mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 10:50:50 +02:00
Merge branch 'origin/master' into chibios_port
This commit is contained in:
@@ -60,6 +60,7 @@ These settings are located in `Header/user_settings.h`.
|
||||
AES GCM: `GCM_SMALL`, `GCM_WORD32` or `GCM_TABLE`: Tunes performance and flash/memory usage.
|
||||
* `CURVED25519_SMALL`: Enables small versions of Ed/Curve (FE/GE math).
|
||||
* `USE_SLOW_SHA`: Enables smaller/slower version of SHA.
|
||||
* `USE_SLOW_SHA2`: Over twice as small, but 50% slower
|
||||
* `USE_SLOW_SHA256`: About 2k smaller and about 25% slower
|
||||
* `USE_SLOW_SHA512`: Over twice as small, but 50% slower
|
||||
* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with.
|
||||
* `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
|
||||
|
||||
+150
-83
@@ -222,6 +222,33 @@ fi
|
||||
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])
|
||||
|
||||
|
||||
# Support for forcing 32-bit mode
|
||||
AC_ARG_ENABLE([32bit],
|
||||
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
|
||||
[ ENABLED_32BIT=$enableval ],
|
||||
[ ENABLED_32BIT=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_32BIT" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_64BIT -DNO_CURVED25519_128BIT -m32"
|
||||
AM_LDFLAGS="$AM_LDFLAGS -m32"
|
||||
fi
|
||||
|
||||
|
||||
# Support for disabling all ASM
|
||||
AC_ARG_ENABLE([asm],
|
||||
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
|
||||
[ ENABLED_ASM=$enableval ],
|
||||
[ ENABLED_ASM=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_ASM" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
|
||||
fi
|
||||
|
||||
|
||||
# SINGLE THREADED
|
||||
AC_ARG_ENABLE([singlethreaded],
|
||||
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
|
||||
@@ -485,7 +512,7 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
|
||||
fi
|
||||
|
||||
@@ -504,7 +531,7 @@ fi
|
||||
|
||||
if test "$ENABLED_FORTRESS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
|
||||
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
|
||||
fi
|
||||
|
||||
|
||||
@@ -531,9 +558,10 @@ AC_ARG_ENABLE([leanpsk],
|
||||
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
|
||||
ENABLED_SLOWMATH="no"
|
||||
ENABLED_SINGLETHREADED="yes"
|
||||
enable_lowresource=yes
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
|
||||
@@ -548,12 +576,32 @@ AC_ARG_ENABLE([leantls],
|
||||
|
||||
if test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY"
|
||||
enable_lowresource=yes
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
|
||||
|
||||
|
||||
# low resource options to reduce flash and memory use
|
||||
AC_ARG_ENABLE([lowresource],
|
||||
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
|
||||
[ ENABLED_LOWRESOURCE=$enableval ],
|
||||
[ ENABLED_LOWRESOURCE=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_LOWRESOURCE" = "yes"
|
||||
then
|
||||
# low memory / flash flags
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL"
|
||||
|
||||
# low flash flags
|
||||
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_LOWMEM], [test "x$ENABLED_LOWRESOURCE" = "xyes"])
|
||||
|
||||
|
||||
# big cache
|
||||
AC_ARG_ENABLE([bigcache],
|
||||
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
|
||||
@@ -686,6 +734,7 @@ AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
|
||||
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
|
||||
AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
|
||||
|
||||
|
||||
# AES-GCM
|
||||
AC_ARG_ENABLE([aesgcm],
|
||||
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
|
||||
@@ -700,26 +749,26 @@ then
|
||||
ENABLED_AESGCM=no
|
||||
fi
|
||||
|
||||
if test "$ENABLED_AESGCM" = "word32"
|
||||
if test "$ENABLED_AESGCM" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
if test "$ENABLED_AESGCM" = "word32"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_AESGCM" = "small"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_AESGCM" = "table"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
if test "$ENABLED_AESGCM" = "table"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
|
||||
ENABLED_AESGCM=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_AESGCM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
||||
fi
|
||||
|
||||
@@ -764,7 +813,7 @@ AC_ARG_ENABLE([armasm],
|
||||
[ ENABLED_ARMASM=$enableval ],
|
||||
[ ENABLED_ARMASM=no ]
