul(z, x, z); if (err == MP_OKAY) - err = mp_montgomery_reduce(&z, modulus, *mp); + err = mp_montgomery_reduce(z, modulus, *mp); /* T1 = T1 * X */ if (err == MP_OKAY) - err = mp_mul(&t1, &x, &t1); + err = mp_mul(&t1, x, &t1); if (err == MP_OKAY) err = mp_montgomery_reduce(&t1, modulus, *mp); /* X = X * X */ if (err == MP_OKAY) - err = mp_sqr(&x, &x); + err = mp_sqr(x, x); if (err == MP_OKAY) - err = mp_montgomery_reduce(&x, modulus, *mp); + err = mp_montgomery_reduce(x, modulus, *mp); /* T2 = T2 * x */ if (err == MP_OKAY) - err = mp_mul(&t2, &x, &t2); + err = mp_mul(&t2, x, &t2); if (err == MP_OKAY) err = mp_montgomery_reduce(&t2, modulus, *mp); /* T1 = T1 * X */ if (err == MP_OKAY) - err = mp_mul(&t1, &x, &t1); + err = mp_mul(&t1, x, &t1); if (err == MP_OKAY) err = mp_montgomery_reduce(&t1, modulus, *mp); /* X = Y*Y */ if (err == MP_OKAY) - err = mp_sqr(&y, &x); + err = mp_sqr(y, x); if (err == MP_OKAY) - err = mp_montgomery_reduce(&x, modulus, *mp); + err = mp_montgomery_reduce(x, modulus, *mp); /* X = X - T2 */ if (err == MP_OKAY) - err = mp_sub(&x, &t2, &x); + err = mp_sub(x, &t2, x); if (err == MP_OKAY) { - if (mp_cmp_d(&x, 0) == MP_LT) - err = mp_add(&x, modulus, &x); + if (mp_cmp_d(x, 0) == MP_LT) + err = mp_add(x, modulus, x); } /* T2 = T2 - X */ if (err == MP_OKAY) - err = mp_sub(&t2, &x, &t2); + err = mp_sub(&t2, x, &t2); if (err == MP_OKAY) { if (mp_cmp_d(&t2, 0) == MP_LT) err = mp_add(&t2, modulus, &t2); } /* T2 = T2 - X */ if (err == MP_OKAY) - err = mp_sub(&t2, &x, &t2); + err = mp_sub(&t2, x, &t2); if (err == MP_OKAY) { if (mp_cmp_d(&t2, 0) == MP_LT) err = mp_add(&t2, modulus, &t2); } /* T2 = T2 * Y */ if (err == MP_OKAY) - err = mp_mul(&t2, &y, &t2); + err = mp_mul(&t2, y, &t2); if (err == MP_OKAY) err = mp_montgomery_reduce(&t2, modulus, *mp); /* Y = T2 - T1 */ if (err == MP_OKAY) - err = mp_sub(&t2, &t1, &y); + err = mp_sub(&t2, &t1, y); if (err == MP_OKAY) { - if (mp_cmp_d(&y, 0) == MP_LT) - err = mp_add(&y, modulus, &y); + if (mp_cmp_d(y, 0) == MP_LT) + err = mp_add(y, modulus, y); } /* Y = Y/2 */ if (err == MP_OKAY) { - if (mp_isodd(&y)) - err = mp_add(&y, modulus, &y); + if (mp_isodd(y)) + err = mp_add(y, modulus, y); } if (err == MP_OKAY) - err = mp_div_2(&y, &y); + err = mp_div_2(y, y); +#if (defined(USE_FAST_MATH) && defined(ALT_ECC_SIZE)) || !defined(USE_FAST_MATH) if (err == MP_OKAY) - err = mp_copy(&x, R->x); + err = mp_copy(x, R->x); if (err == MP_OKAY) - err = mp_copy(&y, R->y); + err = mp_copy(y, R->y); if (err == MP_OKAY) - err = mp_copy(&z, R->z); + err = mp_copy(z, R->z); + + mp_clear(x); + mp_clear(y); + mp_clear(z); +#endif +#ifndef USE_FAST_MATH /* clean up */ mp_clear(&t1); mp_clear(&t2); - mp_clear(&x); - mp_clear(&y); - mp_clear(&z); +#endif return err; } @@ -805,8 +554,11 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, mp_digit* mp) { - mp_int t1; - mp_int t2; + mp_int t1, t2; +#ifdef ALT_ECC_SIZE + mp_int rx, ry, rz; +#endif + mp_int *x, *y, *z; int err; if (P == NULL || R == NULL || modulus == NULL || mp == NULL) @@ -816,44 +568,61 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, return err; } - if (P != R) { - err = mp_copy(P->x, R->x); - if (err == MP_OKAY) - err = mp_copy(P->y, R->y); - if (err == MP_OKAY) - err = mp_copy(P->z, R->z); +#ifdef ALT_ECC_SIZE + /* Use local stack variable */ + x = ℞ + y = &ry; + z = &rz; + + if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { + mp_clear(&t1); + mp_clear(&t2); + return err; } +#else + /* Use destination directly */ + x = R->x; + y = R->y; + z = R->z; +#endif + + if (err == MP_OKAY) + err = mp_copy(P->x, x); + if (err == MP_OKAY) + err = mp_copy(P->y, y); + if (err == MP_OKAY) + err = mp_copy(P->z, z); /* t1 = Z * Z */ if (err == MP_OKAY) - err = mp_sqr(R->z, &t1); + err = mp_sqr(z, &t1); if (err == MP_OKAY) err = mp_montgomery_reduce(&t1, modulus, *mp); /* Z = Y * Z */ if (err == MP_OKAY) - err = mp_mul(R->z, R->y, R->z); + err = mp_mul(z, y, z); if (err == MP_OKAY) - err = mp_montgomery_reduce(R->z, modulus, *mp); + err = mp_montgomery_reduce(z, modulus, *mp); /* Z = 2Z */ if (err == MP_OKAY) - err = mp_add(R->z, R->z, R->z); + err = mp_add(z, z, z); if (err == MP_OKAY) { - if (mp_cmp(R->z, modulus) != MP_LT) - err = mp_sub(R->z, modulus, R->z); + if (mp_cmp(z, modulus) != MP_LT) + err = mp_sub(z, modulus, z); } /* T2 = X - T1 */ if (err == MP_OKAY) - err = mp_sub(R->x, &t1, &t2); + err = mp_sub(x, &t1, &t2); if (err == MP_OKAY) { if (mp_cmp_d(&t2, 0) == MP_LT) err = mp_add(&t2, modulus, &t2); } /* T1 = X + T1 */ if (err == MP_OKAY) - err = mp_add(&t1, R->x, &t1); + err = mp_add(&t1, x, &t1); if (err == MP_OKAY) { if (mp_cmp(&t1, modulus) != MP_LT) err = mp_sub(&t1, modulus, &t1); @@ -880,20 +649,20 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, } /* Y = 2Y */ if (err == MP_OKAY) - err = mp_add(R->y, R->y, R->y); + err = mp_add(y, y, y); if (err == MP_OKAY) { - if (mp_cmp(R->y, modulus) != MP_LT) - err = mp_sub(R->y, modulus, R->y); + if (mp_cmp(y, modulus) != MP_LT) + err = mp_sub(y, modulus, y); } /* Y = Y * Y */ if (err == MP_OKAY) - err = mp_sqr(R->y, R->y); + err = mp_sqr(y, y); if (err == MP_OKAY) - err = mp_montgomery_reduce(R->y, modulus, *mp); + err = mp_montgomery_reduce(y, modulus, *mp); /* T2 = Y * Y */ if (err == MP_OKAY) - err = mp_sqr(R->y, &t2); + err = mp_sqr(y, &t2); if (err == MP_OKAY) err = mp_montgomery_reduce(&t2, modulus, *mp); @@ -907,59 +676,69 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus, /* Y = Y * X */ if (err == MP_OKAY) - err = mp_mul(R->y, R->x, R->y); + err = mp_mul(y, x, y); if (err == MP_OKAY) - err = mp_montgomery_reduce(R->y, modulus, *mp); + err = mp_montgomery_reduce(y, modulus, *mp); /* X = T1 * T1 */ if (err == MP_OKAY) - err = mp_sqr(&t1, R->x); + err = mp_sqr(&t1, x); if (err == MP_OKAY) - err = mp_montgomery_reduce(R->x, modulus, *mp); + err = mp_montgomery_reduce(x, modulus, *mp); /* X = X - Y */ if (err == MP_OKAY) - err = mp_sub(R->x, R->y, R->x); + err = mp_sub(x, y, x); if (err == MP_OKAY) { - if (mp_cmp_d(R->x, 0) == MP_LT) - err = mp_add(R->x, modulus, R->x); + if (mp_cmp_d(x, 0) == MP_LT) + err = mp_add(x, modulus, x); } /* X = X - Y */ if (err == MP_OKAY) - err = mp_sub(R->x, R->y, R->x); + err = mp_sub(x, y, x); if (err == MP_OKAY) { - if (mp_cmp_d(R->x, 0) == MP_LT) - err = mp_add(R->x, modulus, R->x); + if (mp_cmp_d(x, 0) == MP_LT) + err = mp_add(x, modulus, x); } /* Y = Y - X */ if (err == MP_OKAY) - err = mp_sub(R->y, R->x, R->y); + err = mp_sub(y, x, y); if (err == MP_OKAY) { - if (mp_cmp_d(R->y, 0) == MP_LT) - err = mp_add(R->y, modulus, R->y); + if (mp_cmp_d(y, 0) == MP_LT) + err = mp_add(y, modulus, y); } /* Y = Y * T1 */ if (err == MP_OKAY) - err = mp_mul(R->y, &t1, R->y); + err = mp_mul(y, &t1, y); if (err == MP_OKAY) - err = mp_montgomery_reduce(R->y, modulus, *mp); + err = mp_montgomery_reduce(y, modulus, *mp); /* Y = Y - T2 */ if (err == MP_OKAY) - err = mp_sub(R->y, &t2, R->y); + err = mp_sub(y, &t2, y); if (err == MP_OKAY) { - if (mp_cmp_d(R->y, 0) == MP_LT) - err = mp_add(R->y, modulus, R->y); + if (mp_cmp_d(y, 0) == MP_LT) + err = mp_add(y, modulus, y); } +#ifdef ALT_ECC_SIZE + if (err == MP_OKAY) + err = mp_copy(x, R->x); + if (err == MP_OKAY) + err = mp_copy(y, R->y); + if (err == MP_OKAY) + err = mp_copy(z, R->z); +#endif + +#ifndef USE_FAST_MATH /* clean up */ mp_clear(&t1); mp_clear(&t2); +#endif return err; } -#endif /* USE_FAST_MATH */ /** Map a projective jacbobian point back to affine space @@ -1793,7 +1572,7 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(&key->k); + mp_forcezero(&key->k); } wc_ecc_del_point(base); if (po_init) { @@ -2024,7 +1803,7 @@ void wc_ecc_free(ecc_key* key) mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(&key->k); + mp_forcezero(&key->k); } @@ -2759,7 +2538,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, } #endif /* HAVE_ECC_KEY_EXPORT */ -/* is ec point on curve described by dp ? */ +/* is ecc point on curve described by dp ? */ static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime) { mp_int b, t1, t2; @@ -2885,7 +2664,7 @@ static int ecc_check_privkey_gen_helper(ecc_key* key) err = mp_read_radix(&prime, (char*)key->dp->prime, 16); - if (err == MP_OKAY); + if (err == MP_OKAY) err = ecc_check_privkey_gen(key, &prime); mp_clear(&prime); @@ -3017,7 +2796,8 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key) } } if (ecc_sets[x].size == 0) { - err = ASN_PARSE_E; + WOLFSSL_MSG("ecc_set size not found"); + err = ASN_PARSE_E; } else { /* set the idx */ key->idx = x; @@ -3206,8 +2986,8 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen) /** Import raw ECC key key The destination ecc_key structure - qx x component of base point, as ASCII hex string - qy y component of base point, as ASCII hex string + qx x component of the public key, as ASCII hex string + qy y component of the public key, as ASCII hex string d private key, as ASCII hex string curveName ECC curve name, from ecc_sets[] return MP_OKAY on success @@ -3257,6 +3037,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, } } if (ecc_sets[x].size == 0) { + WOLFSSL_MSG("ecc_set curve name not found"); err = ASN_PARSE_E; } else { /* set the curve */ @@ -4121,7 +3902,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus, #ifdef WOLFSSL_SMALL_STACK unsigned char* kb; #else - unsigned char kb[128]; + unsigned char kb[KB_SIZE]; #endif int x; unsigned y, z, err, bitlen, bitpos, lut_gap, first; @@ -4196,7 +3977,10 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus, else { /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(&tk) - 1; + y = mp_unsigned_bin_size(&tk); + if (y > 0) { + y -= 1; + } mp_clear(&tk); while ((unsigned)x < y) { @@ -4274,7 +4058,7 @@ static int accel_fp_mul2add(int idx1, int idx2, #ifdef WOLFSSL_SMALL_STACK unsigned char* kb[2]; #else - unsigned char kb[2][128]; + unsigned char kb[2][KB_SIZE]; #endif int x; unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB; @@ -4398,7 +4182,10 @@ static int accel_fp_mul2add(int idx1, int idx2, /* let's reverse kb so it's little endian */ x = 0; - y = mp_unsigned_bin_size(&tka) - 1; + y = mp_unsigned_bin_size(&tka); + if (y > 0) { + y -= 1; + } mp_clear(&tka); while ((unsigned)x < y) { z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z; @@ -4420,7 +4207,10 @@ static int accel_fp_mul2add(int idx1, int idx2, } else { x = 0; - y = mp_unsigned_bin_size(&tkb) - 1; + y = mp_unsigned_bin_size(&tkb); + if (y > 0) { + y -= 1; + } mp_clear(&tkb); while ((unsigned)x < y) { z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z; @@ -5278,6 +5068,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret == 0) { switch (ctx->encAlgo) { + #ifdef HAVE_AES_CBC case ecAES_128_CBC: { Aes aes; @@ -5288,7 +5079,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); } break; - + #endif default: ret = BAD_FUNC_ARG; break; diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index ef4510f42..9eb86da23 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1,8 +1,8 @@ /* ed25519.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ #ifdef HAVE_CONFIG_H @@ -36,6 +37,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -79,6 +81,7 @@ int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) } +#ifdef HAVE_ED25519_SIGN /* in contains the message to sign inlen is the length of the message to sign @@ -164,6 +167,9 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, return ret; } +#endif /* HAVE_ED25519_SIGN */ + +#ifdef HAVE_ED25519_VERIFY /* sig is array of bytes containing the signature @@ -238,6 +244,8 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, return ret; } +#endif /* HAVE_ED25519_VERIFY */ + /* initialize information and memory for key */ int wc_ed25519_init(ed25519_key* key) @@ -261,6 +269,8 @@ void wc_ed25519_free(ed25519_key* key) } +#ifdef HAVE_ED25519_KEY_EXPORT + /* outLen should contain the size of out buffer when input. outLen is than set to the final output length. @@ -283,7 +293,10 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) return 0; } +#endif /* HAVE_ED25519_KEY_EXPORT */ + +#ifdef HAVE_ED25519_KEY_IMPORT /* Imports a compressed/uncompressed public key. in the byte array containing the public key @@ -357,6 +370,10 @@ int wc_ed25519_import_private_key(const byte* priv, word32 privSz, return ret; } +#endif /* HAVE_ED25519_KEY_IMPORT */ + + +#ifdef HAVE_ED25519_KEY_EXPORT /* export private key only (secret part so 32 bytes) @@ -424,6 +441,9 @@ int wc_ed25519_export_key(ed25519_key* key, return ret; } +#endif /* HAVE_ED25519_KEY_EXPORT */ + + /* returns the private key size (secret only) in bytes */ int wc_ed25519_size(ed25519_key* key) { diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 356c55cc0..f65076dbd 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -1,8 +1,8 @@ /* error.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -373,6 +374,15 @@ const char* wc_GetErrorString(int error) case HASH_TYPE_E: return "Hash type not enabled/available"; + case WC_PENDING_E: + return "wolfCrypt Operation Pending (would block / eagain) error"; + + case WC_KEY_SIZE_E: + return "Key size error, either too small or large"; + + case ASN_COUNTRY_SIZE_E: + return "Country code size error, either too small or large"; + case BIO_CALLBACK_E: return "BIO callback function failed"; diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index a95c5a56a..0fe6158a0 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -1,8 +1,8 @@ /* fe_low_mem.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based from Daniel Beer's public domain word. */ #ifdef HAVE_CONFIG_H @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index 0908a755c..1a387ce37 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -1,8 +1,8 @@ /* fe_operations.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */ #ifdef HAVE_CONFIG_H @@ -36,6 +37,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/fp_mont_small.i b/wolfcrypt/src/fp_mont_small.i index c4a339b9b..46ac50f2a 100644 --- a/wolfcrypt/src/fp_mont_small.i +++ b/wolfcrypt/src/fp_mont_small.i @@ -1,8 +1,8 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SMALL_MONT_SET /* computes x/R == x (mod N) via Montgomery Reduction */ void fp_montgomery_reduce_small(fp_int *a, fp_int *m, fp_digit mp) diff --git a/wolfcrypt/src/fp_mul_comba_12.i b/wolfcrypt/src/fp_mul_comba_12.i index b25ce5c4a..fe21a5294 100644 --- a/wolfcrypt/src/fp_mul_comba_12.i +++ b/wolfcrypt/src/fp_mul_comba_12.i @@ -1,8 +1,8 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL12 void fp_mul_comba12(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_17.i b/wolfcrypt/src/fp_mul_comba_17.i index fe12f0602..4ea109a5c 100644 --- a/wolfcrypt/src/fp_mul_comba_17.i +++ b/wolfcrypt/src/fp_mul_comba_17.i @@ -1,8 +1,8 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL17 void fp_mul_comba17(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_20.i b/wolfcrypt/src/fp_mul_comba_20.i index cd07e5dfd..11de0ff1f 100644 --- a/wolfcrypt/src/fp_mul_comba_20.i +++ b/wolfcrypt/src/fp_mul_comba_20.i @@ -1,8 +1,8 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL20 void fp_mul_comba20(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_24.i b/wolfcrypt/src/fp_mul_comba_24.i index 2576d27aa..02324c50b 100644 --- a/wolfcrypt/src/fp_mul_comba_24.i +++ b/wolfcrypt/src/fp_mul_comba_24.i @@ -1,8 +1,8 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL24 void fp_mul_comba24(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_28.i b/wolfcrypt/src/fp_mul_comba_28.i index 822dd14c7..fc12bde5f 100644 --- a/wolfcrypt/src/fp_mul_comba_28.i +++ b/wolfcrypt/src/fp_mul_comba_28.i @@ -1,8 +1,8 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL28 void fp_mul_comba28(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_3.i b/wolfcrypt/src/fp_mul_comba_3.i index 440291e38..9d2b0016f 100644 --- a/wolfcrypt/src/fp_mul_comba_3.i +++ b/wolfcrypt/src/fp_mul_comba_3.i @@ -1,8 +1,8 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL3 void fp_mul_comba3(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_32.i b/wolfcrypt/src/fp_mul_comba_32.i index 905028d17..0bd92aaa1 100644 --- a/wolfcrypt/src/fp_mul_comba_32.i +++ b/wolfcrypt/src/fp_mul_comba_32.i @@ -1,8 +1,8 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL32 void fp_mul_comba32(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_4.i b/wolfcrypt/src/fp_mul_comba_4.i index e981eb1f0..07a1e68ff 100644 --- a/wolfcrypt/src/fp_mul_comba_4.i +++ b/wolfcrypt/src/fp_mul_comba_4.i @@ -1,8 +1,8 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL4 void fp_mul_comba4(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_48.i b/wolfcrypt/src/fp_mul_comba_48.i index 79e43b8d0..9a4682ba8 100644 --- a/wolfcrypt/src/fp_mul_comba_48.i +++ b/wolfcrypt/src/fp_mul_comba_48.i @@ -1,8 +1,8 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL48 void fp_mul_comba48(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_6.i b/wolfcrypt/src/fp_mul_comba_6.i index 165c270b7..4daa55903 100644 --- a/wolfcrypt/src/fp_mul_comba_6.i +++ b/wolfcrypt/src/fp_mul_comba_6.i @@ -1,8 +1,8 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL6 void fp_mul_comba6(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_64.i b/wolfcrypt/src/fp_mul_comba_64.i index 76d7c2114..99a9a8159 100644 --- a/wolfcrypt/src/fp_mul_comba_64.i +++ b/wolfcrypt/src/fp_mul_comba_64.i @@ -1,8 +1,8 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL64 void fp_mul_comba64(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_7.i b/wolfcrypt/src/fp_mul_comba_7.i index eed886315..c03e22ee6 100644 --- a/wolfcrypt/src/fp_mul_comba_7.i +++ b/wolfcrypt/src/fp_mul_comba_7.i @@ -1,8 +1,8 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL7 void fp_mul_comba7(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_8.i b/wolfcrypt/src/fp_mul_comba_8.i index fa578a839..829424d7d 100644 --- a/wolfcrypt/src/fp_mul_comba_8.i +++ b/wolfcrypt/src/fp_mul_comba_8.i @@ -1,8 +1,8 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL8 void fp_mul_comba8(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_9.i b/wolfcrypt/src/fp_mul_comba_9.i index 755067f86..d9adf67c4 100644 --- a/wolfcrypt/src/fp_mul_comba_9.i +++ b/wolfcrypt/src/fp_mul_comba_9.i @@ -1,8 +1,8 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_MUL9 void fp_mul_comba9(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_mul_comba_small_set.i b/wolfcrypt/src/fp_mul_comba_small_set.i index deea5932c..8c5cb3225 100644 --- a/wolfcrypt/src/fp_mul_comba_small_set.i +++ b/wolfcrypt/src/fp_mul_comba_small_set.i @@ -1,8 +1,8 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #if defined(TFM_SMALL_SET) void fp_mul_comba_small(fp_int *A, fp_int *B, fp_int *C) { diff --git a/wolfcrypt/src/fp_sqr_comba_12.i b/wolfcrypt/src/fp_sqr_comba_12.i index 078b8986d..a39de8358 100644 --- a/wolfcrypt/src/fp_sqr_comba_12.i +++ b/wolfcrypt/src/fp_sqr_comba_12.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR12 void fp_sqr_comba12(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_17.i b/wolfcrypt/src/fp_sqr_comba_17.i index d5f4674fb..d75bfe034 100644 --- a/wolfcrypt/src/fp_sqr_comba_17.i +++ b/wolfcrypt/src/fp_sqr_comba_17.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR17 void fp_sqr_comba17(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_20.i b/wolfcrypt/src/fp_sqr_comba_20.i index dcd9f318f..05c895a73 100644 --- a/wolfcrypt/src/fp_sqr_comba_20.i +++ b/wolfcrypt/src/fp_sqr_comba_20.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR20 void fp_sqr_comba20(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_24.i b/wolfcrypt/src/fp_sqr_comba_24.i index cf512e3c3..bb512e472 100644 --- a/wolfcrypt/src/fp_sqr_comba_24.i +++ b/wolfcrypt/src/fp_sqr_comba_24.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR24 void fp_sqr_comba24(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_28.i b/wolfcrypt/src/fp_sqr_comba_28.i index 08e9bc4d5..e38104d87 100644 --- a/wolfcrypt/src/fp_sqr_comba_28.i +++ b/wolfcrypt/src/fp_sqr_comba_28.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR28 void fp_sqr_comba28(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_3.i b/wolfcrypt/src/fp_sqr_comba_3.i index b4754093d..dd838ac4a 100644 --- a/wolfcrypt/src/fp_sqr_comba_3.i +++ b/wolfcrypt/src/fp_sqr_comba_3.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR3 void fp_sqr_comba3(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_32.i b/wolfcrypt/src/fp_sqr_comba_32.i index 4a35d7477..205d81c94 100644 --- a/wolfcrypt/src/fp_sqr_comba_32.i +++ b/wolfcrypt/src/fp_sqr_comba_32.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR32 void fp_sqr_comba32(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_4.i b/wolfcrypt/src/fp_sqr_comba_4.i index bb09dc891..9d8956685 100644 --- a/wolfcrypt/src/fp_sqr_comba_4.i +++ b/wolfcrypt/src/fp_sqr_comba_4.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR4 void fp_sqr_comba4(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_48.i b/wolfcrypt/src/fp_sqr_comba_48.i index cbaac02cc..be4fde7cf 100644 --- a/wolfcrypt/src/fp_sqr_comba_48.i +++ b/wolfcrypt/src/fp_sqr_comba_48.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR48 void fp_sqr_comba48(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_6.i b/wolfcrypt/src/fp_sqr_comba_6.i index bb2fd743e..a1cdcd52d 100644 --- a/wolfcrypt/src/fp_sqr_comba_6.i +++ b/wolfcrypt/src/fp_sqr_comba_6.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR6 void fp_sqr_comba6(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_64.i b/wolfcrypt/src/fp_sqr_comba_64.i index b74367a7c..a119ebefc 100644 --- a/wolfcrypt/src/fp_sqr_comba_64.i +++ b/wolfcrypt/src/fp_sqr_comba_64.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR64 void fp_sqr_comba64(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_7.i b/wolfcrypt/src/fp_sqr_comba_7.i index 8ddef1a9b..89686a208 100644 --- a/wolfcrypt/src/fp_sqr_comba_7.i +++ b/wolfcrypt/src/fp_sqr_comba_7.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR7 void fp_sqr_comba7(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_8.i b/wolfcrypt/src/fp_sqr_comba_8.i index f9a72bcf6..f64156503 100644 --- a/wolfcrypt/src/fp_sqr_comba_8.i +++ b/wolfcrypt/src/fp_sqr_comba_8.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR8 void fp_sqr_comba8(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_9.i b/wolfcrypt/src/fp_sqr_comba_9.i index 94a5d2e92..75bb72ba6 100644 --- a/wolfcrypt/src/fp_sqr_comba_9.i +++ b/wolfcrypt/src/fp_sqr_comba_9.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef TFM_SQR9 void fp_sqr_comba9(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/fp_sqr_comba_small_set.i b/wolfcrypt/src/fp_sqr_comba_small_set.i index 9918b2ee8..e9cd60883 100644 --- a/wolfcrypt/src/fp_sqr_comba_small_set.i +++ b/wolfcrypt/src/fp_sqr_comba_small_set.i @@ -1,8 +1,8 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #if defined(TFM_SMALL_SET) void fp_sqr_comba_small(fp_int *A, fp_int *B) { diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c index 65ee07f30..9b6b26206 100644 --- a/wolfcrypt/src/ge_low_mem.c +++ b/wolfcrypt/src/ge_low_mem.c @@ -1,8 +1,8 @@ /* ge_low_mem.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based from Daniel Beer's public domain work. */ #ifdef HAVE_CONFIG_H @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index c17cb7259..40dd4c7b1 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -1,8 +1,8 @@ /* ge_operations.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ @@ -37,6 +38,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 5469580ee..7dd5fd507 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1,8 +1,8 @@ /* hash.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -44,6 +45,7 @@ int wc_HashGetOID(enum wc_HashType hash_type) oid = MD2h; #endif break; + case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_MD5: #ifndef NO_MD5 oid = MD5h; @@ -110,6 +112,11 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 dig_size = SHA512_DIGEST_SIZE; +#endif + break; + case WC_HASH_TYPE_MD5_SHA: +#if !defined(NO_MD5) && !defined(NO_SHA) + dig_size = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE; #endif break; @@ -168,6 +175,14 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_Sha512Hash(data, data_len, hash); +#endif + break; + case WC_HASH_TYPE_MD5_SHA: +#if !defined(NO_MD5) && !defined(NO_SHA) + ret = wc_Md5Hash(data, data_len, hash); + if (ret == 0) { + ret = wc_ShaHash(data, data_len, &hash[MD5_DIGEST_SIZE]); + } #endif break; diff --git a/wolfcrypt/src/hc128.c b/wolfcrypt/src/hc128.c index bcfa148e0..e6344ae10 100644 --- a/wolfcrypt/src/hc128.c +++ b/wolfcrypt/src/hc128.c @@ -1,8 +1,8 @@ /* hc128.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -34,6 +35,7 @@ #include #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 8aa17b54b..b1e696ce2 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1,8 +1,8 @@ /* hmac.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/idea.c b/wolfcrypt/src/idea.c index 99ca42bbc..04f1fb319 100644 --- a/wolfcrypt/src/idea.c +++ b/wolfcrypt/src/idea.c @@ -1,8 +1,8 @@ /* idea.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 299921579..28707ce21 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -43,6 +43,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/ti/ti-des3.c \ wolfcrypt/src/port/ti/ti-hash.c \ wolfcrypt/src/port/ti/ti-ccm.c \ - wolfcrypt/src/port/pic32/pic32mz-hash.c + wolfcrypt/src/port/pic32/pic32mz-hash.c \ + wolfcrypt/src/port/nrf51.c diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index bde65343c..5c12622c7 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -1,8 +1,8 @@ /* integer.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com @@ -33,12 +34,23 @@ /* in case user set USE_FAST_MATH there */ #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + #ifndef NO_BIG_INT #ifndef USE_FAST_MATH #include +#ifdef WOLFSSL_DEBUG_MATH + #include +#endif + #ifndef NO_WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK #define WOLFSSL_SMALL_STACK @@ -152,8 +164,7 @@ int mp_init (mp_int * a) /* clear one (frees) */ -void -mp_clear (mp_int * a) +void mp_clear (mp_int * a) { int i; @@ -177,6 +188,29 @@ mp_clear (mp_int * a) } } +void mp_forcezero(mp_int * a) +{ + if (a == NULL) + return; + + /* only do anything if a hasn't been freed previously */ + if (a->dp != NULL) { + /* force zero the used digits */ + ForceZero(a->dp, a->used * sizeof(mp_digit)); + + /* free ram */ + XFREE(a->dp, 0, DYNAMIC_TYPE_BIGINT); + + /* reset members to make debugging easier */ + a->dp = NULL; + a->alloc = a->used = 0; + a->sign = MP_ZPOS; + } + + a->sign = MP_ZPOS; + a->used = 0; +} + /* get the size for an unsigned equivalent */ int mp_unsigned_bin_size (mp_int * a) @@ -187,8 +221,7 @@ int mp_unsigned_bin_size (mp_int * a) /* returns the number of bits in an int */ -int -mp_count_bits (mp_int * a) +int mp_count_bits (mp_int * a) { int r; mp_digit q; @@ -274,8 +307,7 @@ int mp_init_copy (mp_int * a, mp_int * b) /* copy, b = a */ -int -mp_copy (mp_int * a, mp_int * b) +int mp_copy (mp_int * a, mp_int * b) { int res, n; @@ -422,6 +454,9 @@ void mp_zero (mp_int * a) { int n; mp_digit *tmp; + + if (a == NULL) + return; a->sign = MP_ZPOS; a->used = 0; @@ -440,8 +475,7 @@ void mp_zero (mp_int * a) * Typically very fast. Also fixes the sign if there * are no more leading digits */ -void -mp_clamp (mp_int * a) +void mp_clamp (mp_int * a) { /* decrease used while the most significant digit is * zero. @@ -460,8 +494,7 @@ mp_clamp (mp_int * a) /* swap the elements of two integers, for cases where you can't simply swap the * mp_int pointers around */ -void -mp_exch (mp_int * a, mp_int * b) +void mp_exch (mp_int * a, mp_int * b) { mp_int t; @@ -556,8 +589,7 @@ void mp_rshd (mp_int * a, int b) /* calc a value mod 2**b */ -int -mp_mod_2d (mp_int * a, int b, mp_int * c) +int mp_mod_2d (mp_int * a, int b, mp_int * c) { int x, res; @@ -834,8 +866,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) * * Simple function copies the input and fixes the sign to positive */ -int -mp_abs (mp_int * a, mp_int * b) +int mp_abs (mp_int * a, mp_int * b) { int res; @@ -1220,8 +1251,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b) /* compare two ints (signed)*/ -int -mp_cmp (mp_int * a, mp_int * b) +int mp_cmp (mp_int * a, mp_int * b) { /* compare based on sign */ if (a->sign != b->sign) { @@ -1284,8 +1314,7 @@ int mp_is_bit_set (mp_int *a, mp_digit b) } /* c = a mod b, 0 <= c < b */ -int -mp_mod (mp_int * a, mp_int * b, mp_int * c) +int mp_mod (mp_int * a, mp_int * b, mp_int * c) { mp_int t; int res; @@ -1464,8 +1493,7 @@ int mp_add (mp_int * a, mp_int * b, mp_int * c) /* low level addition, based on HAC pp.594, Algorithm 14.7 */ -int -s_mp_add (mp_int * a, mp_int * b, mp_int * c) +int s_mp_add (mp_int * a, mp_int * b, mp_int * c) { mp_int *x; int olduse, res, min, max; @@ -1553,8 +1581,7 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c) /* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */ -int -s_mp_sub (mp_int * a, mp_int * b, mp_int * c) +int s_mp_sub (mp_int * a, mp_int * b, mp_int * c) { int olduse, res, min, max; @@ -1621,8 +1648,7 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c) /* high level subtraction (handles signs) */ -int -mp_sub (mp_int * a, mp_int * b, mp_int * c) +int mp_sub (mp_int * a, mp_int * b, mp_int * c) { int sa, sb, res; @@ -1801,7 +1827,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, /* init first cell */ if ((err = mp_init(&M[1])) != MP_OKAY) { #ifdef WOLFSSL_SMALL_STACK - XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2064,8 +2090,7 @@ LBL_M: /* setups the montgomery reduction stuff */ -int -mp_montgomery_setup (mp_int * n, mp_digit * rho) +int mp_montgomery_setup (mp_int * n, mp_digit * rho) { mp_digit x, b; @@ -2270,8 +2295,7 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* computes xR**-1 == x (mod N) via Montgomery Reduction */ -int -mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) +int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) { int ix, res, digs; mp_digit mu; @@ -2392,8 +2416,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d) * * Input x must be in the range 0 <= x <= (n-1)**2 */ -int -mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k) +int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k) { int err, i, m; mp_word r; @@ -2520,8 +2543,7 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d) /* set the b bit of a */ -int -mp_set_bit (mp_int * a, int b) +int mp_set_bit (mp_int * a, int b) { int i = b / DIGIT_BIT, res; @@ -2545,8 +2567,7 @@ mp_set_bit (mp_int * a, int b) * * Simple algorithm which zeros the int, set the required bit */ -int -mp_2expt (mp_int * a, int b) +int mp_2expt (mp_int * a, int b) { /* zero a as per default */ mp_zero (a); @@ -2555,8 +2576,7 @@ mp_2expt (mp_int * a, int b) } /* multiply by a digit */ -int -mp_mul_d (mp_int * a, mp_digit b, mp_int * c) +int mp_mul_d (mp_int * a, mp_digit b, mp_int * c) { mp_digit u, *tmpa, *tmpc; mp_word r; @@ -2634,8 +2654,7 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) /* computes b = a*a */ -int -mp_sqr (mp_int * a, mp_int * b) +int mp_sqr (mp_int * a, mp_int * b) { int res; @@ -2756,8 +2775,7 @@ int mp_mul_2(mp_int * a, mp_int * b) /* divide by three (based on routine from MPI and the GMP manual) */ -int -mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) +int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) { mp_int q; mp_word w, t; @@ -3628,8 +3646,7 @@ ERR: /* multiplies |a| * |b| and does not compute the lower digs digits * [meant to get the higher part of the product] */ -int -s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) +int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { mp_int t; int res, pa, pb, ix, iy; @@ -4627,7 +4644,8 @@ int mp_read_radix (mp_int * a, const char *str, int radix) } #endif /* HAVE_ECC */ -#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) /* returns size of ASCII representation */ int mp_radix_size (mp_int *a, int radix, int *size) @@ -4738,7 +4756,36 @@ int mp_toradix (mp_int *a, char *str, int radix) return MP_OKAY; } -#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ +#ifdef WOLFSSL_DEBUG_MATH +void mp_dump(const char* desc, mp_int* a, byte verbose) +{ + char *buffer; + int size = a->alloc; + + buffer = (char*)XMALLOC(size * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buffer == NULL) { + return; + } + + printf("%s: ptr=%p, used=%d, sign=%d, size=%d, mpd=%d\n", + desc, a, a->used, a->sign, size, (int)sizeof(mp_digit)); + + mp_toradix(a, buffer, 16); + printf(" %s\n ", buffer); + + if (verbose) { + int i; + for(i=0; ialloc * (int)sizeof(mp_digit); i++) { + printf("%02x ", *(((byte*)a->dp) + i)); + } + printf("\n"); + } + + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +} +#endif /* WOLFSSL_DEBUG_MATH */ + +#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(WOLFSSL_DEBUG_MATH) */ #endif /* USE_FAST_MATH */ diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 2fe66dc3b..9a4fac5f4 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -1,8 +1,8 @@ /* logging.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -121,6 +122,9 @@ static void wolfssl_log(const int logLevel, const char *const logMessage) fflush(stdout) ; #elif defined(WOLFSSL_LOG_PRINTF) printf("%s\n", logMessage); +#elif defined(WOLFSSL_UTASKER) + fnDebugMsg((char*)logMessage); + fnDebugMsg("\r\n"); #else fprintf(stderr, "%s\n", logMessage); #endif diff --git a/wolfcrypt/src/md2.c b/wolfcrypt/src/md2.c index ce4e424b7..01f8f48aa 100644 --- a/wolfcrypt/src/md2.c +++ b/wolfcrypt/src/md2.c @@ -1,8 +1,8 @@ /* md2.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -34,6 +35,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c index c428610ef..3b3ae9555 100644 --- a/wolfcrypt/src/md4.c +++ b/wolfcrypt/src/md4.c @@ -1,8 +1,8 @@ /* md4.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -31,6 +32,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index 5d1339a8f..dfda77915 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -1,8 +1,8 @@ /* md5.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -44,6 +45,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -62,6 +64,7 @@ * document (See note in README). */ #include "stm32f2xx.h" + #include "stm32f2xx_hash.h" void wc_InitMd5(Md5* md5) { diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index dd9281945..865022923 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1,8 +1,8 @@ /* memory.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -42,6 +43,7 @@ #include #endif + /* Set these to default values initially. */ static wolfSSL_Malloc_cb malloc_function = 0; static wolfSSL_Free_cb free_function = 0; @@ -71,15 +73,24 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, return res; } - +#ifdef WOLFSSL_DEBUG_MEMORY +void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line) +#else void* wolfSSL_Malloc(size_t size) +#endif { void* res = 0; - if (malloc_function) + if (malloc_function) { + #ifdef WOLFSSL_DEBUG_MEMORY + res = malloc_function(size, func, line); + #else res = malloc_function(size); - else + #endif + } + else { res = malloc(size); + } #ifdef WOLFSSL_MALLOC_CHECK if (res == NULL) @@ -89,22 +100,42 @@ void* wolfSSL_Malloc(size_t size) return res; } +#ifdef WOLFSSL_DEBUG_MEMORY +void wolfSSL_Free(void *ptr, const char* func, unsigned int line) +#else void wolfSSL_Free(void *ptr) +#endif { - if (free_function) + if (free_function) { + #ifdef WOLFSSL_DEBUG_MEMORY + free_function(ptr, func, line); + #else free_function(ptr); - else + #endif + } + else { free(ptr); + } } +#ifdef WOLFSSL_DEBUG_MEMORY +void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line) +#else void* wolfSSL_Realloc(void *ptr, size_t size) +#endif { void* res = 0; - if (realloc_function) + if (realloc_function) { + #ifdef WOLFSSL_DEBUG_MEMORY + res = realloc_function(ptr, size, func, line); + #else res = realloc_function(ptr, size); - else + #endif + } + else { res = realloc(ptr, size); + } return res; } diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 8a79a4c29..3b7360665 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -1,8 +1,8 @@ /* misc.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -43,6 +44,10 @@ #define STATIC static #endif +/* Check for if compiling misc.c when not needed. */ +#if !defined(WOLFSSL_MISC_INCLUDED) && !defined(NO_INLINE) + #error misc.c does not need to be compiled when not defined NO_INLINE +#endif #ifdef INTEL_INTRINSICS diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 00c213416..0b78d23e4 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1,8 +1,8 @@ /* pkcs7.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -33,6 +34,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -130,7 +132,7 @@ int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid, word32 maxIdx) { WOLFSSL_ENTER("wc_GetContentType"); - if (GetObjectId(input, inOutIdx, oid, ignoreType, maxIdx) < 0) + if (GetObjectId(input, inOutIdx, oid, oidIgnoreType, maxIdx) < 0) return ASN_PARSE_E; return 0; @@ -396,10 +398,10 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0); signerInfoSz += esd->signerVersionSz; esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId, - hashType, 0); + oidHashType, 0); signerInfoSz += esd->signerDigAlgoIdSz; esd->digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd->digEncAlgoId, - keyType, 0); + oidKeyType, 0); signerInfoSz += esd->digEncAlgoIdSz; if (pkcs7->signedAttribsSz != 0) { @@ -576,7 +578,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) esd->certsSet); esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, - hashType, 0); + oidHashType, 0); esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet); @@ -1033,7 +1035,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, return ALGO_ID_E; } - keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0); + keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, oidKeyType, 0); if (keyEncAlgSz == 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -1319,7 +1321,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */ contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, - blkType, ivOctetStringSz + DES_BLOCK_SIZE); + oidBlkType, ivOctetStringSz + DES_BLOCK_SIZE); if (contentEncAlgoSz == 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1592,7 +1594,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (GetAlgoId(pkiMsg, &idx, &encOID, keyType, pkiMsgSz) < 0) { + if (GetAlgoId(pkiMsg, &idx, &encOID, oidKeyType, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1653,7 +1655,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, return ASN_PARSE_E; } - if (GetAlgoId(pkiMsg, &idx, &encOID, blkType, pkiMsgSz) < 0) { + if (GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 72af2bda6..09f88c707 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -1,8 +1,8 @@ /* poly1305.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - * - * Based off the public domain implementations by Andrew Moon + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + * Based off the public domain implementations by Andrew Moon * and Daniel J. Bernstein */ @@ -35,6 +37,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif #ifdef CHACHA_AEAD_TEST diff --git a/wolfcrypt/src/port/nrf51.c b/wolfcrypt/src/port/nrf51.c new file mode 100644 index 000000000..1d51c268b --- /dev/null +++ b/wolfcrypt/src/port/nrf51.c @@ -0,0 +1,220 @@ +/* nrf51.c + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_NRF51 + +#include "bsp.h" +#include "nrf_delay.h" +#include "app_uart.h" +#include "app_error.h" +#include "nrf_drv_rng.h" +#include "nrf_drv_rtc.h" +#include "nrf_drv_clock.h" +#include "nrf_ecb.h" + +#ifdef SOFTDEVICE_PRESENT + #include "softdevice_handler.h" + #include "nrf_soc.h" +#endif /* SOFTDEVICE_PRESENT */ + +/* RTC */ +#ifndef NO_CRYPT_BENCHMARK +static byte mRtcInitDone = 0; +static int mRtcSec = 0; +const nrf_drv_rtc_t rtc = NRF_DRV_RTC_INSTANCE(0); /**< Declaring an instance of nrf_drv_rtc for RTC0. */ +#endif /* !NO_CRYPT_BENCHMARK */ + +/* AES */ +#if !defined(NO_AES) && !defined(SOFTDEVICE_PRESENT) + static byte mAesInitDone = 0; +#endif + +/** @brief Function for getting vector of random numbers. + * + * @param[out] p_buff Pointer to unit8_t buffer for storing the bytes. + * @param[in] length Number of bytes to take from pool and place in p_buff. + * + * @retval 0 = Success, else error + */ +int nrf51_random_generate(byte* output, word32 size) +{ + int remaining = size, length, pos = 0; + uint8_t available; + uint32_t err_code; + + /* Make sure RNG is running */ + err_code = nrf_drv_rng_init(NULL); + if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { + return -1; + } + + while (remaining > 0) { + err_code = nrf_drv_rng_bytes_available(&available); + if (err_code == NRF_SUCCESS) { + length = (remaining < available) ? remaining : available; + if (length > 0) { + err_code = nrf_drv_rng_rand(&output[pos], length); + remaining -= length; + pos += length; + } + } + + if (err_code != NRF_SUCCESS) { + break; + } + } + + return (err_code == NRF_SUCCESS) ? 0 : -1; +} + +#if !defined(NO_AES) && defined(WOLFSSL_NRF51_AES) + +#ifdef SOFTDEVICE_PRESENT +static const byte* nRF51AesKey = NULL; +#endif +int nrf51_aes_set_key(const byte* key) +{ +#ifdef SOFTDEVICE_PRESENT + nRF51AesKey = key; +#else + if (!mAesInitDone) { + nrf_ecb_init(); + mAesInitDone = 1; + } + nrf_ecb_set_key(key); +#endif + return 0; +} + + +int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out) +{ + int ret; + uint32_t err_code = 0; +#ifdef SOFTDEVICE_PRESENT + nrf_ecb_hal_data_t ecb_hal_data; +#endif + + /* Set key */ + ret = nrf51_aes_set_key(key); + if (ret != 0) { + return ret; + } + +#ifdef SOFTDEVICE_PRESENT + /* Define ECB record */ + XMEMCPY(ecb_hal_data.key, nRF51AesKey, SOC_ECB_KEY_LENGTH); + XMEMCPY(ecb_hal_data.cleartext, in, SOC_ECB_CLEARTEXT_LENGTH); + XMEMSET(ecb_hal_data.ciphertext, 0, SOC_ECB_CIPHERTEXT_LENGTH); + + /* Perform block encrypt */ + err_code = sd_ecb_block_encrypt(&ecb_hal_data); + if (err_code != NRF_SUCCESS) { + return -1; + } + + /* Grab result */ + XMEMCPY(out, ecb_hal_data.ciphertext, SOC_ECB_CIPHERTEXT_LENGTH); +#else + err_code = nrf_ecb_crypt(out, in); + err_code = err_code ? 0 : -1; +#endif + + return err_code; +} + +#endif /* !NO_AES && WOLFSSL_NRF51_AES */ + + +#ifndef NO_CRYPT_BENCHMARK +static void rtc_handler(nrf_drv_rtc_int_type_t int_type) +{ + if (int_type == NRF_DRV_RTC_INT_COMPARE0) + { + mRtcSec++; + nrf_drv_rtc_counter_clear(&rtc); + nrf_drv_rtc_int_enable(&rtc, RTC_CHANNEL_INT_MASK(0)); + +#ifdef BSP_LED_0 + nrf_gpio_pin_toggle(BSP_LED_0); +#endif + } +} + +static void rtc_config(void) +{ + uint32_t err_code; + + // Start the internal LFCLK XTAL oscillator + err_code = nrf_drv_clock_init(NULL); + APP_ERROR_CHECK(err_code); + + nrf_drv_clock_lfclk_request(); + + // Initialize RTC instance + err_code = nrf_drv_rtc_init(&rtc, NULL, rtc_handler); + APP_ERROR_CHECK(err_code); + + // Enable tick event + nrf_drv_rtc_tick_enable(&rtc, false); + + // Set compare channel to trigger interrupt after 1 seconds + err_code = nrf_drv_rtc_cc_set(&rtc, 0, RTC0_CONFIG_FREQUENCY, true); + APP_ERROR_CHECK(err_code); + + // Power on RTC instance + nrf_drv_rtc_enable(&rtc); +} + +static int rtc_get_ms(void) +{ + /* Prescaler is 12-bit for COUNTER: frequency = (32768/(PRESCALER+1)) */ + int frequency = (32768 / (rtc_prescaler_get(rtc.p_reg) + 1)); + int counter = nrf_drv_rtc_counter_get(&rtc); + + /* Convert with rounding frequency to milliseconds */ + return ((counter * 1000) + (frequency / 2) ) / frequency; +} + +double current_time(int reset) +{ + double time; + + if (!mRtcInitDone) { + rtc_config(); + mRtcInitDone = 1; + } + + time = mRtcSec; + time += (double)rtc_get_ms() / 1000; + + return time; +} +#endif /* !NO_CRYPT_BENCHMARK */ + +#endif /* WOLFSSL_NRF51 */ diff --git a/wolfcrypt/src/port/pic32/pic32mz-hash.c b/wolfcrypt/src/port/pic32/pic32mz-hash.c index c2dbfcd43..ccc0c757c 100644 --- a/wolfcrypt/src/port/pic32/pic32mz-hash.c +++ b/wolfcrypt/src/port/pic32/pic32mz-hash.c @@ -1,8 +1,8 @@ /* pic32mz-hash.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 857f9c4d7..c0ab7b4b8 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -1,8 +1,8 @@ /* port/ti/ti-aes.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c index 65a51350e..42b20930a 100644 --- a/wolfcrypt/src/port/ti/ti-ccm.c +++ b/wolfcrypt/src/port/ti/ti-ccm.c @@ -1,8 +1,8 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c index 2927a1b89..177cd1ba1 100644 --- a/wolfcrypt/src/port/ti/ti-des3.c +++ b/wolfcrypt/src/port/ti/ti-des3.c @@ -1,8 +1,8 @@ /* port/ti/ti-des.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c index 56526af86..7ca795b91 100644 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -1,8 +1,8 @@ /* port/ti/ti-hash.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index b9764d8d0..c20ea1f18 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -1,8 +1,8 @@ /* pwdbased.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -54,6 +55,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/rabbit.c b/wolfcrypt/src/rabbit.c index fc7861115..4e51d3095 100644 --- a/wolfcrypt/src/rabbit.c +++ b/wolfcrypt/src/rabbit.c @@ -1,8 +1,8 @@ /* rabbit.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -33,6 +34,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index f407949d3..86ce4357e 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1,8 +1,8 @@ /* random.