|
||||
)
|
||||
if test "$ENABLED_ARMASM" = "yes"
|
||||
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
|
||||
#Check if mcpu and mfpu values already set if not use default
|
||||
@@ -813,31 +862,34 @@ AC_ARG_ENABLE([intelasm],
|
||||
[ ENABLED_INTELASM=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_AESNI" = "small"
|
||||
if test "$ENABLED_ASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
|
||||
ENABLED_AESNI=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
|
||||
if test "$GCC" = "yes"
|
||||
if test "$ENABLED_AESNI" = "small"
|
||||
then
|
||||
# GCC needs these flags, icc doesn't
|
||||
# opt levels greater than 2 may cause problems on systems w/o aesni
|
||||
if test "$CC" != "icc"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
|
||||
fi
|
||||
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
|
||||
ENABLED_AESNI=yes
|
||||
fi
|
||||
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
||||
fi
|
||||
|
||||
if test "$ENABLED_INTELASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
|
||||
ENABLED_AESNI=yes
|
||||
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
|
||||
if test "$GCC" = "yes"
|
||||
then
|
||||
# GCC needs these flags, icc doesn't
|
||||
# opt levels greater than 2 may cause problems on systems w/o aesni
|
||||
if test "$CC" != "icc"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
|
||||
fi
|
||||
fi
|
||||
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
||||
fi
|
||||
|
||||
if test "$ENABLED_INTELASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
|
||||
ENABLED_AESNI=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
# INTEL RDRAND
|
||||
@@ -956,28 +1008,23 @@ AC_ARG_ENABLE([sha512],
|
||||
[ ENABLED_SHA512=$SHA512_DEFAULT ]
|
||||
)
|
||||
|
||||
# leanpsk and leantls don't need sha512
|
||||
# options that don't require sha512
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_SHA512=no
|
||||
fi
|
||||
|
||||
if test "$ENABLED_OPENSSH" = "yes"
|
||||
# options that require sha512
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
|
||||
then
|
||||
ENABLED_SHA512="yes"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHA512" = "yes"
|
||||
if test "$ENABLED_SHA512" = "yes" && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_FORTRESS" = "yes"
|
||||
then
|
||||
ENABLED_SHA512="yes"
|
||||
fi
|
||||
|
||||
|
||||
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
||||
|
||||
|
||||
@@ -1221,21 +1268,21 @@ then
|
||||
ENABLED_CURVE25519="yes"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_CURVE25519" = "small"
|
||||
if test "$ENABLED_CURVE25519" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
|
||||
ENABLED_CURVE25519_SMALL=yes
|
||||
ENABLED_CURVE25519=yes
|
||||
fi
|
||||
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
|
||||
ENABLED_CURVE25519_SMALL=yes
|
||||
ENABLED_CURVE25519=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_CURVE25519" = "no128bit"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
|
||||
ENABLED_CURVE25519=yes
|
||||
fi
|
||||
if test "$ENABLED_CURVE25519" = "no128bit"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
|
||||
ENABLED_CURVE25519=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_CURVE25519" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
|
||||
ENABLED_FEMATH=yes
|
||||
fi
|
||||
@@ -1257,15 +1304,15 @@ then
|
||||
ENABLED_ED25519="yes"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ED25519" = "small"
|
||||
if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
|
||||
ENABLED_ED25519_SMALL=yes
|
||||
ENABLED_ED25519=yes
|
||||
fi
|
||||
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
|
||||
ENABLED_ED25519_SMALL=yes
|
||||
ENABLED_ED25519=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ED25519" = "yes"
|
||||
then
|
||||
if test "$ENABLED_SHA512" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
|
||||
@@ -1366,6 +1413,19 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# TLSv1.0
|
||||
AC_ARG_ENABLE([tlsv10],
|
||||
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
|
||||
[ ENABLED_TLSV10=$enableval ],
|
||||
[ ENABLED_TLSV10=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_TLSV10" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
|
||||
fi
|
||||
|
||||
|
||||
# SSLv3
|
||||
AC_ARG_ENABLE([sslv3],
|
||||
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