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -37,6 +38,8 @@ #define CUSTOM_RAND_TYPE byte #endif +#define RNG_HEALTH_TEST_CHECK_SIZE (SHA256_DIGEST_SIZE * 4) + #ifdef HAVE_FIPS int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) @@ -128,6 +131,7 @@ int wc_FreeRng(WC_RNG* rng) #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif #endif /* HAVE_HASHDRBG || NO_RC4 */ @@ -139,9 +143,17 @@ int wc_FreeRng(WC_RNG* rng) #include #include #else - #if !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \ - !defined(WOLFSSL_GENSEED_FORTEST) && !defined(WOLFSSL_MDK_ARM) && \ - !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_ROWLEY_ARM) + #ifdef HAVE_WNR + #include + #include + wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */ + int wnr_timeout = 0; /* entropy timeout, mililseconds */ + int wnr_mutex_init = 0; /* flag for mutex init */ + wnr_context* wnr_ctx; /* global netRandom context */ + #elif !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \ + !defined(WOLFSSL_GENSEED_FORTEST) && !defined(WOLFSSL_MDK_ARM) && \ + !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_ROWLEY_ARM) && \ + !defined(WOLFSSL_EMBOS) #include #ifndef EBSNET #include @@ -191,6 +203,11 @@ int wc_FreeRng(WC_RNG* rng) #define DRBG_FAILED 2 #define DRBG_CONT_FAILED 3 +/* Verify max gen block len */ +#if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN + #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length +#endif + enum { drbgInitC = 0, @@ -352,15 +369,17 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) drbg->lastBlock = checkBlock; } - if (outSz >= OUTPUT_BLOCK_LEN) { - XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); - outSz -= OUTPUT_BLOCK_LEN; - out += OUTPUT_BLOCK_LEN; - array_add_one(data, DRBG_SEED_LEN); - } - else if (out != NULL && outSz != 0) { - XMEMCPY(out, digest, outSz); - outSz = 0; + if (out != NULL) { + if (outSz >= OUTPUT_BLOCK_LEN) { + XMEMCPY(out, digest, OUTPUT_BLOCK_LEN); + outSz -= OUTPUT_BLOCK_LEN; + out += OUTPUT_BLOCK_LEN; + array_add_one(data, DRBG_SEED_LEN); + } + else if (out != NULL && outSz != 0) { + XMEMCPY(out, digest, outSz); + outSz = 0; + } } } ForceZero(data, sizeof(data)); @@ -530,7 +549,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { int ret; - if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) + if (rng == NULL || output == NULL || sz > RNG_MAX_BLOCK_LEN) return BAD_FUNC_ARG; if (rng->status != DRBG_OK) @@ -607,42 +626,66 @@ int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, const byte* entropyB, word32 entropyBSz, byte* output, word32 outputSz) { - DRBG drbg; + int ret = -1; + DRBG* drbg; +#ifndef WOLFSSL_SMALL_STACK + DRBG drbg_var; +#endif - if (entropyA == NULL || output == NULL) + if (entropyA == NULL || output == NULL) { return BAD_FUNC_ARG; + } - if (reseed != 0 && entropyB == NULL) + if (reseed != 0 && entropyB == NULL) { return BAD_FUNC_ARG; + } - if (outputSz != (SHA256_DIGEST_SIZE * 4)) - return -1; + if (outputSz != RNG_HEALTH_TEST_CHECK_SIZE) { + return ret; + } - if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0) - return -1; +#ifdef WOLFSSL_SMALL_STACK + drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); + if (drbg == NULL) { + return MEMORY_E; + } +#else + drbg = &drbg_var; +#endif + + if (Hash_DRBG_Instantiate(drbg, entropyA, entropyASz, NULL, 0) != 0) { + goto exit_rng_ht; + } if (reseed) { - if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) { - Hash_DRBG_Uninstantiate(&drbg); - return -1; + if (Hash_DRBG_Reseed(drbg, entropyB, entropyBSz) != 0) { + goto exit_rng_ht; } } - if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { - Hash_DRBG_Uninstantiate(&drbg); - return -1; + if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) { + goto exit_rng_ht; } - if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) { - Hash_DRBG_Uninstantiate(&drbg); - return -1; + if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) { + goto exit_rng_ht; + } + + /* Mark success */ + ret = 0; + +exit_rng_ht: + + /* This is safe to call even if Hash_DRBG_Instantiate fails */ + if (Hash_DRBG_Uninstantiate(drbg) != 0) { + ret = -1; } - if (Hash_DRBG_Uninstantiate(&drbg) != 0) { - return -1; - } +#ifdef WOLFSSL_SMALL_STACK + XFREE(drbg, NULL, DYNAMIC_TYPE_RNG); +#endif - return 0; + return ret; } @@ -698,27 +741,45 @@ const byte outputB[] = { static int wc_RNG_HealthTestLocal(int reseed) { int ret = 0; - byte check[SHA256_DIGEST_SIZE * 4]; +#ifdef WOLFSSL_SMALL_STACK + byte* check; +#else + byte check[RNG_HEALTH_TEST_CHECK_SIZE]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (check == NULL) { + return MEMORY_E; + } +#endif if (reseed) { ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA), reseedEntropyA, sizeof(reseedEntropyA), - check, sizeof(check)); + check, RNG_HEALTH_TEST_CHECK_SIZE); if (ret == 0) { - if (ConstantCompare(check, outputA, sizeof(check)) != 0) + if (ConstantCompare(check, outputA, + RNG_HEALTH_TEST_CHECK_SIZE) != 0) ret = -1; } } else { ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB), NULL, 0, - check, sizeof(check)); + check, RNG_HEALTH_TEST_CHECK_SIZE); if (ret == 0) { - if (ConstantCompare(check, outputB, sizeof(check)) != 0) + if (ConstantCompare(check, outputB, + RNG_HEALTH_TEST_CHECK_SIZE) != 0) ret = -1; } } +#ifdef WOLFSSL_SMALL_STACK + XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } @@ -855,6 +916,104 @@ static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) #endif /* HAVE_HASHDRBG || NO_RC4 */ +#ifdef HAVE_WNR + +/* + * Init global Whitewood netRandom context + * Returns 0 on success, negative on error + */ +int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout) +{ + if (configFile == NULL || timeout < 0) + return BAD_FUNC_ARG; + + if (wnr_mutex_init > 0) { + WOLFSSL_MSG("netRandom context already created, skipping"); + return 0; + } + + if (InitMutex(&wnr_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex wnr_mutex"); + return BAD_MUTEX_E; + } + wnr_mutex_init = 1; + + if (LockMutex(&wnr_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex wnr_mutex"); + return BAD_MUTEX_E; + } + + /* store entropy timeout */ + wnr_timeout = timeout; + + /* create global wnr_context struct */ + if (wnr_create(&wnr_ctx) != WNR_ERROR_NONE) { + WOLFSSL_MSG("Error creating global netRandom context"); + return RNG_FAILURE_E; + } + + /* load config file */ + if (wnr_config_loadf(wnr_ctx, (char*)configFile) != WNR_ERROR_NONE) { + WOLFSSL_MSG("Error loading config file into netRandom context"); + wnr_destroy(wnr_ctx); + wnr_ctx = NULL; + return RNG_FAILURE_E; + } + + /* create/init polling mechanism */ + if (wnr_poll_create() != WNR_ERROR_NONE) { + printf("ERROR: wnr_poll_create() failed\n"); + WOLFSSL_MSG("Error initializing netRandom polling mechanism"); + wnr_destroy(wnr_ctx); + wnr_ctx = NULL; + return RNG_FAILURE_E; + } + + /* validate config, set HMAC callback (optional) */ + if (wnr_setup(wnr_ctx, hmac_cb) != WNR_ERROR_NONE) { + WOLFSSL_MSG("Error setting up netRandom context"); + wnr_destroy(wnr_ctx); + wnr_ctx = NULL; + wnr_poll_destroy(); + return RNG_FAILURE_E; + } + + UnLockMutex(&wnr_mutex); + + return 0; +} + +/* + * Free global Whitewood netRandom context + * Returns 0 on success, negative on error + */ +int wc_FreeNetRandom(void) +{ + if (wnr_mutex_init > 0) { + + if (LockMutex(&wnr_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex wnr_mutex"); + return BAD_MUTEX_E; + } + + if (wnr_ctx != NULL) { + wnr_destroy(wnr_ctx); + wnr_ctx = NULL; + } + wnr_poll_destroy(); + + UnLockMutex(&wnr_mutex); + + FreeMutex(&wnr_mutex); + wnr_mutex_init = 0; + } + + return 0; +} + +#endif /* HAVE_WNR */ + + #if defined(HAVE_INTEL_RDGEN) #ifndef _MSC_VER @@ -1160,7 +1319,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int i; /* turn on RNGA module */ - SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; + #if defined(SIM_SCGC3_RNGA_MASK) + SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK; + #endif + #if defined(SIM_SCGC6_RNGA_MASK) + /* additionally needed for at least K64F */ + SIM_SCGC6 |= SIM_SCGC6_RNGA_MASK; + #endif /* set SLP bit to 0 - "RNGA is not in sleep mode" */ RNG_CR &= ~RNG_CR_SLP_MASK; @@ -1302,7 +1467,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) +#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) \ + || defined(WOLFSSL_EMBOS) #warning "write a real random seed!!!!, just for testing now" @@ -1360,6 +1526,70 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_NRF51) + #include "app_error.h" + #include "nrf_drv_rng.h" + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + int remaining = sz, length, pos = 0; + uint8_t available; + uint32_t err_code; + + (void)os; + + /* Make sure RNG is running */ + err_code = nrf_drv_rng_init(NULL); + if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { + return -1; + } + + while (remaining > 0) { + err_code = nrf_drv_rng_bytes_available(&available); + if (err_code == NRF_SUCCESS) { + length = (remaining < available) ? remaining : available; + if (length > 0) { + err_code = nrf_drv_rng_rand(&output[pos], length); + remaining -= length; + pos += length; + } + } + + if (err_code != NRF_SUCCESS) { + break; + } + } + + return (err_code == NRF_SUCCESS) ? 0 : -1; + } + +#elif defined(HAVE_WNR) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + if (os == NULL || output == NULL || wnr_ctx == NULL || + wnr_timeout < 0) { + return BAD_FUNC_ARG; + } + + if (wnr_mutex_init == 0) { + WOLFSSL_MSG("netRandom context must be created before use"); + return RNG_FAILURE_E; + } + + if (LockMutex(&wnr_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex wnr_mutex\n"); + return BAD_MUTEX_E; + } + + if (wnr_get_entropy(wnr_ctx, wnr_timeout, output, sz, sz) != + WNR_ERROR_NONE) + return RNG_FAILURE_E; + + UnLockMutex(&wnr_mutex); + + return 0; + } + #elif defined(CUSTOM_RAND_GENERATE) /* Implement your own random generation function diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c index 639a42d07..9da179e4e 100644 --- a/wolfcrypt/src/ripemd.c +++ b/wolfcrypt/src/ripemd.c @@ -1,8 +1,8 @@ /* ripemd.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -32,6 +33,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 1d7c85232..085cc4302 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1,8 +1,8 @@ /* rsa.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -128,6 +129,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -204,30 +206,16 @@ int wc_FreeRsaKey(RsaKey* key) return FreeCaviumRsaKey(key); #endif -/* TomsFastMath doesn't use memory allocation */ -#ifndef USE_FAST_MATH if (key->type == RSA_PRIVATE) { - mp_clear(&key->u); - mp_clear(&key->dQ); - mp_clear(&key->dP); - mp_clear(&key->q); - mp_clear(&key->p); - mp_clear(&key->d); + mp_forcezero(&key->u); + mp_forcezero(&key->dQ); + mp_forcezero(&key->dP); + mp_forcezero(&key->q); + mp_forcezero(&key->p); + mp_forcezero(&key->d); } mp_clear(&key->e); mp_clear(&key->n); -#else - /* still clear private key memory information when free'd */ - if (key->type == RSA_PRIVATE) { - mp_clear(&key->u); - mp_clear(&key->dQ); - mp_clear(&key->u); - mp_clear(&key->dP); - mp_clear(&key->q); - mp_clear(&key->p); - mp_clear(&key->d); - } -#endif return 0; } @@ -411,8 +399,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } #endif - if ((ret = wc_Hash(hType, optLabel, labelLen, - lHash, hLen)) != 0) { + if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) { WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small"); #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -421,8 +408,25 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } - /* handles check of location for idx as well as psLen */ + /* handles check of location for idx as well as psLen, cast to int to check + for pkcsBlockLen(k) - 2 * hLen - 2 being negative + This check is similar to decryption where k > 2 * hLen + 2 as msg + size aproaches 0. In decryption if k is less than or equal -- then there + is no possible room for msg. + k = RSA key size + hLen = hash digest size -- will always be >= 0 at this point + */ + if ((word32)(2 * hLen + 2) > pkcsBlockLen) { + WOLFSSL_MSG("OAEP pad error hash to big for RSA key size"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return BAD_FUNC_ARG; + } + if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) { + WOLFSSL_MSG("OAEP pad error message too long"); #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -523,21 +527,33 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng) { - if (inputLen == 0) - return 0; + if (inputLen == 0 || pkcsBlockLen == 0) { + return BAD_FUNC_ARG; + } pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock++; pkcsBlockLen--; pkcsBlock[0] = padValue; /* insert padValue */ - if (padValue == RSA_BLOCK_TYPE_1) + if (padValue == RSA_BLOCK_TYPE_1) { + if (pkcsBlockLen < inputLen + 2) { + return RSA_PAD_E; + } + /* pad with 0xff bytes */ XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); + } else { /* pad with non-zero random bytes */ - word32 padLen = pkcsBlockLen - inputLen - 1, i; - int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); + word32 padLen, i; + int ret; + if (pkcsBlockLen < inputLen + 1) { + return RSA_PAD_E; + } + + padLen = pkcsBlockLen - inputLen - 1; + ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); if (ret != 0) return ret; @@ -682,6 +698,10 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, i = 1, outputLen; + if (pkcsBlockLen == 0) { + return BAD_FUNC_ARG; + } + if (pkcsBlock[0] != 0x0) /* skip past zero */ invalid = 1; pkcsBlock++; pkcsBlockLen--; @@ -811,7 +831,9 @@ static int wc_RsaFunction(const byte* in, word32 inLen, byte* out, mp_clear(&tmpa); mp_clear(&tmpb); - if (ret != 0) return ret; + if (ret != 0) { + goto done; + } #endif /* RSA_LOW_MEM */ } @@ -863,6 +885,10 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, if (sz > (int)outLen) return RSA_BUFFER_E; + if (sz < RSA_MIN_PAD_SZ) { + return WC_KEY_SIZE_E; + } + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) return RSA_BUFFER_E; @@ -906,6 +932,10 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, if (sz > (int)outLen) return RSA_BUFFER_E; + if (sz < RSA_MIN_PAD_SZ) { + return WC_KEY_SIZE_E; + } + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) return RSA_BUFFER_E; @@ -1161,6 +1191,10 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, if (sz > (int)outLen) return RSA_BUFFER_E; + if (sz < RSA_MIN_PAD_SZ) { + return WC_KEY_SIZE_E; + } + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) return RSA_BUFFER_E; diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index bde6376c8..9de702a45 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -1,8 +1,8 @@ /* sha.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -35,6 +36,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -134,7 +136,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len) /* append partial to existing stored block */ XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len); sha->buffLen += len; - return; + return 0; } } diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 2cdad7d88..e546a7c24 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1,8 +1,8 @@ /* sha256.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* code submitted by raphael.huck@efixo.com */ #ifdef HAVE_CONFIG_H @@ -281,6 +282,7 @@ static void set_Transform(void) { #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index acd07c40c..d06bc0880 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -1,8 +1,8 @@ /* sha512.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -75,6 +76,7 @@ int wc_Sha384Final(Sha384* sha, byte* out) #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index b3c57142b..46e8ff238 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -1,8 +1,8 @@ /* signature.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index ad21cf854..e00af4bb7 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -1,8 +1,8 @@ /* srp.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -34,6 +35,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index a0d3ec830..97ea4aeae 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -1,8 +1,8 @@ /* tfm.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com @@ -39,6 +40,7 @@ #ifdef NO_INLINE #include #else + #define WOLFSSL_MISC_INCLUDED #include #endif @@ -48,6 +50,10 @@ #include #include /* will define asm MACROS or C ones */ +#ifdef WOLFSSL_DEBUG_MATH + #include +#endif + /* math settings check */ word32 CheckRunTimeSettings(void) @@ -116,6 +122,8 @@ void s_fp_add(fp_int *a, fp_int *b, fp_int *c) } c->used = x; + + /* zero any excess digits on the destination that we didn't write to */ for (; x < oldused; x++) { c->dp[x] = 0; } @@ -177,6 +185,8 @@ void s_fp_sub(fp_int *a, fp_int *b, fp_int *c) c->dp[x] = (fp_digit)t; t = (t >> DIGIT_BIT)&1; } + + /* zero any excess digits on the destination that we didn't write to */ for (; x < oldused; x++) { c->dp[x] = 0; } @@ -186,7 +196,9 @@ void s_fp_sub(fp_int *a, fp_int *b, fp_int *c) /* c = a * b */ void fp_mul(fp_int *A, fp_int *B, fp_int *C) { - int y, yy; + int y, yy, oldused; + + oldused = C->used; y = MAX(A->used, B->used); yy = MIN(A->used, B->used); @@ -194,7 +206,7 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C) /* call generic if we're out of range */ if (y + yy > FP_SIZE) { fp_mul_comba(A, B, C); - return ; + goto clean; } /* pick a comba (unrolled 4/8/16/32 x or rolled) based on the size @@ -203,98 +215,104 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C) if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications */ -#ifdef TFM_MUL3 +#if defined(TFM_MUL3) && FP_SIZE >= 6 if (y <= 3) { fp_mul_comba3(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL4 +#if defined(TFM_MUL4) && FP_SIZE >= 8 if (y == 4) { fp_mul_comba4(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL6 +#if defined(TFM_MUL6) && FP_SIZE >= 12 if (y <= 6) { fp_mul_comba6(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL7 +#if defined(TFM_MUL7) && FP_SIZE >= 14 if (y == 7) { fp_mul_comba7(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL8 +#if defined(TFM_MUL8) && FP_SIZE >= 16 if (y == 8) { fp_mul_comba8(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL9 +#if defined(TFM_MUL9) && FP_SIZE >= 18 if (y == 9) { fp_mul_comba9(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL12 +#if defined(TFM_MUL12) && FP_SIZE >= 24 if (y <= 12) { fp_mul_comba12(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_MUL17 +#if defined(TFM_MUL17) && FP_SIZE >= 34 if (y <= 17) { fp_mul_comba17(A,B,C); - return; + goto clean; } #endif -#ifdef TFM_SMALL_SET +#if defined(TFM_SMALL_SET) && FP_SIZE >= 32 if (y <= 16) { fp_mul_comba_small(A,B,C); - return; + goto clean; } #endif -#if defined(TFM_MUL20) +#if defined(TFM_MUL20) && FP_SIZE >= 40 if (y <= 20) { fp_mul_comba20(A,B,C); - return; + goto clean; } #endif -#if defined(TFM_MUL24) +#if defined(TFM_MUL24) && FP_SIZE >= 48 if (yy >= 16 && y <= 24) { fp_mul_comba24(A,B,C); - return; + goto clean; } #endif -#if defined(TFM_MUL28) +#if defined(TFM_MUL28) && FP_SIZE >= 56 if (yy >= 20 && y <= 28) { fp_mul_comba28(A,B,C); - return; + goto clean; } #endif -#if defined(TFM_MUL32) +#if defined(TFM_MUL32) && FP_SIZE >= 64 if (yy >= 24 && y <= 32) { fp_mul_comba32(A,B,C); - return; + goto clean; } #endif -#if defined(TFM_MUL48) +#if defined(TFM_MUL48) && FP_SIZE >= 96 if (yy >= 40 && y <= 48) { - fp_mul_comba48(A,B,C); - return; + fp_mul_comba48(A,B,C); + goto clean; } #endif -#if defined(TFM_MUL64) +#if defined(TFM_MUL64) && FP_SIZE >= 128 if (yy >= 56 && y <= 64) { fp_mul_comba64(A,B,C); - return; + goto clean; } #endif fp_mul_comba(A,B,C); + +clean: + /* zero any excess digits on the destination that we didn't write to */ + for (y = C->used; y < oldused; y++) { + C->dp[y] = 0; + } } void fp_mul_2(fp_int * a, fp_int * b) @@ -338,9 +356,7 @@ void fp_mul_2(fp_int * a, fp_int * b) ++(b->used); } - /* now zero any excess digits on the destination - * that we didn't write to - */ + /* zero any excess digits on the destination that we didn't write to */ tmpb = b->dp + b->used; for (x = b->used; x < oldused; x++) { *tmpb++ = 0; @@ -368,6 +384,8 @@ void fp_mul_d(fp_int *a, fp_digit b, fp_int *c) c->dp[c->used++] = (fp_digit) w; ++x; } + + /* zero any excess digits on the destination that we didn't write to */ for (; x < oldused; x++) { c->dp[x] = 0; } @@ -625,9 +643,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d) if (d != NULL) { fp_div_2d (&x, norm, &x, NULL); -/* the following is a kludge, essentially we were seeing the right remainder but - with excess digits that should have been zero - */ + /* zero any excess digits on the destination that we didn't write to */ for (i = b->used; i < x.used; i++) { x.dp[i] = 0; } @@ -667,7 +683,7 @@ void fp_div_2(fp_int * a, fp_int * b) r = rr; } - /* zero excess digits */ + /* zero any excess digits on the destination that we didn't write to */ tmpb = b->dp + b->used; for (x = b->used; x < oldused; x++) { *tmpb++ = 0; @@ -1047,9 +1063,14 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) */ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) { - fp_int M[64], res; + fp_int res; fp_digit buf, mp; int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; +#ifdef WOLFSSL_SMALL_STACK + fp_int *M; +#else + fp_int M[64]; +#endif /* find window size */ x = fp_count_bits (X); @@ -1065,15 +1086,23 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) winsize = 6; } - /* init M array */ - for(x = 0; x < (int)(sizeof(M)/sizeof(fp_int)); x++) - fp_init(&M[x]); - /* now setup montgomery */ if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) { return err; } +#ifdef WOLFSSL_SMALL_STACK + /* only allocate space for what's needed */ + M = (fp_int*)XMALLOC(sizeof(fp_int)*(1 << winsize), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (M == NULL) { + return FP_MEM; + } +#endif + + /* init M array */ + for(x = 0; x < (1 << winsize); x++) + fp_init(&M[x]); + /* setup result */ fp_init(&res); @@ -1081,7 +1110,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) * * The M table contains powers of the input base, e.g. M[x] = G^x mod P * - * The first half of the table is not computed though accept for M[0] and M[1] + * The first half of the table is not computed though except for M[0] and M[1] */ /* now we need R mod m */ @@ -1200,10 +1229,15 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* swap res with Y */ fp_copy (&res, Y); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return FP_OKAY; } -#endif +#endif /* TFM_TIMING_RESISTANT */ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) { @@ -1265,105 +1299,114 @@ void fp_2expt(fp_int *a, int b) /* b = a*a */ void fp_sqr(fp_int *A, fp_int *B) { - int y = A->used; + int y, oldused; + + oldused = B->used; + y = A->used; /* call generic if we're out of range */ if (y + y > FP_SIZE) { fp_sqr_comba(A, B); - return ; + goto clean; } -#if defined(TFM_SQR3) +#if defined(TFM_SQR3) && FP_SIZE >= 6 if (y <= 3) { fp_sqr_comba3(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR4) +#if defined(TFM_SQR4) && FP_SIZE >= 8 if (y == 4) { fp_sqr_comba4(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR6) +#if defined(TFM_SQR6) && FP_SIZE >= 12 if (y <= 6) { fp_sqr_comba6(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR7) +#if defined(TFM_SQR7) && FP_SIZE >= 14 if (y == 7) { fp_sqr_comba7(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR8) +#if defined(TFM_SQR8) && FP_SIZE >= 16 if (y == 8) { fp_sqr_comba8(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR9) +#if defined(TFM_SQR9) && FP_SIZE >= 18 if (y == 9) { fp_sqr_comba9(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR12) +#if defined(TFM_SQR12) && FP_SIZE >= 24 if (y <= 12) { fp_sqr_comba12(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR17) +#if defined(TFM_SQR17) && FP_SIZE >= 34 if (y <= 17) { fp_sqr_comba17(A,B); - return; + goto clean; } #endif #if defined(TFM_SMALL_SET) if (y <= 16) { fp_sqr_comba_small(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR20) +#if defined(TFM_SQR20) && FP_SIZE >= 40 if (y <= 20) { fp_sqr_comba20(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR24) +#if defined(TFM_SQR24) && FP_SIZE >= 48 if (y <= 24) { fp_sqr_comba24(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR28) +#if defined(TFM_SQR28) && FP_SIZE >= 56 if (y <= 28) { fp_sqr_comba28(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR32) +#if defined(TFM_SQR32) && FP_SIZE >= 64 if (y <= 32) { fp_sqr_comba32(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR48) +#if defined(TFM_SQR48) && FP_SIZE >= 96 if (y <= 48) { fp_sqr_comba48(A,B); - return; + goto clean; } #endif -#if defined(TFM_SQR64) +#if defined(TFM_SQR64) && FP_SIZE >= 128 if (y <= 64) { fp_sqr_comba64(A,B); - return; + goto clean; } #endif fp_sqr_comba(A, B); + +clean: + /* zero any excess digits on the destination that we didn't write to */ + for (y = B->used; y < oldused; y++) { + B->dp[y] = 0; + } } /* generic comba squarer */ @@ -1511,7 +1554,7 @@ int fp_cmp_mag(fp_int *a, fp_int *b) return FP_EQ; } -/* setups the montgomery reduction */ +/* sets up the montgomery reduction */ int fp_montgomery_setup(fp_int *a, fp_digit *rho) { fp_digit x, b; @@ -1610,7 +1653,7 @@ static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp) /* now zero the buff */ - XMEMSET(c, 0, sizeof c); + XMEMSET(c, 0, sizeof(c)); pa = m->used; /* copy the input */ @@ -1650,7 +1693,8 @@ static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp) *tmpm++ = *_c++; } - for (; x < oldused; x++) { + /* zero any excess digits on the destination that we didn't write to */ + for (; x < oldused; x++) { *tmpm++ = 0; } @@ -1689,7 +1733,7 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp) /* now zero the buff */ - XMEMSET(c, 0, sizeof c); + XMEMSET(c, 0, sizeof(c)); pa = m->used; /* copy the input */ @@ -1731,7 +1775,8 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp) *tmpm++ = *_c++; } - for (; x < oldused; x++) { + /* zero any excess digits on the destination that we didn't write to */ + for (; x < oldused; x++) { *tmpm++ = 0; } @@ -1827,7 +1872,7 @@ void fp_set(fp_int *a, fp_digit b) a->used = a->dp[0] ? 