|
||||
@@ -1922,7 +1982,7 @@ then
|
||||
ENABLED_SHA3="yes"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SHA3" = "yes"
|
||||
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
|
||||
fi
|
||||
@@ -1951,7 +2011,7 @@ then
|
||||
ENABLED_POLY1305=no
|
||||
fi
|
||||
|
||||
if test "$ENABLED_POLY1305" = "yes"
|
||||
if test "$ENABLED_POLY1305" = "yes" && test "$ENABLED_32BIT" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
|
||||
fi
|
||||
@@ -1969,24 +2029,22 @@ fi
|
||||
|
||||
# CHACHA
|
||||
AC_ARG_ENABLE([chacha],
|
||||
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable Intel AVX/AVX2 speedups])],
|
||||
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
|
||||
[ ENABLED_CHACHA=$enableval ],
|
||||
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
|
||||
)
|
||||
|
||||
if test "$ENABLED_AESNI" = "noasm"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
|
||||
ENABLED_AESNI=yes
|
||||
fi
|
||||
|
||||
|
||||
# leanpsk and leantls don't need chacha
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_CHACHA=no
|
||||
fi
|
||||
|
||||
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_CHACHA" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
|
||||
@@ -3600,7 +3658,6 @@ then
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# check if PSK was enabled for conditionally running psk.test script
|
||||
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
|
||||
|
||||
@@ -3664,6 +3721,16 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
||||
test "x$ENABLED_SHA" = "xno"],
|
||||
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
||||
test "x$ENABLED_AES" = "xno" && \
|
||||
test "x$ENABLED_DES3" = "xno"],
|
||||
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
|
||||
test "x$ENABLED_AES" = "xno" && \
|
||||
test "x$ENABLED_DES3" = "xno"],
|
||||
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
|
||||
test "x$ENABLED_ECC" = "xno"],
|
||||
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
|
||||
@@ -3733,8 +3800,6 @@ then
|
||||
ENABLED_X963KDF="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
|
||||
fi
|
||||
AS_IF([test "x$ENABLED_DES3" = "xno"],
|
||||
[ENABLED_DES3=yes])
|
||||
fi
|
||||
|
||||
if test "x$ENABLED_DES3" = "xno"
|
||||
@@ -4016,6 +4081,7 @@ echo " * Old Names: $ENABLED_OLDNAMES"
|
||||
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
|
||||
echo " * Distro Build: $ENABLED_DISTRO"
|
||||
echo " * fastmath: $ENABLED_FASTMATH"
|
||||
echo " * Assembly Allowed: $ENABLED_ASM"
|
||||
echo " * sniffer: $ENABLED_SNIFFER"
|
||||
echo " * snifftest: $ENABLED_SNIFFTEST"
|
||||
echo " * ARC4: $ENABLED_ARC4"
|
||||
@@ -4078,6 +4144,7 @@ echo " * SCTP: $ENABLED_SCTP"
|
||||
echo " * Multicast: $ENABLED_MCAST"
|
||||
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
|
||||
echo " * SSL version 3.0: $ENABLED_SSLV3"
|
||||
echo " * TLS v1.0: $ENABLED_TLSV10"
|
||||
echo " * TLS v1.3: $ENABLED_TLS13"
|
||||
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
|
||||
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
|
||||
|
||||
@@ -445,7 +445,6 @@
|
||||
#define CyaSSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file
|
||||
#define CyaSSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
|
||||
#define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
|
||||
#define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
|
||||
#define CyaSSL_CTX_use_certificate_buffer wolfSSL_CTX_use_certificate_buffer
|
||||
#define CyaSSL_CTX_use_NTRUPrivateKey_file wolfSSL_CTX_use_NTRUPrivateKey_file
|
||||
#define CyaSSL_use_certificate_chain_buffer wolfSSL_use_certificate_chain_buffer
|
||||
|
||||
@@ -170,12 +170,19 @@ static void ShowCiphers(void)
|
||||
static void ShowVersions(void)
|
||||
{
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifdef WOLFSSL_ALLOW_SSLV3
|
||||
printf("0:");
|
||||
#endif /* WOLFSSL_ALLOW_SSLV3 */
|
||||
printf("1:2:");
|
||||
#ifdef WOLFSSL_ALLOW_SSLV3
|
||||
printf("0:");
|
||||
#endif
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
printf("1:");
|
||||
#endif
|
||||
printf("2:");
|
||||
#endif /* NO_OLD_TLS */
|
||||
printf("3\n");
|
||||
printf("3:");
|
||||
#ifdef WOLFSSL_TLS13
|
||||
printf("4:");
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
/* Measures average time to create, connect and disconnect a connection (TPS).
|
||||
@@ -684,7 +691,9 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("-m Match domain name in cert\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
#ifndef NO_SESSION_CACHE
|
||||
printf("-r Resume session\n");
|
||||
#endif
|
||||
printf("-w Wait for bidirectional shutdown\n");
|
||||
printf("-M <prot> Use STARTTLS, using <prot> protocol (smtp)\n");
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
@@ -1392,27 +1401,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
|
||||
#ifndef NO_TLS
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
case 1:
|
||||
method = wolfTLSv1_client_method_ex;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 2:
|
||||
method = wolfTLSv1_1_client_method_ex;
|
||||
break;
|
||||
#endif /* NO_TLS */
|
||||
|
||||
#endif /* NO_OLD_TLS */
|
||||
#endif /* !NO_TLS */
|
||||
#endif /* !NO_OLD_TLS */
|
||||
|
||||
#ifndef NO_TLS
|
||||
case 3:
|
||||
method = wolfTLSv1_2_client_method_ex;
|
||||
break;
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case 4:
|
||||
method = wolfTLSv1_3_client_method_ex;
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* NO_TLS */
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
@@ -124,7 +124,7 @@ void echoclient_test(void* args)
|
||||
|
||||
#if defined(CYASSL_DTLS)
|
||||
method = DTLSv1_2_client_method();
|
||||
#elif !defined(NO_TLS)
|
||||
#elif !defined(NO_TLS)
|
||||
method = CyaSSLv23_client_method();
|
||||
#elif defined(WOLFSSL_ALLOW_SSLV3)
|
||||
method = SSLv3_client_method();
|
||||
|
||||
@@ -143,7 +143,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
|
||||
#if defined(CYASSL_DTLS)
|
||||
method = CyaDTLSv1_2_server_method();
|
||||
#elif !defined(NO_TLS)
|
||||
#elif !defined(NO_TLS)
|
||||
method = CyaSSLv23_server_method();
|
||||
#elif defined(WOLFSSL_ALLOW_SSLV3)
|
||||
method = CyaSSLv3_server_method();
|
||||
|
||||
@@ -877,29 +877,29 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
|
||||
#ifndef NO_TLS
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
case 1:
|
||||
method = wolfTLSv1_server_method_ex;
|
||||
break;
|
||||
|
||||
#endif
|
||||
|
||||
case 2:
|
||||
method = wolfTLSv1_1_server_method_ex;
|
||||
break;
|
||||
|
||||
#endif
|
||||
#endif
|
||||
#endif /* !NO_TLS */
|
||||
#endif /* !NO_OLD_TLS */
|
||||
|
||||
#ifndef NO_TLS
|
||||
case 3:
|
||||
method = wolfTLSv1_2_server_method_ex;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case 4:
|
||||
method = wolfTLSv1_3_server_method_ex;
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* NO_TLS */
|
||||
|
||||
#ifdef CYASSL_DTLS
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
+14
-1
@@ -1,10 +1,11 @@
|
||||
#!/bin/sh
|
||||
|
||||
#reusme.test
|
||||
#resume.test
|
||||
|
||||
# need a unique resume port since may run the same time as testsuite
|
||||
# use server port zero hack to get one
|
||||
resume_string="reused"
|
||||
resume_sup_string="Resume session"
|
||||
ems_string="Extended\ Master\ Secret"
|
||||
resume_port=0
|
||||
no_pid=-1
|
||||
@@ -45,6 +46,18 @@ do_trap() {
|
||||
do_test() {
|
||||
echo -e "\nStarting example server for resume test...\n"
|
||||
|
||||
#make sure we support session resumption (!NO_SESSION_CACHE)