1 : 0; } -/* chek if a bit is set */ +/* check if a bit is set */ int fp_is_bit_set (fp_int *a, fp_digit b) { fp_digit i; @@ -2051,7 +2096,7 @@ void fp_clear(fp_int *a) /* clear one (frees) */ void mp_clear (mp_int * a) { - fp_clear(a); + fp_zero(a); } /* handle up to 6 inits */ @@ -2175,13 +2220,20 @@ int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d) } #ifdef ALT_ECC_SIZE -void fp_copy(fp_int *a, fp_int* b) +void fp_copy(fp_int *a, fp_int *b) { if (a != b && b->size >= a->used) { + int x, oldused; + oldused = b->used; b->used = a->used; b->sign = a->sign; XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit)); + + /* zero any excess digits on the destination that we didn't write to */ + for (x = b->used; x < oldused; x++) { + b->dp[x] = 0; + } } } @@ -2194,49 +2246,39 @@ void fp_init_copy(fp_int *a, fp_int* b) } #endif -/* fast math conversion */ +/* fast math wrappers */ int mp_copy(fp_int* a, fp_int* b) { fp_copy(a, b); return MP_OKAY; } - -/* fast math conversion */ int mp_isodd(mp_int* a) { return fp_isodd(a); } - -/* fast math conversion */ int mp_iszero(mp_int* a) { return fp_iszero(a); } -/* fast math conversion */ int mp_count_bits (mp_int* a) { return fp_count_bits(a); } - int mp_leading_bit (mp_int* a) { return fp_leading_bit(a); } - -/* fast math conversion */ void mp_rshb (mp_int* a, int x) { fp_rshb(a, x); } - -/* fast math wrappers */ int mp_set_int(mp_int *a, mp_digit b) { fp_set(a, b); @@ -2280,7 +2322,8 @@ int mp_montgomery_calc_normalization(mp_int *a, mp_int *b) #endif /* WOLFSSL_KEYGEN || HAVE_ECC */ -#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) static const int lnz[16] = { 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 @@ -2427,7 +2470,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c) return fp_mod_d(a, b, c); } -#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ +#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(WOLFSSL_DEBUG_MATH) */ #ifdef WOLFSSL_KEY_GEN @@ -2870,7 +2913,8 @@ int mp_cnt_lsb(fp_int* a) #endif /* HAVE_ECC */ -#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) /* returns size of ASCII representation */ int mp_radix_size (mp_int *a, int radix, int *size) @@ -2978,7 +3022,32 @@ int mp_toradix (mp_int *a, char *str, int radix) return FP_OKAY; } -#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ +#ifdef WOLFSSL_DEBUG_MATH +void mp_dump(const char* desc, mp_int* a, byte verbose) +{ + char buffer[FP_SIZE * sizeof(fp_digit) * 2]; + int size = FP_SIZE; + +#ifdef ALT_ECC_SIZE + size = a->size; +#endif + + printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n", + desc, a, a->used, a->sign, size, (int)sizeof(fp_digit)); + + mp_toradix(a, buffer, 16); + printf(" %s\n ", buffer); + + if (verbose) { + int i; + for(i=0; idp) + i)); + } + printf("\n"); + } +} +#endif /* WOLFSSL_DEBUG_MATH */ + +#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(WOLFSSL_DEBUG_MATH) */ #endif /* USE_FAST_MATH */ - diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index db8390ddc..dc4e4c1b3 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -1,8 +1,8 @@ /* wc_encrypt.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -30,7 +31,7 @@ #include -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, const byte* key, word32 keySz, const byte* iv) { @@ -84,7 +85,7 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, return ret; } -#endif /* !NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #ifndef NO_DES3 diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 1a97c31af..9f8e2f7b9 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1,8 +1,8 @@ /* port.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f19a756d6..b0977d973 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1,8 +1,8 @@ /* test.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include #endif @@ -142,6 +143,14 @@ #include "wolfcrypt/test/test.h" +#ifdef USE_WOLFSSL_MEMORY + #include "wolfssl/wolfcrypt/mem_track.h" +#endif + +#ifdef HAVE_WNR + const char* wnrConfigFile = "wnr-example.conf"; +#endif + typedef struct testVector { const char* input; @@ -266,6 +275,10 @@ int wolfcrypt_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ +#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY) + InitMemoryTracker(); +#endif + #ifdef HAVE_FIPS wolfCrypt_SetCb_fips(myFipsCb); #endif @@ -593,7 +606,7 @@ int wolfcrypt_test(void* args) else printf( "PKCS7signed test passed!\n"); #endif - + #ifdef OPENSSL_EXTRA if ( (ret = bio_md_test()) != 0) return err_sys("BIO digest test failed !\n", ret); @@ -621,6 +634,10 @@ int wolfcrypt_test(void* args) printf( "BIO test passed!\n"); #endif /* OPENSSL_EXTRA */ +#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY) + ShowMemoryTracker(); +#endif + ((func_args*)args)->return_code = ret; return ret; @@ -668,6 +685,13 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) } #endif /* HAVE_CAVIUM */ +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { + err_sys("Whitewood netRandom global config failed", -1237); + return -1237; + } +#endif + args.argc = argc; args.argv = argv; @@ -677,6 +701,11 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) CspShutdown(CAVIUM_DEV_ID); #endif +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context", -1238); +#endif /* HAVE_WNR */ + return args.return_code; } @@ -2102,7 +2131,7 @@ int poly1305_test(void) byte tag[16]; Poly1305 enc; - const byte msg[] = + static const byte msg[] = { 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, @@ -2111,13 +2140,13 @@ int poly1305_test(void) 0x75,0x70 }; - const byte msg2[] = + static const byte msg2[] = { 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, 0x6c,0x64,0x21 }; - const byte msg3[] = + static const byte msg3[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, @@ -2125,7 +2154,7 @@ int poly1305_test(void) 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - const byte msg4[] = + static const byte msg4[] = { 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, @@ -2150,46 +2179,46 @@ int poly1305_test(void) 0xc4,0xc5,0xc6,0xc7 }; - const byte correct[] = + static const byte correct[] = { 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 }; - const byte correct2[] = + static const byte correct2[] = { 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 }; - const byte correct3[] = + static const byte correct3[] = { 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 }; - const byte correct4[] = + static const byte correct4[] = { 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a, 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91 }; - const byte key[] = { + static const byte key[] = { 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b }; - const byte key2[] = { + static const byte key2[] = { 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 }; - const byte key4[] = { + static const byte key4[] = { 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf, 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84, 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb, @@ -2639,9 +2668,16 @@ int des3_test(void) #ifndef NO_AES int aes_test(void) { +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) Aes enc; Aes dec; + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; +#endif + int ret = 0; + +#ifdef HAVE_AES_CBC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, @@ -2657,10 +2693,6 @@ int aes_test(void) byte key[] = "0123456789abcdef "; /* align */ byte iv[] = "1234567890abcdef "; /* align */ - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - int ret; - #ifdef HAVE_CAVIUM if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) return -20003; @@ -2677,20 +2709,111 @@ int aes_test(void) ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); if (ret != 0) return -1005; +#ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); if (ret != 0) return -1006; if (memcmp(plain, msg, AES_BLOCK_SIZE)) return -60; - +#endif /* HAVE_AES_DECRYPT */ if (memcmp(cipher, verify, AES_BLOCK_SIZE)) return -61; +#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) + { + const byte bigMsg[] = { + /* "All work and no play makes Jack a dull boy. " */ + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 + }; + const byte bigKey[] = "0123456789abcdeffedcba9876543210"; + byte bigCipher[sizeof(bigMsg)]; + byte bigPlain[sizeof(bigMsg)]; + word32 keySz, msgSz; + + /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole + * message by AES_BLOCK_SIZE for each size of AES key. */ + for (keySz = 16; keySz <= 32; keySz += 8) { + for (msgSz = AES_BLOCK_SIZE; + msgSz <= sizeof(bigMsg); + msgSz += AES_BLOCK_SIZE) { + + memset(bigCipher, 0, sizeof(bigCipher)); + memset(bigPlain, 0, sizeof(bigPlain)); + ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); + if (ret != 0) + return -1030; + ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); + if (ret != 0) + return -1031; + + ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); + if (ret != 0) + return -1032; + ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); + if (ret != 0) + return -1033; + + if (memcmp(bigPlain, bigMsg, msgSz)) + return -1034; + } + } + } +#endif /* WOLFSSL_AESNI HAVE_AES_DECRYPT */ + #ifdef HAVE_CAVIUM wc_AesFreeCavium(&enc); wc_AesFreeCavium(&dec); #endif +#endif /* HAVE_AES_CBC */ + #ifdef WOLFSSL_AES_COUNTER { const byte ctrKey[] = @@ -2815,7 +2938,7 @@ int aes_test(void) } #endif /* WOLFSSL_AESNI && WOLFSSL_AES_DIRECT */ - return 0; + return ret; } #ifdef HAVE_AESGCM @@ -3588,12 +3711,53 @@ int idea_test(void) wc_FreeRng(&rng); } - + return 0; } #endif /* HAVE_IDEA */ +static int random_rng_test(void) +{ + WC_RNG rng; + byte block[32]; + int ret, i; + +#ifdef HAVE_CAVIUM + ret = wc_InitRngCavium(&rng, CAVIUM_DEV_ID); + if (ret != 0) return -2007; +#endif + ret = wc_InitRng(&rng); + if (ret != 0) return -39; + + XMEMSET(block, 0, sizeof(block)); + + ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); + if (ret != 0) { + ret = -40; + goto exit; + } + + /* Check for 0's */ + for (i=0; i<(int)sizeof(block); i++) { + if (block[i] == 0) { + ret++; + } + } + /* All zeros count check */ + if (ret >= (int)sizeof(block)) { + ret = -38; + goto exit; + } + ret = 0; + +exit: + /* Make sure and free RNG */ + wc_FreeRng(&rng); + + return ret; +} + #if (defined(HAVE_HASHDRBG) || defined(NO_RC4)) && !defined(CUSTOM_RAND_GENERATE_BLOCK) int random_test(void) @@ -3667,6 +3831,9 @@ int random_test(void) if (XMEMCMP(test2Output, output, sizeof(output)) != 0) return -42; + /* Basic RNG generate block test */ + random_rng_test(); + return 0; } @@ -3674,21 +3841,8 @@ int random_test(void) int random_test(void) { - WC_RNG rng; - byte block[32]; - int ret; - -#ifdef HAVE_CAVIUM - ret = wc_InitRngCavium(&rng, CAVIUM_DEV_ID); - if (ret != 0) return -2007; -#endif - ret = wc_InitRng(&rng); - if (ret != 0) return -39; - - ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); - if (ret != 0) return -40; - - wc_FreeRng(&rng); + /* Basic RNG generate block test */ + random_rng_test(); return 0; } @@ -3867,12 +4021,14 @@ int certext_test(void) if (cert.isCA) return -206; +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 1) return -227; if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) return -228; +#endif FreeDecodedCert(&cert); @@ -3916,6 +4072,7 @@ int certext_test(void) if (cert.isCA) return -216; +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) return -217; @@ -3925,6 +4082,7 @@ int certext_test(void) if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) return -219; +#endif FreeDecodedCert(&cert); #endif /* HAVE_ECC */ @@ -3968,6 +4126,7 @@ int certext_test(void) if (!cert.isCA) return -226; +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ /* check the Certificate Policies Id */ if (cert.extCertPoliciesNb != 2) return -227; @@ -3977,6 +4136,7 @@ int certext_test(void) if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) return -229; +#endif FreeDecodedCert(&cert); free(tmp); @@ -4082,7 +4242,8 @@ int rsa_test(void) #ifndef WC_NO_RSA_OAEP /* OAEP padding testing */ - #if !defined(HAVE_FAST_RSA) && !defined(HAVE_FIPS) + #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ + !defined(HAVE_FIPS) #ifndef NO_SHA XMEMSET(plain, 0, sizeof(plain)); ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, @@ -4175,24 +4336,30 @@ int rsa_test(void) #endif /* NO_SHA256 */ #ifdef WOLFSSL_SHA512 - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, + /* Check valid RSA key size is used while using hash length of SHA512 + If key size is less than (hash length * 2) + 2 then is invalid use + and test, since OAEP padding requires this. + BAD_FUNC_ARG is returned when this case is not met */ + if (wc_RsaEncryptSize(&key) > ((int)SHA512_DIGEST_SIZE * 2) + 2) { + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - if (ret < 0) { - free(tmp); - return -343; - } - ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, + if (ret < 0) { + free(tmp); + return -343; + } + ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - if (ret < 0) { - free(tmp); - return -344; + if (ret < 0) { + free(tmp); + return -344; + } + if (XMEMCMP(plain, in, inLen)) { + free(tmp); + return -345; + } } - if (XMEMCMP(plain, in, inLen)) { - free(tmp); - return -345; - } - #endif /* NO_SHA */ + #endif /* WOLFSSL_SHA512 */ /* check using pkcsv15 padding with _ex API */ XMEMSET(plain, 0, sizeof(plain)); @@ -4974,6 +5141,7 @@ int rsa_test(void) free(tmp); return -5415; } + fclose(pemFile); free(pem); free(derCert); @@ -5641,9 +5809,9 @@ static int generate_random_salt(byte *buf, word32 size) return -1; if (buf && size && wc_InitRng(&rng) == 0) { - ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); + ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); - wc_FreeRng(&rng); + wc_FreeRng(&rng); } return ret; @@ -5689,7 +5857,7 @@ int srp_test(void) word32 v_size = sizeof(verifier); /* generating random salt */ - + r = generate_random_salt(salt, sizeof(salt)); /* client knows username and password. */ @@ -6965,65 +7133,348 @@ int hkdf_test(void) #ifdef HAVE_ECC -typedef struct rawEccVector { - const char* msg; +#ifndef NO_ECC_VECTOR_TEST + #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\ + !defined(NO_ECC256) || defined(HAVE_ECC384) ||\ + defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #define HAVE_ECC_VECTOR_TEST + #endif +#endif + +#ifdef HAVE_ECC_VECTOR_TEST +typedef struct eccVector { + const char* msg; /* SHA-1 Encoded Message */ const char* Qx; const char* Qy; - const char* d; + const char* d; /* Private Key */ const char* R; const char* S; const char* curveName; - size_t msgLen; -} rawEccVector; + word32 msgLen; + word32 keySize; +} eccVector; -int ecc_test(void) +static int ecc_test_vector_item(const eccVector* vector) { - WC_RNG rng; - byte sharedA[1024]; - byte sharedB[1024]; -#if !defined(NO_ASN) || \ - ( !defined(NO_SHA) && ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) \ - || defined(HAVE_ALL_CURVES))) + int ret, verify; + word32 x; + ecc_key userA; byte sig[1024]; - int verify; -#endif - byte digest[20]; - byte exportBuf[1024]; - word32 x, y; - int i, ret; - ecc_key userA, userB, pubKey; - - ret = wc_InitRng(&rng); - if (ret != 0) - return -1001; wc_ecc_init(&userA); - wc_ecc_init(&userB); - wc_ecc_init(&pubKey); - ret = wc_ecc_make_key(&rng, 32, &userA); + memset(sig, 0, sizeof(sig)); + x = sizeof(sig); + ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, + vector->d, vector->curveName); + if (ret != 0) + return -1018; + + ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &x); + if (ret != 0) + return -1019; + + ret = wc_ecc_verify_hash(sig, x, (byte*)vector->msg, vector->msgLen, &verify, &userA); + if (ret != 0) + return -1021; + + if (verify != 1) + return -1023; + + wc_ecc_free(&userA); + + return 0; +} + +static int ecc_test_vector(int keySize) +{ + int ret; + eccVector vec; + + XMEMSET(&vec, 0, sizeof(vec)); + vec.keySize = keySize; + + switch(keySize) { +#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) + case 24: + /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b" + "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4" + "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf" + "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a" + "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd" + "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5" + "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" + "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; + vec.msgLen = 128; + #endif + vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + vec.curveName = "ECC-192"; + break; +#endif /* HAVE_ECC192 */ + +#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + case 28: + /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47" + "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99" + "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64" + "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97" + "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf" + "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e" + "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" + "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; + vec.msgLen = 128; + #endif + vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + vec.curveName = "ECC-224"; + break; +#endif /* HAVE_ECC224 */ + +#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + case 32: + /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd" + "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56" + "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72" + "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4" + "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84" + "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a" + "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73" + "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" + vec.msgLen = 128; + #endif + vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; + vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + vec.curveName = "nistp256"; + break; +#endif /* !NO_ECC256 */ + +#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + case 48: + /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47" + "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16" + "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf" + "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba" + "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d" + "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a" + "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3" + "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" + vec.msgLen = 128; + #endif + vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; + vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; + vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; + vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; + vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; + vec.curveName = "nistp384"; + break; +#endif /* HAVE_ECC384 */ + +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + case 66: + /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33" + "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21" + "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a" + "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e" + "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16" + "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda" + "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73" + "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" + vec.msgLen = 128; + #endif + vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; + vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; + vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; + vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; + vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; + vec.curveName = "nistp521"; + break; +#endif /* HAVE_ECC521 */ + default: + return NOT_COMPILED_IN; /* Invalid key size / Not supported */ + }; /* Switch */ + + ret = ecc_test_vector_item(&vec); + if (ret < 0) { + return ret; + } + + return 0; +} + +#endif /* HAVE_ECC_VECTOR_TEST */ + +#ifdef WOLFSSL_KEY_GEN +static int ecc_test_key_gen(WC_RNG* rng, int keySize) +{ + int ret; + int derSz, pemSz; + byte der[FOURK_BUF]; + byte pem[FOURK_BUF]; + FILE* keyFile; + FILE* pemFile; + + ecc_key userA; + + wc_ecc_init(&userA); + + ret = wc_ecc_make_key(rng, keySize, &userA); if (ret != 0) return -1014; ret = wc_ecc_check_key(&userA); if (ret != 0) + return -1023; + + derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF); + if (derSz < 0) { return -1024; + } - ret = wc_ecc_make_key(&rng, 32, &userB); + keyFile = fopen("./ecc-key.der", "wb"); + if (!keyFile) { + return -1025; + } + ret = (int)fwrite(der, 1, derSz, keyFile); + fclose(keyFile); + if (ret != derSz) { + return -1026; + } + pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, ECC_PRIVATEKEY_TYPE); + if (pemSz < 0) { + return -1027; + } + + pemFile = fopen("./ecc-key.pem", "wb"); + if (!pemFile) { + return -1028; + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); + fclose(pemFile); + if (ret != pemSz) { + return -1029; + } + + /* test export of public key */ + derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1); + if (derSz <= 0) { + return -5516; + } +#ifdef FREESCALE_MQX + keyFile = fopen("a:\\certs\\ecc-public-key.der", "wb"); +#else + keyFile = fopen("./ecc-public-key.der", "wb"); +#endif + if (!keyFile) { + return -5417; + } + ret = (int)fwrite(der, 1, derSz, keyFile); + fclose(keyFile); + if (ret != derSz) { + return -5418; + } + + wc_ecc_free(&userA); + + return 0; +} +#endif /* WOLFSSL_KEY_GEN */ + +static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, + int testCompressedKey) +{ +#ifdef BENCH_EMBEDDED + byte sharedA[128]; /* Needs to be at least keySize */ + byte sharedB[128]; /* Needs to be at least keySize */ +#else + byte sharedA[1024]; + byte sharedB[1024]; +#endif +#ifdef HAVE_ECC_KEY_EXPORT + byte exportBuf[1024]; +#endif + word32 x, y; +#ifdef HAVE_ECC_SIGN + byte sig[1024]; + byte digest[20]; + int i; +#ifdef HAVE_ECC_VERIFY + int verify; +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ + int ret; + ecc_key userA, userB, pubKey; + + wc_ecc_init(&userA); + wc_ecc_init(&userB); + wc_ecc_init(&pubKey); + + ret = wc_ecc_make_key(rng, keySize, &userA); + if (ret != 0) + return -1014; + + ret = wc_ecc_check_key(&userA); + if (ret != 0) + return -1023; + + ret = wc_ecc_make_key(rng, keySize, &userB); if (ret != 0) return -1002; +#ifdef HAVE_ECC_DHE x = sizeof(sharedA); ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); - if (ret != 0) return -1015; y = sizeof(sharedB); ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); - if (ret != 0) return -1003; @@ -7032,206 +7483,197 @@ int ecc_test(void) if (memcmp(sharedA, sharedB, x)) return -1005; +#endif /* HAVE_ECC_DHE */ +#ifdef HAVE_ECC_KEY_EXPORT x = sizeof(exportBuf); + ret = wc_ecc_export_x963(&userA, exportBuf, &x); if (ret != 0) return -1006; +#ifdef HAVE_ECC_KEY_IMPORT ret = wc_ecc_import_x963(exportBuf, x, &pubKey); - if (ret != 0) return -1007; +#ifdef HAVE_ECC_DHE y = sizeof(sharedB); ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); - if (ret != 0) return -1008; if (memcmp(sharedA, sharedB, y)) return -1009; +#endif /* HAVE_ECC_DHE */ -#ifdef HAVE_COMP_KEY - /* try compressed export / import too */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1); - if (ret != 0) - return -1010; + if (testCompressedKey) { + #ifdef HAVE_COMP_KEY + /* try compressed export / import too */ + x = sizeof(exportBuf); - wc_ecc_free(&pubKey); - wc_ecc_init(&pubKey); - ret = wc_ecc_import_x963(exportBuf, x, &pubKey); + ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1); + if (ret != 0) + return -1010; + wc_ecc_free(&pubKey); + wc_ecc_init(&pubKey); - if (ret != 0) - return -1011; -#endif + ret = wc_ecc_import_x963(exportBuf, x, &pubKey); + if (ret != 0) + return -1011; - y = sizeof(sharedB); - ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); + #ifdef HAVE_ECC_DHE + y = sizeof(sharedB); + ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); + if (ret != 0) + return -1012; - if (ret != 0) - return -1012; + if (memcmp(sharedA, sharedB, y)) + return -1013; + #endif /* HAVE_ECC_DHE */ + #endif /* HAVE_COMP_KEY */ + } +#endif /* HAVE_ECC_KEY_IMPORT */ +#endif /* HAVE_ECC_KEY_EXPORT */ - if (memcmp(sharedA, sharedB, y)) - return -1013; +#ifdef HAVE_ECC_SIGN + /* test DSA sign hash with zeros */ + for (i = 0; i < (int)sizeof(digest); i++) { + digest[i] = 0; + } + digest[i-1] = 1; /* Set last digit to non-zero value */ - /* test DSA sign hash */ - for (i = 0; i < (int)sizeof(digest); i++) - digest[i] = (byte)i; - -#ifndef NO_ASN x = sizeof(sig); - ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); + ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, rng, &userA); if (ret != 0) return -1014; - verify = 0; - ret = wc_ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA); +#ifdef HAVE_ECC_VERIFY + for (i=0; i #endif @@ -527,20 +528,33 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng) { - if (inputLen == 0) - return 0; + if (inputLen == 0 || pkcsBlockLen == 0) { + return USER_CRYPTO_ERROR; + } pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock++; pkcsBlockLen--; pkcsBlock[0] = padValue; /* insert padValue */ - if (padValue == RSA_BLOCK_TYPE_1) + if (padValue == RSA_BLOCK_TYPE_1) { + if (pkcsBlockLen < inputLen + 2) { + return USER_CRYPTO_ERROR; + } + /* pad with 0xff bytes */ XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); + } else { /* pad with non-zero random bytes */ - word32 padLen = pkcsBlockLen - inputLen - 1, i; - int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); + word32 padLen, i; + int ret; + + if (pkcsBlockLen < inputLen + 1) { + return USER_CRYPTO_ERROR; + } + + padLen = pkcsBlockLen - inputLen - 1; + ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); if (ret != 0) return ret; @@ -567,6 +581,10 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, i = 1, outputLen; + if (pkcsBlockLen == 0) { + return USER_CRYPTO_ERROR; + } + if (pkcsBlock[0] != 0x0) /* skip past zero */ invalid = 1; pkcsBlock++; pkcsBlockLen--; @@ -1611,6 +1629,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, return USER_CRYPTO_ERROR; } + if (sz < RSA_MIN_PAD_SZ) { + USER_DEBUG(("Key size is too small\n")); + return USER_CRYPTO_ERROR; + } + if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) { USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n")); return USER_CRYPTO_ERROR; diff --git a/wolfssl-ntru.vcproj b/wolfssl-ntru.vcproj index bda665992..101353b50 100755 --- a/wolfssl-ntru.vcproj +++ b/wolfssl-ntru.vcproj @@ -179,7 +179,7 @@ > + @@ -325,6 +326,10 @@ RelativePath=".\src\tls.c" > + + +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -392,6 +397,9 @@ typedef byte word24[3]; #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #if !defined(NO_DES3) + #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + #endif #endif #if !defined(NO_SHA256) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 @@ -697,6 +705,7 @@ typedef byte word24[3]; /* actual cipher values, 2nd byte */ enum { + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, @@ -870,7 +879,11 @@ enum Misc { ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ SECRET_LEN = 48, /* pre RSA and all master */ +#if defined(WOLFSSL_MYSQL_COMPATIBLE) + ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */ +#else ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ +#endif SIZEOF_SENDER = 4, /* clnt or srvr */ FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ @@ -915,6 +928,7 @@ enum Misc { OPAQUE16_LEN = 2, /* 2 bytes */ OPAQUE24_LEN = 3, /* 3 bytes */ OPAQUE32_LEN = 4, /* 4 bytes */ + OPAQUE64_LEN = 8, /* 8 bytes */ COMP_LEN = 1, /* compression length */ CURVE_LEN = 2, /* ecc named curve length */ SERVER_ID_LEN = 20, /* server session id length */ @@ -938,7 +952,14 @@ enum Misc { DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ - + DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */ + DTLS_EXPORT_VERSION = 1, /* wolfSSL version for serialized session */ + DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */ + DTLS_EXPORT_KEY_SZ = 331,/* max amount of bytes used from Keys */ + DTLS_EXPORT_MIN_KEY_SZ = 75, /* min amount of bytes used from Keys */ + DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ + DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ + MAX_EXPORT_BUFFER = 500, /* max size of buffer for exporting */ FINISHED_LABEL_SZ = 15, /* TLS finished label size */ TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ @@ -1050,7 +1071,40 @@ enum Misc { /* 150 suites for now! */ #endif +/* set minimum ECC key size allowed */ +#ifndef WOLFSSL_MIN_ECC_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_ECC_BITS 256 + #else + #define WOLFSSL_MIN_ECC_BITS 224 + #endif +#endif /* WOLFSSL_MIN_ECC_BITS */ +#if (WOLFSSL_MIN_ECC_BITS % 8) + /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1. + In these cases round down to the nearest value divisable by 8. The + restriction of being divisable by 8 is in place to match wc_ecc_size + function from wolfSSL. + */ + #error ECC minimum bit size must be a multiple of 8 +#endif +#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8) +/* set minimum RSA key size allowed */ +#ifndef WOLFSSL_MIN_RSA_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_RSA_BITS 2048 + #else + #define WOLFSSL_MIN_RSA_BITS 1024 + #endif +#endif /* WOLFSSL_MIN_RSA_BITS */ +#if (WOLFSSL_MIN_RSA_BITS % 8) + /* This is to account for the example case of a min size of 2050 bits but + still allows 2049 bit key. So we need the measurment to be in bytes. */ + #error RSA minimum bit size must be a multiple of 8 +#endif +#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8) + +/* set minimum DH key size allowed */ #ifndef WOLFSSL_MIN_DHKEY_BITS #ifdef WOLFSSL_MAX_STRENGTH #define WOLFSSL_MIN_DHKEY_BITS 2048 @@ -1149,6 +1203,14 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); #ifdef WOLFSSL_DTLS WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); + + #ifdef WOLFSSL_SESSION_EXPORT + WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, + word32 sz); + WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, + word32 sz); + WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); + #endif #endif /* wolfSSL method type */ @@ -1174,6 +1236,17 @@ typedef struct buffer { word32 length; } buffer; +#ifndef NO_CERTS + /* wolfSSL DER buffer */ + typedef struct DerBuffer { + byte* buffer; + void* heap; + word32 length; + int type; /* enum CertType */ + int dynType; /* DYNAMIC_TYPE_* */ + } DerBuffer; +#endif /* !NO_CERTS */ + enum { FORCED_FREE = 1, @@ -1275,7 +1348,10 @@ int SetCipherList(Suites*, const char* list); typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*, unsigned char*, unsigned int); #endif /* PSK_TYPES_DEFINED */ - +#ifdef WOLFSSL_DTLS + typedef int (*wc_dtls_export)(WOLFSSL* ssl, + unsigned char* exportBuffer, unsigned int sz, void* userCtx); +#endif #ifdef HAVE_NETX WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); @@ -1387,17 +1463,27 @@ struct WOLFSSL_CRL { #ifdef NO_ASN typedef struct Signer Signer; +#ifdef WOLFSSL_TRUST_PEER_CERT + typedef struct TrustedPeerCert TrustedPeerCert; +#endif #endif #ifndef CA_TABLE_SIZE #define CA_TABLE_SIZE 11 #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + #define TP_TABLE_SIZE 11 +#endif /* wolfSSL Certificate Manager */ struct WOLFSSL_CERT_MANAGER { Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ void* heap; /* heap helper */ +#ifdef WOLFSSL_TRUST_PEER_CERT + TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */ + wolfSSL_Mutex tpLock; /* trusted peer list lock */ +#endif WOLFSSL_CRL* crl; /* CRL checker */ WOLFSSL_OCSP* ocsp; /* OCSP checker */ #if !defined(NO_WOLFSSL_SEVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ @@ -1418,6 +1504,13 @@ struct WOLFSSL_CERT_MANAGER { byte ocspSendNonce; /* send the OCSP nonce ? */ byte ocspUseOverrideURL; /* ignore cert's responder, override */ byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ + +#ifndef NO_RSA + short minRsaKeySz; /* minimum allowed RSA key size */ +#endif +#ifdef HAVE_ECC + short minEccKeySz; /* minimum allowed ECC key size */ +#endif }; WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); @@ -1464,7 +1557,8 @@ typedef struct WOLFSSL_DTLS_CTX { #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ -/* keys and secrets */ +/* keys and secrets + * keep as a constant size (no additional ifdefs) for session export */ typedef struct Keys { byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ byte server_write_MAC_secret[MAX_DIGEST_SIZE]; @@ -1472,7 +1566,7 @@ typedef struct Keys { byte server_write_key[AES_256_KEY_SIZE]; byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */ byte server_write_IV[MAX_WRITE_IV_SZ]; -#ifdef HAVE_AEAD +#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT) byte aead_exp_IV[AEAD_MAX_EXP_SZ]; byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ]; byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ]; @@ -1760,6 +1854,22 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name); #endif /* HAVE_QSH */ + +#ifdef HAVE_WOLF_EVENT +typedef struct { + WOLF_EVENT* head; /* head of queue */ + WOLF_EVENT* tail; /* tail of queue */ +#ifndef SINGLE_THREADED + wolfSSL_Mutex lock; /* queue lock */ +#endif +} WOLF_EVENT_QUEUE; + +WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type); + +WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event); +#endif /* HAVE_WOLF_EVENT */ + + /* wolfSSL context type */ struct WOLFSSL_CTX { WOLFSSL_METHOD* method; @@ -1770,11 +1880,14 @@ struct WOLFSSL_CTX { buffer serverDH_G; #endif #ifndef NO_CERTS - buffer certificate; - buffer certChain; + DerBuffer* certificate; + DerBuffer* certChain; /* chain after self, in DER, with leading size for each cert */ - buffer privateKey; + DerBuffer* privateKey; WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ +#endif +#ifdef KEEP_OUR_CERT + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */ #endif Suites* suites; /* make dynamic, user may not need/set */ void* heap; /* for user memory overrides */ @@ -1797,11 +1910,18 @@ struct WOLFSSL_CTX { byte minDowngrade; /* minimum downgrade version */ #ifndef NO_DH word16 minDhKeySz; /* minimum DH key size */ +#endif +#ifndef NO_RSA + short minRsaKeySz; /* minimum RSA key size */ +#endif +#ifdef HAVE_ECC + short minEccKeySz; /* minimum ECC key size */ #endif CallbackIORecv CBIORecv; CallbackIOSend CBIOSend; #ifdef WOLFSSL_DTLS CallbackGenCookie CBIOCookie; /* gen cookie callback */ + wc_dtls_export dtls_export; /* export function for DTLS session */ #endif VerifyCallback verifyCallback; /* cert verification callback */ word32 timeout; /* session timeout */ @@ -1866,6 +1986,9 @@ struct WOLFSSL_CTX { CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ +#ifdef HAVE_WOLF_EVENT + WOLF_EVENT_QUEUE event_queue; +#endif /* HAVE_WOLF_EVENT */ }; @@ -1883,12 +2006,19 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 inSz, word16 sz); #ifndef NO_CERTS WOLFSSL_LOCAL - int AddCA(WOLFSSL_CERT_MANAGER* ctx, buffer der, int type, int verify); + int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify); WOLFSSL_LOCAL int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_LOCAL + int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify); + WOLFSSL_LOCAL + int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash); +#endif #endif -/* All cipher suite related info */ +/* All cipher suite related info + * Keep as a constant size (no ifdefs) for session export */ typedef struct CipherSpecs { word16 key_size; word16 iv_size; @@ -2125,12 +2255,22 @@ enum AcceptState { ACCEPT_THIRD_REPLY_DONE }; +/* sub-states for send/do key share (key exchange) */ +enum KeyShareState { + KEYSHARE_BEGIN = 0, + KEYSHARE_BUILD, + KEYSHARE_VERIFY, + KEYSHARE_FINALIZE, + KEYSHARE_END +}; +/* buffers for struct WOLFSSL */ typedef struct Buffers { bufferStatic inputBuffer; bufferStatic outputBuffer; buffer domainName; /* for client check */ buffer clearOutputBuffer; + buffer sig; /* signature data */ int prevSent; /* previous plain text bytes sent when got WANT_WRITE */ int plainSz; /* plain text bytes in buffer to send @@ -2146,9 +2286,9 @@ typedef struct Buffers { buffer serverDH_Priv; #endif #ifndef NO_CERTS - buffer certificate; /* WOLFSSL_CTX owns, unless we own */ - buffer key; /* WOLFSSL_CTX owns, unless we own */ - buffer certChain; /* WOLFSSL_CTX owns, unless we own */ + DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ + DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ + DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ /* chain after self, in DER, with leading size for each cert */ #endif #ifdef WOLFSSL_DTLS @@ -2223,6 +2363,9 @@ typedef struct Options { word16 createTicket:1; /* Server to create new Ticket */ word16 useTicket:1; /* Use Ticket not session cache */ #endif +#ifdef WOLFSSL_DTLS + word16 dtlsHsRetain:1; /* DTLS retaining HS data */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ @@ -2235,10 +2378,18 @@ typedef struct Options { byte minDowngrade; /* minimum downgrade version */ byte connectState; /* nonblocking resume */ byte acceptState; /* nonblocking resume */ + byte keyShareState; /* sub-state for key share (key exchange). + See enum KeyShareState. */ #ifndef NO_DH word16 minDhKeySz; /* minimum DH key size */ word16 dhKeySz; /* actual DH key size */ #endif +#ifndef NO_RSA + short minRsaKeySz; /* minimum RSA key size */ +#endif +#ifdef HAVE_ECC + short minEccKeySz; /* minimum ECC key size */ +#endif } Options; @@ -2279,8 +2430,10 @@ struct WOLFSSL_X509_NAME { char staticName[ASN_NAME_MAX]; int dynamicName; int sz; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) DecodedName fullName; + WOLFSSL_X509_NAME_ENTRY cnEntry; + WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ }; @@ -2322,7 +2475,9 @@ struct WOLFSSL_X509 { #ifdef HAVE_ECC word32 pkCurveOID; #endif /* HAVE_ECC */ - buffer derCert; /* may need */ + #ifndef NO_CERTS + DerBuffer* derCert; /* may need */ + #endif DNS_entry* altNames; /* alt names list */ DNS_entry* altNamesNext; /* hint for retrieval */ byte dynamicMemory; /* dynamic memory flag */ @@ -2467,6 +2622,12 @@ struct WOLFSSL { HandShakeDoneCb hsDoneCb; /* notify user handshake done */ void* hsDoneCtx; /* user handshake cb context */ #endif +#ifdef WOLFSSL_ASYNC_CRYPT + AsyncCrypt async; +#endif + void* sigKey; /* RsaKey or ecc_key allocated from heap */ + word32 sigType; /* Type of sigKey */ + word32 sigLen; /* Actual signature length */ WOLFSSL_CIPHER cipher; hmacfp hmac; Ciphers encrypt; @@ -2537,6 +2698,7 @@ struct WOLFSSL { DtlsMsg* dtls_msg_list; void* IOCB_CookieCtx; /* gen cookie ctx */ word32 dtls_expected_rx; + wc_dtls_export dtls_export; /* export function for session */ #endif #ifdef WOLFSSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ @@ -2551,6 +2713,12 @@ struct WOLFSSL { #ifdef KEEP_PEER_CERT WOLFSSL_X509 peerCert; /* X509 peer cert */ #endif +#ifdef KEEP_OUR_CERT + WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert. + points to ctx if not owned (owned + flag found in buffers.weOwnCert) */ +#endif + byte keepCert; /* keep certificate after handshake */ #if defined(FORTRESS) || defined(HAVE_STUNNEL) void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif @@ -2615,6 +2783,12 @@ struct WOLFSSL { #ifdef WOLFSSL_JNI void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */ #endif /* WOLFSSL_JNI */ +#ifdef HAVE_WOLF_EVENT + WOLF_EVENT event; +#endif /* HAVE_WOLF_EVENT */ +#ifdef WOLFSSL_ASYNC_CRYPT_TEST + AsyncCryptTests asyncCryptTest; +#endif /* WOLFSSL_ASYNC_CRYPT_TEST */ }; @@ -2646,8 +2820,12 @@ typedef struct EncryptedInfo { #ifndef NO_CERTS + + WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); + WOLFSSL_LOCAL void FreeDer(DerBuffer** der); + WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, - buffer* der, void* heap, EncryptedInfo* info, + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, @@ -2750,9 +2928,9 @@ WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); -WOLFSSL_LOCAL int AddSession(WOLFSSL*); -WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); -WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); +WOLFSSL_LOCAL int AddSession(WOLFSSL*); +WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); +WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); @@ -2764,15 +2942,46 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); #ifndef NO_CERTS #ifndef NO_RSA - WOLFSSL_LOCAL int VerifyRsaSign(const byte* sig, word32 sigSz, + WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, + const byte* sig, word32 sigSz, const byte* plain, word32 plainSz, RsaKey* key); + WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, + word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); + WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, + byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); + WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, + word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx); + #endif /* !NO_RSA */ + + #ifdef HAVE_ECC + WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, + void* ctx); + WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, + byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz, + void* ctx); + WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, + ecc_key* pub_key, byte* out, word32* outSz); + #endif /* HAVE_ECC */ + + #ifdef WOLFSSL_TRUST_PEER_CERT + + /* options for searching hash table for a matching trusted peer cert */ + #define WC_MATCH_SKID 0 + #define WC_MATCH_NAME 1 + + WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, + int type); + WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp, + DecodedCert* cert); #endif + WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); #ifndef NO_SKID WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); #endif -#endif +#endif /* !NO_CERTS */ WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender); WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); @@ -2823,11 +3032,11 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL word32 LowResTimer(void); -WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); -WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); -WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); -WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); #ifndef NO_CERTS + WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); + WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); + WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); + WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif @@ -2836,6 +3045,7 @@ WOLFSSL_LOCAL void c32to24(word32 in, word24 out); WOLFSSL_LOCAL const char* const* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); +WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); enum encrypt_side { @@ -2847,6 +3057,25 @@ enum encrypt_side { WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); +#ifndef NO_DH + WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, + byte* p, word32 pSz, + byte* g, word32 gSz, + byte* priv, word32* privSz, + byte* pub, word32* pubSz); + WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, + byte* p, word32 pSz, + byte* g, word32 gSz, + byte* priv, word32* privSz, + byte* pub, word32* pubSz, + const byte* otherPub, word32 otherPubSz, + byte* agree, word32* agreeSz); +#endif + +#ifdef HAVE_ECC + WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 8d05c26d0..af083410b 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -1,8 +1,8 @@ /* ocsp.