|
||||
# Check the client for the extended master secret disable option. If
|
||||
# present we need to run the test twice.
|
||||
options_check=`./examples/client/client -?`
|
||||
case "$options_check" in
|
||||
*$resume_sup_string*)
|
||||
echo -e "\nResume test supported";;
|
||||
*)
|
||||
echo -e "\nResume test not supported with build"
|
||||
return;;
|
||||
esac
|
||||
|
||||
remove_ready_file
|
||||
./examples/server/server -r -R $ready_file -p $resume_port &
|
||||
server_pid=$!
|
||||
|
||||
+99
-22
@@ -11965,10 +11965,16 @@ int ProcessReply(WOLFSSL* ssl)
|
||||
ssl->keys.decryptedCur = 1;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (ssl->options.tls1_3) {
|
||||
word16 i = ssl->buffers.inputBuffer.length -
|
||||
ssl->keys.padSz;
|
||||
/* Remove padding from end of plain text. */
|
||||
for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
|
||||
if (ssl->buffers.inputBuffer.buffer[i] != 0)
|
||||
break;
|
||||
}
|
||||
/* Get the real content type from the end of the data. */
|
||||
ssl->keys.padSz++;
|
||||
ssl->curRL.type = ssl->buffers.inputBuffer.buffer[
|
||||
ssl->buffers.inputBuffer.length - ssl->keys.padSz];
|
||||
ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
|
||||
ssl->keys.padSz = ssl->buffers.inputBuffer.length - i;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -13237,7 +13243,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
|
||||
/* supported hash/sig */
|
||||
if (IsAtLeastTLSv1_2(ssl)) {
|
||||
c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
|
||||
i += LENGTH_SZ;
|
||||
i += OPAQUE16_LEN;
|
||||
|
||||
XMEMCPY(&output[i],
|
||||
ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
|
||||
@@ -14200,9 +14206,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
||||
case NOT_READY_ERROR :
|
||||
return "handshake layer not ready yet, complete first";
|
||||
|
||||
case PMS_VERSION_ERROR :
|
||||
return "premaster secret version mismatch error";
|
||||
|
||||
case VERSION_ERROR :
|
||||
return "record layer version error";
|
||||
|
||||
@@ -14487,6 +14490,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
||||
case INVALID_PARAMETER:
|
||||
return "The security parameter is invalid";
|
||||
|
||||
case UNSUPPORTED_EXTENSION:
|
||||
return "TLS Extension not requested by the client";
|
||||
|
||||
case KEY_SHARE_ERROR:
|
||||
return "Key share extension did not contain a valid named group";
|
||||
|
||||
@@ -18767,8 +18773,10 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
#ifndef NO_RSA
|
||||
case rsa_kea:
|
||||
{
|
||||
/* build PreMasterSecret with RNG data */
|
||||
ret = wc_RNG_GenerateBlock(ssl->rng,
|
||||
ssl->arrays->preMasterSecret, SECRET_LEN);
|
||||
&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||
SECRET_LEN - VERSION_SZ);
|
||||
if (ret != 0) {
|
||||
goto exit_scke;
|
||||
}
|
||||
@@ -22762,18 +22770,25 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return BUFFER_ERROR;
|
||||
|
||||
if (extId == HELLO_EXT_SIG_ALGO) {
|
||||
ato16(&input[i], &clSuites.hashSigAlgoSz);
|
||||
word16 hashSigAlgoSz;
|
||||
|
||||
ato16(&input[i], &hashSigAlgoSz);
|
||||
i += OPAQUE16_LEN;
|
||||
|
||||
if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
|
||||
if (OPAQUE16_LEN + hashSigAlgoSz > extSz)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
XMEMCPY(clSuites.hashSigAlgo, &input[i],
|
||||
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
|
||||
i += clSuites.hashSigAlgoSz;
|
||||
clSuites.hashSigAlgoSz = hashSigAlgoSz;
|
||||
if (clSuites.hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
|
||||
WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