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* wolfSSL OCSP API */ #ifndef WOLFSSL_OCSP_H @@ -34,14 +35,16 @@ extern "C" { #endif +struct buffer; typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); -WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, void*); +WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, + struct buffer* responseBuffer); WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, - OcspRequest* ocspRequest, void*); + OcspRequest* ocspRequest, struct buffer* responseBuffer); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h index f5b4f2a84..14b843b0b 100644 --- a/wolfssl/openssl/des.h +++ b/wolfssl/openssl/des.h @@ -1,8 +1,8 @@ /* des.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as wolfSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* des.h defines mini des openssl compatibility layer * */ @@ -60,6 +61,12 @@ WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, long length, WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec, int enc); +WOLFSSL_API void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, + unsigned char* output, long sz, + WOLFSSL_DES_key_schedule* ks1, + WOLFSSL_DES_key_schedule* ks2, + WOLFSSL_DES_key_schedule* ks3, + WOLFSSL_DES_cblock* ivec, int enc); WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, unsigned char* output, long length, WOLFSSL_DES_key_schedule* schedule, @@ -75,27 +82,12 @@ typedef WOLFSSL_const_DES_cblock const_DES_cblock; typedef WOLFSSL_DES_key_schedule DES_key_schedule; #define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked -#define DES_key_sched wolfSSL_DES_key_sched -#define DES_cbc_encrypt wolfSSL_DES_cbc_encrypt -#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt -#define DES_set_odd_parity wolfSSL_DES_set_odd_parity -#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt -#define DES_ede3_cbc_encrypt(input, output, sz, ks1, ks2, ks3, ivec, enc) \ -do { \ - Des3 des; \ - byte key[24];/* EDE uses 24 size key */ \ - memcpy(key, (ks1), DES_BLOCK_SIZE); \ - memcpy(&key[DES_BLOCK_SIZE], (ks2), DES_BLOCK_SIZE); \ - memcpy(&key[DES_BLOCK_SIZE * 2], (ks3), DES_BLOCK_SIZE); \ - if (enc) { \ - wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \ - wc_Des3_CbcEncrypt(&des, (output), (input), (sz)); \ - } \ - else { \ - wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \ - wc_Des3_CbcDecrypt(&des, (output), (input), (sz)); \ - } \ -} while(0) +#define DES_key_sched wolfSSL_DES_key_sched +#define DES_cbc_encrypt wolfSSL_DES_cbc_encrypt +#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt +#define DES_set_odd_parity wolfSSL_DES_set_odd_parity +#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt +#define DES_ede3_cbc_encrypt wolfSSL_DES_ede3_cbc_encrypt #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 2354ada3c..619f704f0 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -13,7 +13,7 @@ extern "C" { /* Map OpenSSL NID value */ enum { POINT_CONVERSION_UNCOMPRESSED = 4, - NID_secp111r1 = 0, + NID_secp112r1 = 0, NID_secp128r1 = 1, NID_secp160r1 = 2, NID_cert192 = 3, diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 4805a2245..bd4da583c 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -1,8 +1,8 @@ /* evp.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* evp.h defines mini evp openssl compatibility layer * */ diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h index 39e90126a..b0d54592a 100644 --- a/wolfssl/openssl/hmac.h +++ b/wolfssl/openssl/hmac.h @@ -1,8 +1,8 @@ /* hmac.h * - * Copyright (C) 2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* hmac.h defines mini hamc openssl compatibility layer * */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c79c74da1..8c417e635 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1,8 +1,8 @@ /* ssl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -15,11 +15,12 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * a with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* ssl.h defines wolfssl_openssl compatibility layer * */ @@ -40,6 +41,11 @@ #undef X509_NAME #endif +#ifdef WOLFSSL_UTASKER + /* tcpip.h clashes */ + #undef ASN1_INTEGER +#endif + typedef WOLFSSL SSL; typedef WOLFSSL_SESSION SSL_SESSION; @@ -97,7 +103,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_get_verify_depth wolfSSL_get_verify_depth #define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode #define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth -#define SSL_get_certificate(ctx) 0 /* used to pass to get_privatekey */ +#define SSL_get_certificate wolfSSL_get_certificate #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method @@ -178,12 +184,14 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_SESSION_free wolfSSL_SESSION_free #define SSL_is_init_finished wolfSSL_is_init_finished -#define SSL_get_version wolfSSL_get_version +#define SSL_get_version wolfSSL_get_version #define SSL_get_current_cipher wolfSSL_get_current_cipher -#define SSL_get_cipher wolfSSL_get_cipher + +/* use wolfSSL_get_cipher_name for its return format */ +#define SSL_get_cipher wolfSSL_get_cipher_name #define SSL_CIPHER_description wolfSSL_CIPHER_description -#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name -#define SSL_get1_session wolfSSL_get1_session +#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name +#define SSL_get1_session wolfSSL_get1_session #define SSL_get_keyblock_size wolfSSL_get_keyblock_size #define SSL_get_keys wolfSSL_get_keys @@ -376,7 +384,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; /* Lighthttp compatibility */ -#ifdef HAVE_LIGHTY +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CB_HANDSHAKE_START 0x10 @@ -393,14 +401,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object #define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define ASN1_STRING_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_length wolfSSL_ASN1_STRING_length +#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID +#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list +#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */ #endif -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) #define OBJ_nid2ln wolf_OBJ_nid2ln #define OBJ_txt2nid wolf_OBJ_txt2nid @@ -409,7 +423,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh -#endif /* HAVE_STUNNEL || HAVE_LIGHTY */ +#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */ #ifdef HAVE_STUNNEL #include diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in index 2043cbbf7..19d1fcec9 100644 --- a/wolfssl/options.h.in +++ b/wolfssl/options.h.in @@ -1,8 +1,8 @@ /* options.h.in * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* default blank options for autoconf */ #ifndef WOLFSSL_OPTIONS_H diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h index 6b8ae02ee..9773f7987 100644 --- a/wolfssl/sniffer.h +++ b/wolfssl/sniffer.h @@ -1,8 +1,8 @@ /* sniffer.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_SNIFFER_H #define WOLFSSL_SNIFFER_H @@ -61,6 +62,10 @@ SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, WOLFSSL_API SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error); +WOLFSSL_API +SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz, + char* error); + WOLFSSL_API SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index ee953a255..327455ec2 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -1,8 +1,8 @@ /* sniffer_error.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_SNIFFER_ERROR_H #define WOLFSSL_SNIFFER_ERROR_H diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ef626af63..6e756c6f3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1,8 +1,8 @@ /* ssl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* wolfSSL API */ #ifndef WOLFSSL_SSL_H @@ -37,8 +38,6 @@ #else #include #endif - #else - #include /* ERR_printf */ #endif #endif @@ -69,6 +68,7 @@ typedef struct WOLFSSL_CTX WOLFSSL_CTX; typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; +typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; @@ -223,12 +223,29 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); #endif +#ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS +typedef int (*wc_dtls_export)(WOLFSSL* ssl, + unsigned char* exportBuffer, unsigned int sz, void* userCtx); +WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, + unsigned int sz); +WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, + wc_dtls_export func); +WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func); +WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, + unsigned int* sz); +#endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_SESSION_EXPORT */ + #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*); +#ifdef WOLFSSL_TRUST_PEER_CERT +WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); +#endif WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); @@ -263,6 +280,7 @@ WOLFSSL_API WOLFSSL* wolfSSL_dup(WOLFSSL*); WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int); WOLFSSL_API char* wolfSSL_get_cipher_list(int priority); WOLFSSL_API int wolfSSL_get_ciphers(char*, int); +WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*); WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*); @@ -443,6 +461,11 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( WOLFSSL_X509_NAME*, int, char*, int); +WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( + WOLFSSL_X509_NAME*, int, int); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); +WOLFSSL_API char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*); +WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*); WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); @@ -639,6 +662,7 @@ enum { #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ +#include WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); #endif @@ -902,6 +926,16 @@ WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short); WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); #endif /* NO_DH */ +#ifndef NO_RSA +WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short); +WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short); +#endif /* NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short); +WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short); +#endif /* NO_RSA */ + WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short); WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short); @@ -923,7 +957,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #include #include #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ - !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) + !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ + !defined(WOLFSSL_EMBOS) #include #endif /* allow writev style writing */ @@ -936,6 +971,11 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, #ifndef NO_CERTS /* SSL_CTX versions */ WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*, + const unsigned char*, long, int); +#endif WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*, @@ -953,6 +993,10 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, const unsigned char*, long); WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*); + + #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) + WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl); + #endif #endif WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); @@ -1215,6 +1259,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*, const unsigned char* in, long sz, int format); WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); +#ifdef WOLFSSL_TRUST_PEER_CERT + WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); +#endif WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f, int format); WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, @@ -1579,21 +1626,23 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif +#if defined(WOLFSSL_MYSQL_COMPATIBLE) +WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, + char* buf, int len); +#endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef OPENSSL_EXTRA /*lighttp compatibility */ -#ifdef HAVE_LIGHTY -typedef struct WOLFSSL_X509_NAME_ENTRY { - WOLFSSL_ASN1_OBJECT* object; - WOLFSSL_ASN1_STRING* value; +#include +struct WOLFSSL_X509_NAME_ENTRY { + WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ + WOLFSSL_ASN1_STRING data; + WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ int set; int size; -} WOLFSSL_X509_NAME_ENTRY; - - -#include -#include +}; +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); @@ -1616,7 +1665,8 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #endif #endif -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) WOLFSSL_API char * wolf_OBJ_nid2ln(int n); WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); @@ -1734,6 +1784,42 @@ WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr); WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl); #endif /* WOLFSSL_JNI */ +#ifdef HAVE_WOLF_EVENT +typedef enum WOLF_EVENT_TYPE { + WOLF_EVENT_TYPE_NONE, + #ifdef WOLFSSL_ASYNC_CRYPT + WOLF_EVENT_TYPE_ASYNC_ACCEPT, + WOLF_EVENT_TYPE_ASYNC_CONNECT, + WOLF_EVENT_TYPE_ASYNC_READ, + WOLF_EVENT_TYPE_ASYNC_WRITE, + WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_ACCEPT, + WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WRITE, + #endif +} WOLF_EVENT_TYPE; + +typedef struct WOLF_EVENT WOLF_EVENT; +struct WOLF_EVENT { + WOLF_EVENT* next; /* To support event linked list */ + WOLFSSL* ssl; /* Reference back to SSL object */ + int ret; /* Async return code */ + WOLF_EVENT_TYPE type; + unsigned short pending:1; + unsigned short done:1; + /* Future event flags can go here */ +}; + +enum WOLF_POLL_FLAGS { + WOLF_POLL_FLAG_CHECK_HW = 0x01, + WOLF_POLL_FLAG_PEEK = 0x02, +}; + +WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount); +WOLFSSL_API int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount); + +#endif /* HAVE_WOLF_EVENT */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index dc4b2ac46..7099c7a39 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -10,6 +10,7 @@ #include #include #include +#include #ifdef ATOMIC_USER #include @@ -230,6 +231,16 @@ #else #define DEFAULT_MIN_DHKEY_BITS 1024 #endif +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) + #define DEFAULT_MIN_RSAKEY_BITS 2048 +#else + #define DEFAULT_MIN_RSAKEY_BITS 1024 +#endif +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) + #define DEFAULT_MIN_ECCKEY_BITS 256 +#else + #define DEFAULT_MIN_ECCKEY_BITS 224 +#endif /* all certs relative to wolfSSL home directory now */ #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) @@ -246,6 +257,10 @@ #define cliEccKey "certs/ecc-client-key.pem" #define cliEccCert "certs/client-ecc-cert.pem" #define crlPemDir "certs/crl" +#ifdef HAVE_WNR + /* Whitewood netRandom default config file */ + #define wnrConfig "wnr-example.conf" +#endif #else #define caCert "./certs/ca-cert.pem" #define eccCert "./certs/server-ecc.pem" @@ -260,6 +275,10 @@ #define cliEccKey "./certs/ecc-client-key.pem" #define cliEccCert "./certs/client-ecc-cert.pem" #define crlPemDir "./certs/crl" +#ifdef HAVE_WNR + /* Whitewood netRandom default config file */ + #define wnrConfig "./wnr-example.conf" +#endif #endif typedef struct tcp_ready { @@ -430,14 +449,22 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) { char* altName; - char* issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(x509), 0, 0); - char* subject = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_subject_name(x509), 0, 0); + char* issuer; + char* subject; byte serial[32]; int ret; int sz = sizeof(serial); + if (x509 == NULL) { + printf("%s No Cert\n", hdr); + return; + } + + issuer = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_issuer_name(x509), 0, 0); + subject = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_subject_name(x509), 0, 0); + printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject); while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) @@ -476,6 +503,9 @@ static INLINE void showPeer(WOLFSSL* ssl) printf("peer has no cert!\n"); wolfSSL_FreeX509(peer); #endif +#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) + ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); +#endif /* SHOW_CERTS */ printf("SSL version is %s\n", wolfSSL_get_version(ssl)); cipher = wolfSSL_get_current_cipher(ssl); @@ -521,8 +551,8 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, (void)useLookup; (void)udp; - if (addr == NULL || peer == NULL) - err_sys("invalid arguments to build_addr, addr or peer is NULL"); + if (addr == NULL) + err_sys("invalid argument to build_addr, addr is NULL"); memset(addr, 0, sizeof(SOCKADDR_IN_T)); @@ -830,29 +860,36 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, static INLINE void tcp_set_ready(func_args* args, word16 port, int ready_file) { + tcp_ready* ready = NULL; + + (void) ready; /* Account for case when "ready" is not used */ + #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) /* signal ready to tcp_accept */ - { - tcp_ready* ready = args->signal; - if (ready) { - pthread_mutex_lock(&ready->mutex); - ready->ready = 1; - ready->port = port; - pthread_cond_signal(&ready->cond); - pthread_mutex_unlock(&ready->mutex); - } + if (args) + ready = args->signal; + if (ready) { + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + ready->port = port; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); } #elif defined (WOLFSSL_TIRTOS) /* Need mutex? */ - tcp_ready* ready = args->signal; - ready->ready = 1; - ready->port = port; + if (args) + ready = args->signal; + if (ready) { + ready->ready = 1; + ready->port = port; + } #endif if (ready_file) { #ifndef NO_FILESYSTEM FILE* srf = NULL; - tcp_ready* ready = args ? args->signal : NULL; + if (args) + ready = args->signal; if (ready) { srf = fopen(ready->srfName, "w"); @@ -882,6 +919,9 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, { SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); + tcp_ready* ready = NULL; + + (void) ready; /* Account for case when "ready" is not used */ if (udp) { udp_accept(sockfd, clientfd, useAnyAddr, port, args); @@ -890,7 +930,6 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, if(do_listen) { tcp_listen(sockfd, &port, useAnyAddr, udp); - tcp_set_ready(args, port, ready_file); } @@ -999,14 +1038,16 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) #include - static INLINE double current_time(void) + static INLINE double current_time(int reset) { struct timeval tv; gettimeofday(&tv, 0); - + (void)reset; + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; } - +#else + extern double current_time(int reset); #endif #endif /* USE_WINDOWS_API */ @@ -1249,129 +1290,6 @@ static INLINE int OpenNitroxDevice(int dma_mode,int dev_id) } #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ - -#ifdef USE_WOLFSSL_MEMORY - - typedef struct memoryStats { - size_t totalAllocs; /* number of allocations */ - size_t totalBytes; /* total number of bytes allocated */ - size_t peakBytes; /* concurrent max bytes */ - size_t currentBytes; /* total current bytes in use */ - } memoryStats; - - typedef struct memHint { - size_t thisSize; /* size of this memory */ - void* thisMemory; /* actual memory for user */ - } memHint; - - typedef struct memoryTrack { - union { - memHint hint; - byte alignit[16]; /* make sure we have strong alignment */ - } u; - } memoryTrack; - - #if defined(WOLFSSL_TRACK_MEMORY) - #define DO_MEM_STATS - static memoryStats ourMemStats; - #endif - - static INLINE void* TrackMalloc(size_t sz) - { - memoryTrack* mt; - - if (sz == 0) - return NULL; - - mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); - if (mt == NULL) - return NULL; - - mt->u.hint.thisSize = sz; - mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack); - -#ifdef DO_MEM_STATS - ourMemStats.totalAllocs++; - ourMemStats.totalBytes += sz; - ourMemStats.currentBytes += sz; - if (ourMemStats.currentBytes > ourMemStats.peakBytes) - ourMemStats.peakBytes = ourMemStats.currentBytes; -#endif - - return mt->u.hint.thisMemory; - } - - - static INLINE void TrackFree(void* ptr) - { - memoryTrack* mt; - - if (ptr == NULL) - return; - - mt = (memoryTrack*)ptr; - --mt; /* same as minus sizeof(memoryTrack), removes header */ - -#ifdef DO_MEM_STATS - ourMemStats.currentBytes -= mt->u.hint.thisSize; -#endif - - free(mt); - } - - - static INLINE void* TrackRealloc(void* ptr, size_t sz) - { - void* ret = TrackMalloc(sz); - - if (ptr) { - /* if realloc is bigger, don't overread old ptr */ - memoryTrack* mt = (memoryTrack*)ptr; - --mt; /* same as minus sizeof(memoryTrack), removes header */ - - if (mt->u.hint.thisSize < sz) - sz = mt->u.hint.thisSize; - } - - if (ret && ptr) - memcpy(ret, ptr, sz); - - if (ret) - TrackFree(ptr); - - return ret; - } - - static INLINE void InitMemoryTracker(void) - { - if (wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0) - err_sys("wolfSSL SetAllocators failed for track memory"); - - #ifdef DO_MEM_STATS - ourMemStats.totalAllocs = 0; - ourMemStats.totalBytes = 0; - ourMemStats.peakBytes = 0; - ourMemStats.currentBytes = 0; - #endif - } - - static INLINE void ShowMemoryTracker(void) - { - #ifdef DO_MEM_STATS - printf("total Allocs = %9lu\n", - (unsigned long)ourMemStats.totalAllocs); - printf("total Bytes = %9lu\n", - (unsigned long)ourMemStats.totalBytes); - printf("peak Bytes = %9lu\n", - (unsigned long)ourMemStats.peakBytes); - printf("current Bytes = %9lu\n", - (unsigned long)ourMemStats.currentBytes); - #endif - } - -#endif /* USE_WOLFSSL_MEMORY */ - - #ifdef HAVE_STACK_SIZE typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args); @@ -2032,4 +1950,36 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ +#ifdef WOLFSSL_ASYNC_CRYPT + static INLINE int AsyncCryptPoll(WOLFSSL* ssl) + { + int ret, eventCount = 0; + WOLF_EVENT events[1]; + + printf("Connect/Accept got WC_PENDING_E\n"); + + ret = wolfSSL_poll(ssl, events, sizeof(events)/sizeof(WOLF_EVENT), + WOLF_POLL_FLAG_CHECK_HW, &eventCount); + if (ret == 0 && eventCount > 0) { + ret = 1; /* Success */ + } + + return ret; + } +#endif + +static INLINE word16 GetRandomPort(void) +{ + word16 port = 0; + + /* Generate random port for testing */ + WC_RNG rng; + if (wc_InitRng(&rng) == 0) { + wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)); + port |= 0xC000; /* Make sure its in the 49152 - 65535 range */ + wc_FreeRng(&rng); + } + return port; +} + #endif /* wolfSSL_TEST_H */ diff --git a/wolfssl/version.h b/wolfssl/version.h index d349140b5..0f77c7f76 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -1,8 +1,8 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_VERSION_H #define WOLFSSL_VERSION_H @@ -27,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.8.1" -#define LIBWOLFSSL_VERSION_HEX 0x03008001 +#define LIBWOLFSSL_VERSION_STRING "3.9.1" +#define LIBWOLFSSL_VERSION_HEX 0x03009001 #ifdef __cplusplus } diff --git a/wolfssl/version.h.in b/wolfssl/version.h.in index cc3c5e30f..ecd801388 100644 --- a/wolfssl/version.h.in +++ b/wolfssl/version.h.in @@ -1,8 +1,8 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_VERSION_H #define WOLFSSL_VERSION_H diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index af149861c..1e1a061c5 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -1,8 +1,8 @@ /* aes.