|
||||
"truncating");
|
||||
clSuites.hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
|
||||
}
|
||||
|
||||
if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
|
||||
clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
|
||||
XMEMCPY(clSuites.hashSigAlgo, &input[i],
|
||||
clSuites.hashSigAlgoSz);
|
||||
|
||||
i += hashSigAlgoSz;
|
||||
}
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
else if (extId == HELLO_EXT_EXTMS)
|
||||
@@ -23261,6 +23276,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
#ifdef WOLFSSL_TLS13
|
||||
word32 ageAdd; /* Obfuscation of age */
|
||||
byte namedGroup; /* Named group used */
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
TicketNonce ticketNonce; /* Ticket nonce */
|
||||
#endif
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
word32 maxEarlyDataSz; /* Max size of early data */
|
||||
#endif
|
||||
@@ -23316,6 +23334,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
it.timestamp = TimeNowInMilliseconds();
|
||||
/* Resumption master secret. */
|
||||
XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN);
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(&it.ticketNonce, &ssl->session.ticketNonce,
|
||||
sizeof(TicketNonce));
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -23428,6 +23450,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
/* Resumption master secret. */
|
||||
XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN);
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(&ssl->session.ticketNonce, &it->ticketNonce,
|
||||
sizeof(TicketNonce));
|
||||
#endif
|
||||
ssl->session.namedGroup = it->namedGroup;
|
||||
#endif
|
||||
}
|
||||
@@ -23559,6 +23585,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 idx;
|
||||
word32 begin;
|
||||
word32 sigSz;
|
||||
#ifndef NO_RSA
|
||||
int lastErr;
|
||||
#endif
|
||||
} DckeArgs;
|
||||
|
||||
static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs)
|
||||
@@ -23784,6 +23813,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ERROR_OUT(BUFFER_ERROR, exit_dcke);
|
||||
}
|
||||
|
||||
/* pre-load PreMasterSecret with RNG data */
|
||||
ret = wc_RNG_GenerateBlock(ssl->rng,
|
||||
&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||
SECRET_LEN - VERSION_SZ);
|
||||
if (ret != 0) {
|
||||
goto exit_dcke;
|
||||
}
|
||||
|
||||
args->output = NULL;
|
||||
break;
|
||||
} /* rsa_kea */
|
||||
@@ -24248,6 +24285,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
NULL, 0, NULL
|
||||
#endif
|
||||
);
|
||||
|
||||
/* Errors that can occur here that should be
|
||||
* indistinguishable:
|
||||
* RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR
|
||||
*/
|
||||
if (ret < 0 && ret != BAD_FUNC_ARG) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E)
|
||||
goto exit_dcke;
|
||||
#endif
|
||||
/* store error code for handling below */
|
||||
args->lastErr = ret;
|
||||
ret = 0;
|
||||
}
|
||||
break;
|
||||
} /* rsa_kea */
|
||||
#endif /* !NO_RSA */
|
||||
@@ -24394,16 +24445,42 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Add the signature length to idx */
|
||||
args->idx += args->length;
|
||||
|
||||
if (args->sigSz == SECRET_LEN && args->output != NULL) {
|
||||
XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN);
|
||||
if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||
|
||||
ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {
|
||||
ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
/* check version (debug warning message only) */
|
||||
if (args->output != NULL) {
|
||||
if (args->output[0] != ssl->chVersion.major ||
|
||||