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_AES_H #define WOLF_CRYPT_AES_H diff --git a/wolfssl/wolfcrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h index 727b62759..a97430632 100644 --- a/wolfssl/wolfcrypt/arc4.h +++ b/wolfssl/wolfcrypt/arc4.h @@ -1,8 +1,8 @@ /* arc4.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ARC4_H #define WOLF_CRYPT_ARC4_H diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index fbf4db2e4..f581f27a9 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1,8 +1,8 @@ /* asn.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ASN_H #define WOLF_CRYPT_ASN_H @@ -58,7 +59,6 @@ extern "C" { #endif - enum { ISSUER = 0, SUBJECT = 1, @@ -194,24 +194,25 @@ enum Misc_ASN { EIGHTK_BUF = 8192, /* Tmp buffer size */ MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, /* use bigger NTRU size */ - HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */ + HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ + TRAILING_ZERO = 1 /* Used for size of zero pad */ }; enum Oid_Types { - hashType = 0, - sigType = 1, - keyType = 2, - curveType = 3, - blkType = 4, - ocspType = 5, - certExtType = 6, - certAuthInfoType = 7, - certPolicyType = 8, - certAltNameType = 9, - certKeyUseType = 10, - kdfType = 11, - ignoreType + oidHashType = 0, + oidSigType = 1, + oidKeyType = 2, + oidCurveType = 3, + oidBlkType = 4, + oidOcspType = 5, + oidCertExtType = 6, + oidCertAuthInfoType = 7, + oidCertPolicyType = 8, + oidCertAltNameType = 9, + oidCertKeyUseType = 10, + oidKdfType = 11, + oidIgnoreType }; @@ -365,6 +366,9 @@ struct DecodedName { typedef struct DecodedCert DecodedCert; typedef struct DecodedName DecodedName; typedef struct Signer Signer; +#ifdef WOLFSSL_TRUST_PEER_CERT +typedef struct TrustedPeerCert TrustedPeerCert; +#endif /* WOLFSSL_TRUST_PEER_CERT */ struct DecodedCert { @@ -554,6 +558,28 @@ struct Signer { }; +#ifdef WOLFSSL_TRUST_PEER_CERT +/* used for having trusted peer certs rather then CA */ +struct TrustedPeerCert { + int nameLen; + char* name; /* common name */ + #ifndef IGNORE_NAME_CONSTRAINTS + Base_entry* permittedNames; + Base_entry* excludedNames; + #endif /* IGNORE_NAME_CONSTRAINTS */ + byte subjectNameHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #ifndef NO_SKID + byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; + /* sha hash of names in certificate */ + #endif + word32 sigLen; + byte* sig; + struct TrustedPeerCert* next; +}; +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + /* not for public consumption but may use for testing sometimes */ #ifdef WOLFSSL_TEST_CERT #define WOLFSSL_TEST_API WOLFSSL_API @@ -575,11 +601,18 @@ WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); WOLFSSL_LOCAL Signer* MakeSigner(void*); WOLFSSL_LOCAL void FreeSigner(Signer*, void*); WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); - +#ifdef WOLFSSL_TRUST_PEER_CERT +WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); +WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); +#endif /* WOLFSSL_TRUST_PEER_CERT */ WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length); WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); +typedef struct tm wolfssl_tm; + +WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, + wolfssl_tm* certTime, int* idx); WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); /* ASN.1 helper functions */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index fee49760f..83140e674 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -1,8 +1,8 @@ /* asn_public.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ASN_PUBLIC_H #define WOLF_CRYPT_ASN_PUBLIC_H @@ -50,7 +51,8 @@ enum CertType { RSA_TYPE, PUBLICKEY_TYPE, RSA_PUBLICKEY_TYPE, - ECC_PUBLICKEY_TYPE + ECC_PUBLICKEY_TYPE, + TRUSTED_PEER_TYPE }; @@ -75,6 +77,7 @@ enum Ctc_Encoding { }; enum Ctc_Misc { + CTC_COUNTRY_SIZE = 2, CTC_NAME_SIZE = 64, CTC_DATE_SIZE = 32, CTC_MAX_ALT_SIZE = 16384, /* may be huge */ @@ -94,6 +97,9 @@ enum Ctc_Misc { #ifndef HAVE_ECC typedef struct ecc_key ecc_key; #endif +#ifdef NO_RSA + typedef struct RsaKey RsaKey; +#endif typedef struct CertName { char country[CTC_NAME_SIZE]; @@ -257,6 +263,10 @@ WOLFSSL_API int wc_SetCertificatePolicies(Cert *cert, const char **input); /* public key helper */ WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, ecc_key*, word32); + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, + word32 inLen, int with_AlgCurve); + #endif #endif /* DER encode signature */ diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h index 0e82bd389..3830c33fc 100644 --- a/wolfssl/wolfcrypt/blake2-impl.h +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -12,9 +12,9 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFCRYPT_BLAKE2_IMPL_H #define WOLFCRYPT_BLAKE2_IMPL_H diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h index 26a2c87b4..0d62eaf52 100644 --- a/wolfssl/wolfcrypt/blake2-int.h +++ b/wolfssl/wolfcrypt/blake2-int.h @@ -12,9 +12,9 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,11 +28,12 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFCRYPT_BLAKE2_INT_H #define WOLFCRYPT_BLAKE2_INT_H diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h index 51866639a..ccad86cfb 100644 --- a/wolfssl/wolfcrypt/blake2.h +++ b/wolfssl/wolfcrypt/blake2.h @@ -1,8 +1,8 @@ /* blake2.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -15,12 +15,13 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * a with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_BLAKE2_H #define WOLF_CRYPT_BLAKE2_H diff --git a/wolfssl/wolfcrypt/camellia.h b/wolfssl/wolfcrypt/camellia.h index 4b7b92af3..923d5a940 100644 --- a/wolfssl/wolfcrypt/camellia.h +++ b/wolfssl/wolfcrypt/camellia.h @@ -27,9 +27,9 @@ /* camellia.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,9 +43,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_CAMELLIA_H #define WOLF_CRYPT_CAMELLIA_H diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index da938c973..68427eb9f 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -1,8 +1,8 @@ /* chacha.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_CHACHA_H #define WOLF_CRYPT_CHACHA_H @@ -30,12 +31,20 @@ extern "C" { #endif +/* Size of the IV */ +#define CHACHA_IV_WORDS 3 +#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32)) + +/* Size of ChaCha chunks */ +#define CHACHA_CHUNK_WORDS 16 +#define CHACHA_CHUNK_BYTES (CHACHA_CHUNK_WORDS * sizeof(word32)) + enum { CHACHA_ENC_TYPE = 7 /* cipher unique type */ }; typedef struct ChaCha { - word32 X[16]; /* state of cipher */ + word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ } ChaCha; /** diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index e65842bfa..47df00426 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,8 +1,8 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10): * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h index cd180e72a..5395cc2f4 100644 --- a/wolfssl/wolfcrypt/coding.h +++ b/wolfssl/wolfcrypt/coding.h @@ -1,8 +1,8 @@ /* coding.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_CODING_H #define WOLF_CRYPT_CODING_H diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h index dc012b865..27ead357f 100644 --- a/wolfssl/wolfcrypt/compress.h +++ b/wolfssl/wolfcrypt/compress.h @@ -1,8 +1,8 @@ /* compress.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_COMPRESS_H #define WOLF_CRYPT_COMPRESS_H diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index cb1dad032..d775877bf 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -1,8 +1,8 @@ /* curve25519.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_CURVE25519_H #define WOLF_CRYPT_CURVE25519_H diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index 4506e3dae..370b52d44 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -1,8 +1,8 @@ /* des3.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_DES3_H #define WOLF_CRYPT_DES3_H diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index a116eab7c..6ac7be65e 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -1,8 +1,8 @@ /* dh.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_DH_H #define WOLF_CRYPT_DH_H diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index 1d26a3d69..1b56367ce 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -1,8 +1,8 @@ /* dsa.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_DSA_H #define WOLF_CRYPT_DSA_H diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 9fe4a89f0..e67a49720 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -1,8 +1,8 @@ /* ecc.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ECC_H #define WOLF_CRYPT_ECC_H @@ -60,6 +61,27 @@ typedef struct { } ecc_set_type; +/* Determine max ECC bits based on enabled curves */ +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + #define MAX_ECC_BITS 521 +#elif defined(HAVE_ECC384) + #define MAX_ECC_BITS 384 +#elif defined(HAVE_ECC224) + #define MAX_ECC_BITS 224 +#elif !defined(NO_ECC256) + #define MAX_ECC_BITS 256 +#elif defined(HAVE_ECC192) + #define MAX_ECC_BITS 192 +#elif defined(HAVE_ECC160) + #define MAX_ECC_BITS 160 +#elif defined(HAVE_ECC128) + #define MAX_ECC_BITS 128 +#elif defined(HAVE_ECC112) + #define MAX_ECC_BITS 112 +#endif + + + #ifdef ALT_ECC_SIZE /* Note on ALT_ECC_SIZE: @@ -89,14 +111,26 @@ typedef struct { #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE #endif +/* determine max bits required for ECC math */ #ifndef FP_MAX_BITS_ECC - #define FP_MAX_BITS_ECC 528 + /* check alignment */ + #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 + /* max bits is double */ + #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) + #else + /* max bits is doubled, plus one digit of fudge */ + #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) + #endif +#else + /* verify alignment */ + #if FP_MAX_BITS_ECC % CHAR_BIT + #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT + #endif #endif -#define FP_MAX_SIZE_ECC (FP_MAX_BITS_ECC+(8*DIGIT_BIT)) -#if FP_MAX_BITS_ECC % CHAR_BIT - #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT -#endif -#define FP_SIZE_ECC (FP_MAX_SIZE_ECC/DIGIT_BIT) + +/* determine buffer size */ +#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT) + /* This needs to match the size of the fp_int struct, except the * fp_digit array will be shorter. */ diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 606ff4145..103a06599 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -1,8 +1,8 @@ /* ed25519.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ED25519_H #define WOLF_CRYPT_ED25519_H diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 4b4cdc7ba..a6e05ba7d 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -1,8 +1,8 @@ /* error-crypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ERROR_H #define WOLF_CRYPT_ERROR_H @@ -166,6 +167,10 @@ enum { BAD_COND_E = -230, /* Bad condition variable operation */ SIG_TYPE_E = -231, /* Signature Type not enabled/available */ HASH_TYPE_E = -232, /* Hash Type not enabled/available */ + WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */ + + WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */ + ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */ BIO_CALLBACK_E = -250, /* BIO callback function failed */ BIO_CREATE_METHOD_E = -251, /* BIO method create function failed */ diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h index 52b79d842..1d0a801ef 100644 --- a/wolfssl/wolfcrypt/fe_operations.h +++ b/wolfssl/wolfcrypt/fe_operations.h @@ -1,8 +1,8 @@ /* fe_operations.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_FE_OPERATIONS_H #define WOLF_CRYPT_FE_OPERATIONS_H diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index 6ef06788f..5b3a2c1f9 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -1,8 +1,8 @@ /* fips_test.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_FIPS_TEST_H #define WOLF_CRYPT_FIPS_TEST_H diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h index 00d1b3edc..c079b36b8 100644 --- a/wolfssl/wolfcrypt/ge_operations.h +++ b/wolfssl/wolfcrypt/ge_operations.h @@ -1,8 +1,8 @@ /* ge_operations.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ #ifndef WOLF_CRYPT_GE_OPERATIONS_H diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2c9acec3a..e9021514b 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -1,8 +1,8 @@ /* hash.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_HASH_H #define WOLF_CRYPT_HASH_H @@ -38,6 +39,7 @@ enum wc_HashType { WC_HASH_TYPE_SHA256 = 5, WC_HASH_TYPE_SHA384 = 6, WC_HASH_TYPE_SHA512 = 7, + WC_HASH_TYPE_MD5_SHA = 8, }; /* Find largest possible digest size diff --git a/wolfssl/wolfcrypt/hc128.h b/wolfssl/wolfcrypt/hc128.h index ba53dd3d5..609228ad0 100644 --- a/wolfssl/wolfcrypt/hc128.h +++ b/wolfssl/wolfcrypt/hc128.h @@ -1,8 +1,8 @@ /* hc128.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_HC128_H #define WOLF_CRYPT_HC128_H diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 2be5afcee..b80a48786 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -1,8 +1,8 @@ /* hmac.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef NO_HMAC #ifndef WOLF_CRYPT_HMAC_H diff --git a/wolfssl/wolfcrypt/idea.h b/wolfssl/wolfcrypt/idea.h index 7fcd2c051..de6ad767a 100644 --- a/wolfssl/wolfcrypt/idea.h +++ b/wolfssl/wolfcrypt/idea.h @@ -1,8 +1,8 @@ /* idea.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_IDEA_H #define WOLF_CRYPT_IDEA_H diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 66441e70b..ab7172ef5 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -56,9 +56,11 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/logging.h \ wolfssl/wolfcrypt/memory.h \ wolfssl/wolfcrypt/mpi_class.h \ - wolfssl/wolfcrypt/mpi_superclass.h + wolfssl/wolfcrypt/mpi_superclass.h \ + wolfssl/wolfcrypt/mem_track.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ wolfssl/wolfcrypt/port/ti/ti-hash.h \ - wolfssl/wolfcrypt/port/ti/ti-ccm.h + wolfssl/wolfcrypt/port/ti/ti-ccm.h \ + wolfssl/wolfcrypt/port/nrf51.h diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index a765f3dec..4241746a0 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -1,8 +1,8 @@ /* integer.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com @@ -229,6 +230,7 @@ extern const char *mp_s_rmap; /* 6 functions needed by Rsa */ int mp_init (mp_int * a); void mp_clear (mp_int * a); +void mp_forcezero(mp_int * a); int mp_unsigned_bin_size(mp_int * a); int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); int mp_to_unsigned_bin (mp_int * a, unsigned char *b); @@ -309,6 +311,12 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, int mp_toradix (mp_int *a, char *str, int radix); int mp_radix_size (mp_int * a, int radix, int *size); +#ifdef WOLFSSL_DEBUG_MATH + void mp_dump(const char* desc, mp_int* a, byte verbose); +#else + #define mp_dump(desc, a, verbose) +#endif + #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); #endif diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 03681412d..29bf0abea 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -1,8 +1,8 @@ /* logging.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* submitted by eof */ diff --git a/wolfssl/wolfcrypt/md2.h b/wolfssl/wolfcrypt/md2.h index d494078b2..a86995e9c 100644 --- a/wolfssl/wolfcrypt/md2.h +++ b/wolfssl/wolfcrypt/md2.h @@ -1,8 +1,8 @@ /* md2.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_MD2_H #define WOLF_CRYPT_MD2_H diff --git a/wolfssl/wolfcrypt/md4.h b/wolfssl/wolfcrypt/md4.h index 369e15bc8..7b2688ec4 100644 --- a/wolfssl/wolfcrypt/md4.h +++ b/wolfssl/wolfcrypt/md4.h @@ -1,8 +1,8 @@ /* md4.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_MD4_H #define WOLF_CRYPT_MD4_H diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h index 4f4e6f9da..bed0b984c 100644 --- a/wolfssl/wolfcrypt/md5.h +++ b/wolfssl/wolfcrypt/md5.h @@ -1,8 +1,8 @@ /* md5.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_MD5_H #define WOLF_CRYPT_MD5_H diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h new file mode 100644 index 000000000..4d69a565b --- /dev/null +++ b/wolfssl/wolfcrypt/mem_track.h @@ -0,0 +1,232 @@ +/* mem_track.h + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* The memory tracker overrides the wolfSSL memory callback system and uses a + * static to track the total, peak and currently allocated bytes. + * + * If you are already using the memory callbacks then enabling this will + * override the memory callbacks and prevent your memory callbacks from + * working. This assumes malloc() and free() are available. Feel free to + * customize this for your needs. + + * The enable this feature define the following: + * #define USE_WOLFSSL_MEMORY + * #define WOLFSSL_TRACK_MEMORY + * + * On startup call: + * InitMemoryTracker(); + * + * When ready to dump the memory report call: + * ShowMemoryTracker(); + * + * Report example: + * total Allocs = 228 + * total Bytes = 93442 + * peak Bytes = 8840 + * current Bytes = 0 + * + * + * You can also: + * #define WOLFSSL_DEBUG_MEMORY + * + * To print every alloc/free along with the function and line number. + * Example output: + * Alloc: 0x7fa14a500010 -> 120 at wc_InitRng:496 + * Free: 0x7fa14a500010 -> 120 at wc_FreeRng:606 + */ + + +#ifndef WOLFSSL_MEM_TRACK_H +#define WOLFSSL_MEM_TRACK_H + +#ifdef USE_WOLFSSL_MEMORY + + #include "wolfssl/wolfcrypt/logging.h" + + typedef struct memoryStats { + size_t totalAllocs; /* number of allocations */ + size_t totalBytes; /* total number of bytes allocated */ + size_t peakBytes; /* concurrent max bytes */ + size_t currentBytes; /* total current bytes in use */ + } memoryStats; + + typedef struct memHint { + size_t thisSize; /* size of this memory */ + void* thisMemory; /* actual memory for user */ + } memHint; + + typedef struct memoryTrack { + union { + memHint hint; + byte alignit[16]; /* make sure we have strong alignment */ + } u; + } memoryTrack; + + #if defined(WOLFSSL_TRACK_MEMORY) + #define DO_MEM_STATS + static memoryStats ourMemStats; + #endif + + /* if defined to not using inline then declare function prototypes */ + #ifdef NO_INLINE + #define STATIC + WOLFSSL_LOCAL void* TrackMalloc(size_t sz); + WOLFSSL_LOCAL void TrackFree(void* ptr); + WOLFSSL_LOCAL void* TrackRealloc(void* ptr, size_t sz); + WOLFSSL_LOCAL int InitMemoryTracker(void); + WOLFSSL_LOCAL void ShowMemoryTracker(void); + #else + #define STATIC static + #endif + +#ifdef WOLFSSL_DEBUG_MEMORY + STATIC INLINE void* TrackMalloc(size_t sz, const char* func, unsigned int line) +#else + STATIC INLINE void* TrackMalloc(size_t sz) +#endif + { + memoryTrack* mt; + + if (sz == 0) + return NULL; + + mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); + if (mt == NULL) + return NULL; + + mt->u.hint.thisSize = sz; + mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack); + +#ifdef WOLFSSL_DEBUG_MEMORY + printf("Alloc: %p -> %u at %s:%d\n", mt->u.hint.thisMemory, (word32)sz, func, line); +#endif + +#ifdef DO_MEM_STATS + ourMemStats.totalAllocs++; + ourMemStats.totalBytes += sz; + ourMemStats.currentBytes += sz; + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; +#endif + + return mt->u.hint.thisMemory; + } + + +#ifdef WOLFSSL_DEBUG_MEMORY + STATIC INLINE void TrackFree(void* ptr, const char* func, unsigned int line) +#else + STATIC INLINE void TrackFree(void* ptr) +#endif + { + memoryTrack* mt; + + if (ptr == NULL) { + return; + } + + mt = (memoryTrack*)ptr; + --mt; /* same as minus sizeof(memoryTrack), removes header */ + +#ifdef DO_MEM_STATS + ourMemStats.currentBytes -= mt->u.hint.thisSize; +#endif + +#ifdef WOLFSSL_DEBUG_MEMORY + printf("Free: %p -> %u at %s:%d\n", ptr, (word32)mt->u.hint.thisSize, func, line); +#endif + + free(mt); + } + + +#ifdef WOLFSSL_DEBUG_MEMORY + STATIC INLINE void* TrackRealloc(void* ptr, size_t sz, const char* func, unsigned int line) +#else + STATIC INLINE void* TrackRealloc(void* ptr, size_t sz) +#endif + { + #ifdef WOLFSSL_DEBUG_MEMORY + void* ret = TrackMalloc(sz, func, line); + #else + void* ret = TrackMalloc(sz); + #endif + + if (ptr) { + /* if realloc is bigger, don't overread old ptr */ + memoryTrack* mt = (memoryTrack*)ptr; + --mt; /* same as minus sizeof(memoryTrack), removes header */ + + if (mt->u.hint.thisSize < sz) + sz = mt->u.hint.thisSize; + } + + if (ret && ptr) + memcpy(ret, ptr, sz); + + if (ret) { + #ifdef WOLFSSL_DEBUG_MEMORY + TrackFree(ptr, func, line); + #else + TrackFree(ptr); + #endif + } + + return ret; + } + + STATIC INLINE int InitMemoryTracker(void) + { + int ret = wolfSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc); + if (ret < 0) { + printf("wolfSSL SetAllocators failed for track memory\n"); + return ret; + } + + #ifdef DO_MEM_STATS + ourMemStats.totalAllocs = 0; + ourMemStats.totalBytes = 0; + ourMemStats.peakBytes = 0; + ourMemStats.currentBytes = 0; + #endif + + return ret; + } + + STATIC INLINE void ShowMemoryTracker(void) + { + #ifdef DO_MEM_STATS + printf("total Allocs = %9lu\n", + (unsigned long)ourMemStats.totalAllocs); + printf("total Bytes = %9lu\n", + (unsigned long)ourMemStats.totalBytes); + printf("peak Bytes = %9lu\n", + (unsigned long)ourMemStats.peakBytes); + printf("current Bytes = %9lu\n", + (unsigned long)ourMemStats.currentBytes); + #endif + } + +#endif /* USE_WOLFSSL_MEMORY */ + +#endif /* WOLFSSL_MEM_TRACK_H */ + diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 3968b3527..5bf8c26f6 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -1,8 +1,8 @@ /* memory.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* submitted by eof */ @@ -32,22 +33,31 @@ extern "C" { #endif -typedef void *(*wolfSSL_Malloc_cb)(size_t size); -typedef void (*wolfSSL_Free_cb)(void *ptr); -typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size); +#ifdef WOLFSSL_DEBUG_MEMORY + typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line); + typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line); + /* Public in case user app wants to use XMALLOC/XFREE */ + WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line); + WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line); +#else + typedef void *(*wolfSSL_Malloc_cb)(size_t size); + typedef void (*wolfSSL_Free_cb)(void *ptr); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size); + + /* Public in case user app wants to use XMALLOC/XFREE */ + WOLFSSL_API void* wolfSSL_Malloc(size_t size); + WOLFSSL_API void wolfSSL_Free(void *ptr); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size); +#endif /* Public set function */ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, wolfSSL_Free_cb free_function, wolfSSL_Realloc_cb realloc_function); -/* Public in case user app wants to use XMALLOC/XFREE */ -WOLFSSL_API void* wolfSSL_Malloc(size_t size); -WOLFSSL_API void wolfSSL_Free(void *ptr); -WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size); - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 78c7fbdc9..959b2d87f 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -1,8 +1,8 @@ /* misc.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_MISC_H #define WOLF_CRYPT_MISC_H diff --git a/wolfssl/wolfcrypt/mpi_class.h b/wolfssl/wolfcrypt/mpi_class.h index 334a7a4db..32b95f1f3 100644 --- a/wolfssl/wolfcrypt/mpi_class.h +++ b/wolfssl/wolfcrypt/mpi_class.h @@ -1,8 +1,8 @@ /* mpi_class.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #if !(defined(LTM1) && defined(LTM2) && defined(LTM3)) #if defined(LTM2) #define LTM3 diff --git a/wolfssl/wolfcrypt/mpi_superclass.h b/wolfssl/wolfcrypt/mpi_superclass.h index 7475b6200..aa09bed63 100644 --- a/wolfssl/wolfcrypt/mpi_superclass.h +++ b/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,8 +1,8 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* super class file for PK algos */ /* default ... include all MPI */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 32a46faf2..e5634df12 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -1,8 +1,8 @@ /* pkcs7.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_PKCS7_H #define WOLF_CRYPT_PKCS7_H diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index 55369cb4a..e64cabf94 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -1,8 +1,8 @@ /* poly1305.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_POLY1305_H #define WOLF_CRYPT_POLY1305_H diff --git a/wolfssl/wolfcrypt/port/nrf51.h b/wolfssl/wolfcrypt/port/nrf51.h new file mode 100644 index 000000000..ca085fad6 --- /dev/null +++ b/wolfssl/wolfcrypt/port/nrf51.h @@ -0,0 +1,44 @@ +/* nrf51.h + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_NRF51_PORT_H +#define WOLFSSL_NRF51_PORT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Public Functions */ +int nrf51_random_generate(byte* output, word32 sz); + +int nrf51_aes_set_key(const byte* key); +int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out); + +double current_time(int reset); + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_NRF51_PORT_H */ diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 85ad8b037..f8105d703 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -1,8 +1,8 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef PIC32MZ_CRYPT_H #define PIC32MZ_CRYPT_H diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h index 8e75e0d3e..30ab108ac 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h +++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h @@ -1,8 +1,8 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifndef WOLF_CRYPT_TI_CCM_H diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 505ccc498..c63a2ce20 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -1,8 +1,8 @@ /* port/ti/ti-hash.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,8 +16,9 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_TI_HASH_H #define WOLF_CRYPT_TI_HASH_H diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index f4d47ca58..b9cfa01df 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -1,8 +1,8 @@ /* pwdbased.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_PWDBASED_H #define WOLF_CRYPT_PWDBASED_H diff --git a/wolfssl/wolfcrypt/rabbit.h b/wolfssl/wolfcrypt/rabbit.h index ea5ae7308..50ebeebf6 100644 --- a/wolfssl/wolfcrypt/rabbit.h +++ b/wolfssl/wolfcrypt/rabbit.h @@ -1,8 +1,8 @@ /* rabbit.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_RABBIT_H #define WOLF_CRYPT_RABBIT_H diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 96ddf11cd..f047b07f2 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -1,8 +1,8 @@ /* random.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_RANDOM_H #define WOLF_CRYPT_RANDOM_H @@ -34,6 +35,9 @@ extern "C" { #endif +/* Maximum generate block length */ +#define RNG_MAX_BLOCK_LEN (0x10000) + #ifndef HAVE_FIPS /* avoid redefining structs and macros */ #if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4) #error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined. @@ -48,6 +52,10 @@ #include #endif /* HAVE_HASHDRBG || NO_RC4 */ +#ifdef HAVE_WNR + #include +#endif + #if defined(USE_WINDOWS_API) #if defined(_WIN64) typedef unsigned __int64 ProviderHandle; @@ -125,6 +133,12 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #endif /* HAVE_HASH_DRBG || NO_RC4 */ +#ifdef HAVE_WNR + /* Whitewood netRandom client library */ + WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int); + WOLFSSL_API int wc_FreeNetRandom(void); +#endif /* HAVE_WNR */ + WOLFSSL_API int wc_InitRng(WC_RNG*); WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); diff --git a/wolfssl/wolfcrypt/ripemd.h b/wolfssl/wolfcrypt/ripemd.h index a76b64d8a..5845d594c 100644 --- a/wolfssl/wolfcrypt/ripemd.h +++ b/wolfssl/wolfcrypt/ripemd.h @@ -1,8 +1,8 @@ /* ripemd.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_RIPEMD_H #define WOLF_CRYPT_RIPEMD_H diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 6d9f504a5..e3d8261ff 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -1,8 +1,8 @@ /* rsa.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_RSA_H #define WOLF_CRYPT_RSA_H diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 96940c356..f3e981282 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1,8 +1,8 @@ /* settings.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Place OS specific preprocessor flags, defines, includes here, will be included into every file because types.h includes it */ @@ -135,6 +136,15 @@ /* Uncomment next line if building for ARDUINO */ /* #define WOLFSSL_ARDUINO */ +/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */ +/* #define WOLFSSL_ASYNC_CRYPT */ + +/* Uncomment next line if building for uTasker */ +/* #define WOLFSSL_UTASKER */ + +/* Uncomment next line if building for embOS */ +/* #define WOLFSSL_EMBOS */ + #include #ifdef WOLFSSL_USER_SETTINGS @@ -318,6 +328,7 @@ #ifdef VXWORKS_SIM #define TFM_NO_ASM #endif + #define WOLFSSL_PTHREADS #define WOLFSSL_HAVE_MIN #define USE_FAST_MATH #define TFM_TIMING_RESISTANT @@ -345,9 +356,74 @@ #endif +#ifdef WOLFSSL_UTASKER + /* uTasker configuration - used for fnRandom() */ + #include "config.h" + + #define SINGLE_THREADED + #define NO_WOLFSSL_DIR + #define WOLFSSL_HAVE_MIN + #define NO_WRITEV + + #define HAVE_ECC + #define ALT_ECC_SIZE + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + /* used in wolfCrypt test */ + #define NO_MAIN_DRIVER + #define USE_CERT_BUFFERS_2048 + + /* uTasker port uses RAW sockets, use I/O callbacks + * See wolfSSL uTasker example for sample callbacks */ + #define WOLFSSL_USER_IO + + /* uTasker filesystem not ported */ + #define NO_FILESYSTEM + + /* uTasker RNG is abstracted, calls HW RNG when available */ + #define CUSTOM_RAND_GENERATE fnRandom + #define CUSTOM_RAND_TYPE unsigned short + + /* user needs to define XTIME to function that provides + * seconds since Unix epoch */ + #ifndef XTIME + #error XTIME must be defined in wolfSSL settings.h + /* #define XTIME fnSecondsSinceEpoch */ + #endif + + /* use uTasker std library replacements where available */ + #define STRING_USER + #define XMEMCPY(d,s,l) uMemcpy((d),(s),(l)) + #define XMEMSET(b,c,l) uMemset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) uMemcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + + #define XSTRLEN(s1) uStrlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) + #define XSTRTOK strtok_r + #endif +#endif + +#ifdef WOLFSSL_EMBOS + #define NO_FILESYSTEM /* Not ported at this time */ + #define USE_CERT_BUFFERS_2048 /* use when NO_FILESYSTEM */ + #define NO_MAIN_DRIVER + #define NO_RC4 + #define SINGLE_THREADED /* Not ported at this time */ +#endif + /* Micrium will use Visual Studio for compilation but not the Win32 API */ -#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && !defined(FREERTOS_TCP)\ - && !defined(EBSNET) && !defined(WOLFSSL_EROAD) +#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \ + !defined(WOLFSSL_UTASKER) #define USE_WINDOWS_API #endif @@ -464,7 +540,7 @@ static char *fgets(char *buff, int sz, FILE *fp) #define NO_WRITEV #define WOLFSSL_HAVE_MIN #define USE_FAST_MATH -#define TFM_TIMING_REGISTANT +#define TFM_TIMING_RESISTANT #define NO_MAIN_DRIVER #endif @@ -481,6 +557,9 @@ static char *fgets(char *buff, int sz, FILE *fp) #define NO_ERROR_STRINGS #define USER_TIME #define HAVE_ECC + #define HAVE_ALPN + #define HAVE_TLS_EXTENSIONS + #define HAVE_AESGCM #ifdef __IAR_SYSTEMS_ICC__ #pragma diag_suppress=Pa089 @@ -1029,6 +1108,65 @@ static char *fgets(char *buff, int sz, FILE *fp) #endif #endif /* HAVE_ECC */ +/* Curve255519 Configs */ +#ifdef HAVE_CURVE25519 + /* By default enable shared secret, key export and import */ + #ifndef NO_CURVE25519_SHARED_SECRET + #undef HAVE_CURVE25519_SHARED_SECRET + #define HAVE_CURVE25519_SHARED_SECRET + #endif + #ifndef NO_CURVE25519_KEY_EXPORT + #undef HAVE_CURVE25519_KEY_EXPORT + #define HAVE_CURVE25519_KEY_EXPORT + #endif + #ifndef NO_CURVE25519_KEY_IMPORT + #undef HAVE_CURVE25519_KEY_IMPORT + #define HAVE_CURVE25519_KEY_IMPORT + #endif +#endif /* HAVE_CURVE25519 */ + +/* Ed255519 Configs */ +#ifdef HAVE_ED25519 + /* By default enable sign, verify, key export and import */ + #ifndef NO_ED25519_SIGN + #undef HAVE_ED25519_SIGN + #define HAVE_ED25519_SIGN + #endif + #ifndef NO_ED25519_VERIFY + #undef HAVE_ED25519_VERIFY + #define HAVE_ED25519_VERIFY + #endif + #ifndef NO_ED25519_KEY_EXPORT + #undef HAVE_ED25519_KEY_EXPORT + #define HAVE_ED25519_KEY_EXPORT + #endif + #ifndef NO_ED25519_KEY_IMPORT + #undef HAVE_ED25519_KEY_IMPORT + #define HAVE_ED25519_KEY_IMPORT + #endif +#endif /* HAVE_ED25519 */ + +/* AES Config */ +#ifndef NO_AES + /* By default enable all AES key sizes, decryption and CBC */ + #ifndef AES_MAX_KEY_SIZE + #undef AES_MAX_KEY_SIZE + #define AES_MAX_KEY_SIZE 256 + #endif + #ifndef NO_AES_DECRYPT + #undef HAVE_AES_DECRYPT + #define HAVE_AES_DECRYPT + #endif + #ifndef NO_AES_CBC + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + #else + #ifndef WOLFCRYPT_ONLY + #error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds" + #endif + #endif +#endif + /* if desktop type system and fastmath increase default max bits */ #ifdef WOLFSSL_X86_64_BUILD #ifdef USE_FAST_MATH @@ -1088,6 +1226,24 @@ static char *fgets(char *buff, int sz, FILE *fp) #undef NO_DH #endif +/* Asynchronous Crypto */ +#ifdef WOLFSSL_ASYNC_CRYPT + /* Make sure wolf events are enabled */ + #undef HAVE_WOLF_EVENT + #define HAVE_WOLF_EVENT +#else + #ifdef WOLFSSL_ASYNC_CRYPT_TEST + #error Must have WOLFSSL_ASYNC_CRYPT enabled with WOLFSSL_ASYNC_CRYPT_TEST + #endif +#endif /* WOLFSSL_ASYNC_CRYPT */ + +/* leantls checks */ +#ifdef WOLFSSL_LEANTLS + #ifndef HAVE_ECC + #error leantls build needs ECC + #endif +#endif /* WOLFSSL_LEANTLS*/ + /* Place any other flags or defines here */ diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 4d6bb99ed..c65b0e52c 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -1,8 +1,8 @@ /* sha.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_SHA_H #define WOLF_CRYPT_SHA_H diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 5ee13a7a7..93b515ee3 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -1,8 +1,8 @@ /* sha256.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* code submitted by raphael.huck@efixo.com */ #ifndef WOLF_CRYPT_SHA256_H diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 455d83854..7869c6f15 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -1,8 +1,8 @@ /* sha512.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_SHA512_H #define WOLF_CRYPT_SHA512_H diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h index 411ae2eb3..da5c061b8 100644 --- a/wolfssl/wolfcrypt/signature.h +++ b/wolfssl/wolfcrypt/signature.h @@ -1,8 +1,8 @@ /* signature.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_SIGNATURE_H #define WOLF_CRYPT_SIGNATURE_H diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 0e61e72a8..e761e51f5 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -1,8 +1,8 @@ /* srp.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef WOLFCRYPT_HAVE_SRP #ifndef WOLFCRYPT_SRP_H diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index f714bcfbe..edcfb740f 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -1,8 +1,8 @@ /* tfm.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com @@ -210,6 +211,7 @@ #if defined(FP_64BIT) /* for GCC only on supported platforms */ typedef unsigned long long fp_digit; /* 64bit, 128 uses mode(TI) below */ + #define SIZEOF_FP_DIGIT 8 typedef unsigned long fp_word __attribute__ ((mode(TI))); #else #if defined(_MSC_VER) || defined(__BORLANDC__) @@ -220,12 +222,14 @@ #ifndef NO_64BIT typedef unsigned int fp_digit; + #define SIZEOF_FP_DIGIT 4 typedef ulong64 fp_word; #define FP_32BIT #else /* some procs like coldfire prefer not to place multiply into 64bit type even though it exists */ typedef unsigned short fp_digit; + #define SIZEOF_FP_DIGIT 2 typedef unsigned int fp_word; #endif #endif @@ -233,7 +237,7 @@ #endif /* WOLFSSL_BIGINT_TYPES */ /* # of digits this is */ -#define DIGIT_BIT (int)((CHAR_BIT) * sizeof(fp_digit)) +#define DIGIT_BIT ((CHAR_BIT) * SIZEOF_FP_DIGIT) /* Max size of any number in bits. Basically the largest size you will be * multiplying should be half [or smaller] of FP_MAX_SIZE-four_digit @@ -547,103 +551,38 @@ void fp_reverse(unsigned char *s, int len); void fp_mul_comba(fp_int *a, fp_int *b, fp_int *c); -#ifdef TFM_SMALL_SET void fp_mul_comba_small(fp_int *a, fp_int *b, fp_int *c); -#endif - -#ifdef TFM_MUL3 void fp_mul_comba3(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL4 void fp_mul_comba4(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL6 void fp_mul_comba6(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL7 void fp_mul_comba7(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL8 void fp_mul_comba8(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL9 void fp_mul_comba9(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL12 void fp_mul_comba12(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL17 void fp_mul_comba17(fp_int *a, fp_int *b, fp_int *c); -#endif - -#ifdef TFM_MUL20 void fp_mul_comba20(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL24 void fp_mul_comba24(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL28 void fp_mul_comba28(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL32 void fp_mul_comba32(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL48 void fp_mul_comba48(fp_int *a, fp_int *b, fp_int *c); -#endif -#ifdef TFM_MUL64 void fp_mul_comba64(fp_int *a, fp_int *b, fp_int *c); -#endif - void fp_sqr_comba(fp_int *a, fp_int *b); - -#ifdef TFM_SMALL_SET void fp_sqr_comba_small(fp_int *a, fp_int *b); -#endif - -#ifdef TFM_SQR3 void fp_sqr_comba3(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR4 void fp_sqr_comba4(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR6 void fp_sqr_comba6(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR7 void fp_sqr_comba7(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR8 void fp_sqr_comba8(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR9 void fp_sqr_comba9(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR12 void fp_sqr_comba12(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR17 void fp_sqr_comba17(fp_int *a, fp_int *b); -#endif - -#ifdef TFM_SQR20 void fp_sqr_comba20(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR24 void fp_sqr_comba24(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR28 void fp_sqr_comba28(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR32 void fp_sqr_comba32(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR48 void fp_sqr_comba48(fp_int *a, fp_int *b); -#endif -#ifdef TFM_SQR64 void fp_sqr_comba64(fp_int *a, fp_int *b); -#endif + /*extern const char *fp_s_rmap;*/ @@ -672,6 +611,7 @@ void fp_sqr_comba64(fp_int *a, fp_int *b); #define mp_iseven(a) fp_iseven(a) int mp_init (mp_int * a); void mp_clear (mp_int * a); +#define mp_forcezero(a) fp_clear(a) int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, mp_int* f); int mp_add (mp_int * a, mp_int * b, mp_int * c); @@ -706,6 +646,12 @@ void mp_rshb(mp_int *a, int x); int mp_toradix (mp_int *a, char *str, int radix); int mp_radix_size (mp_int * a, int radix, int *size); +#ifdef WOLFSSL_DEBUG_MATH + void mp_dump(const char* desc, mp_int* a, byte verbose); +#else + #define mp_dump(desc, a, verbose) +#endif + #ifdef HAVE_ECC int mp_read_radix(mp_int* a, const char* str, int radix); void mp_set(fp_int *a, fp_digit b); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 13911d9f8..42d442f8a 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1,8 +1,8 @@ /* types.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H @@ -159,8 +160,8 @@ /* Micrium will use Visual Studio for compilation but not the Win32 API */ - #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && !defined(FREERTOS_TCP) \ - && !defined(EBSNET) + #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_UTASKER) #define USE_WINDOWS_API #endif @@ -188,9 +189,15 @@ && !defined(WOLFSSL_uITRON4) && !defined(WOLFSSL_uTKERNEL2) /* default C runtime, can install different routines at runtime via cbs */ #include - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #endif #endif #ifndef STRING_USER @@ -216,12 +223,27 @@ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #endif + #if defined(WOLFSSL_MYSQL_COMPATIBLE) + #ifndef USE_WINDOWS_API + #define XSNPRINTF snprintf + #else + #define XSNPRINTF _snprintf + #endif + #endif /* WOLFSSL_MYSQL_COMPATIBLE */ + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN) /* use only Thread Safe version of strtok */ #ifndef USE_WINDOWS_API #define XSTRTOK strtok_r #else #define XSTRTOK strtok_s + + #ifdef __MINGW32__ + #pragma GCC diagnostic push + #pragma GCC diagnostic warning "-Wcpp" + #warning "MinGW may be missing strtok_s. You can find a public domain implementation here: https://github.com/fletcher/MultiMarkdown-4/blob/master/strtok.c" + #pragma GCC diagnostic pop + #endif #endif #endif #endif diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 6e41d238f..d77cfde5c 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -1,8 +1,8 @@ /* visibility.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Visibility control macros */ #ifndef WOLF_CRYPT_VISIBILITY_H @@ -45,8 +46,8 @@ #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) #define WOLFSSL_API __global #define WOLFSSL_LOCAL __hidden - #elif defined(_MSC_VER) - #ifdef WOLFSSL_DLL + #elif defined(_MSC_VER) || defined(__MINGW32__) + #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllexport) #else #define WOLFSSL_API @@ -57,8 +58,8 @@ #define WOLFSSL_LOCAL #endif /* HAVE_VISIBILITY */ #else /* BUILDING_WOLFSSL */ - #if defined(_MSC_VER) - #ifdef WOLFSSL_DLL + #if defined(_MSC_VER) || defined(__MINGW32__) + #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllimport) #else #define WOLFSSL_API diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index f5425a03a..4cbc9f428 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -1,8 +1,8 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_ENCRYPT_H #define WOLF_CRYPT_ENCRYPT_H diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 221108a72..136a6be5f 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1,8 +1,8 @@ /* wc_port.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLF_CRYPT_PORT_H #define WOLF_CRYPT_PORT_H @@ -223,9 +224,9 @@ WOLFSSL_API int wolfCrypt_Init(void); #define XBADFILE NULL #else /* stdio, default case */ + #include #define XFILE FILE* #if defined(WOLFSSL_MDK_ARM) - #include extern FILE * wolfSSL_fopen(const char *name, const char *mode) ; #define XFOPEN wolfSSL_fopen #else diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs index 89603ff2f..35f4ea615 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs @@ -1,8 +1,8 @@ /* wolfSSL-DTLS-PSK-Server.cs * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System; diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs index 246d73f93..cb4e62406 100644 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs @@ -1,8 +1,8 @@ /* wolfSSL-DTLS-Server.cs * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System; diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs index f770a8514..c0435a657 100644 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs @@ -1,4 +1,25 @@ -using System; +/* wolfSSL-Example-IOCallbacks.cs + * + * Copyright (C) 2006-2016 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +using System; using System.Collections.Generic; using System.Linq; using System.Text; diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs index 4c603b9c7..e6481b20b 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs @@ -1,8 +1,8 @@ /* wolfSSL-TLS-PSK-Server.cs * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System; diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 8a629f3f1..73c432fcd 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -1,8 +1,8 @@ /* wolfSSL-TLS-Server.cs * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System; diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 60f35afb3..5b3b46e2c 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -1,8 +1,8 @@ /* wolfSSL.cs * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2016 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ using System;