args->output[1] != ssl->chVersion.minor) {
|
||||
WOLFSSL_MSG("preMasterSecret version mismatch");
|
||||
}
|
||||
}
|
||||
else {
|
||||
ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
|
||||
#endif
|
||||
|
||||
/* RFC5246 7.4.7.1:
|
||||
* Treat incorrectly formatted message blocks and/or
|
||||
* mismatched version numbers in a manner
|
||||
* indistinguishable from correctly formatted RSA blocks
|
||||
*/
|
||||
|
||||
ret = args->lastErr;
|
||||
args->lastErr = 0; /* reset */
|
||||
|
||||
/* build PreMasterSecret */
|
||||
ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
|
||||
ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
|
||||
if (ret == 0 && args->sigSz == SECRET_LEN &&
|
||||
args->output != NULL) {
|
||||
XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||
&args->output[VERSION_SZ],
|
||||
SECRET_LEN - VERSION_SZ);
|
||||
}
|
||||
else {
|
||||
/* preMasterSecret has RNG and version set */
|
||||
/* return proper length and ignore error */
|
||||
/* error will be caught as decryption error */
|
||||
args->sigSz = SECRET_LEN;
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
break;
|
||||
} /* rsa_kea */
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
+1
-1
@@ -1288,7 +1288,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
|
||||
sniffer->server = serverIp;
|
||||
sniffer->port = port;
|
||||
|
||||
sniffer->ctx = SSL_CTX_new(TLSv1_client_method());
|
||||
sniffer->ctx = SSL_CTX_new(TLSv1_2_client_method());
|
||||
if (!sniffer->ctx) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
#ifdef HAVE_SNI
|
||||
|
||||
@@ -288,16 +288,17 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
|
||||
wolfSSL_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
|
||||
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
|
||||
ctx->srp = (Srp*) XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP);
|
||||
if (ctx->srp == NULL){
|
||||
WOLFSSL_MSG("Init CTX failed");
|
||||
wolfSSL_CTX_free(ctx);
|
||||
return NULL;
|
||||
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
|
||||
else {
|
||||
ctx->srp = (Srp*) XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP);
|
||||
if (ctx->srp == NULL){
|
||||
WOLFSSL_MSG("Init CTX failed");
|
||||
wolfSSL_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
XMEMSET(ctx->srp, 0, sizeof(Srp));
|
||||
}
|
||||
XMEMSET(ctx->srp, 0, sizeof(Srp));
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
@@ -3614,6 +3615,32 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
|
||||
}
|
||||
|
||||
|
||||
/* Function to get version as WOLFSSL_ enum value for wolfSSL_SetVersion */
|
||||
int wolfSSL_GetVersion(WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (ssl->version.major == SSLv3_MAJOR) {
|
||||
switch (ssl->version.minor) {
|
||||
case SSLv3_MINOR :
|
||||
return WOLFSSL_SSLV3;
|
||||
case TLSv1_MINOR :
|
||||
return WOLFSSL_TLSV1;
|
||||
case TLSv1_1_MINOR :
|
||||
return WOLFSSL_TLSV1_1;
|
||||
case TLSv1_2_MINOR :
|
||||
return WOLFSSL_TLSV1_2;
|
||||
case TLSv1_3_MINOR :
|
||||
return WOLFSSL_TLSV1_3;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
|
||||
int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
|
||||
{
|
||||
word16 haveRSA = 1;
|
||||
@@ -3636,9 +3663,11 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
|
||||
|
||||
#ifndef NO_TLS
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
case WOLFSSL_TLSV1:
|
||||
ssl->version = MakeTLSv1();
|
||||
break;
|
||||
#endif
|
||||
|
||||
case WOLFSSL_TLSV1_1:
|
||||
ssl->version = MakeTLSv1_1();
|
||||
@@ -3647,6 +3676,12 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
|
||||
case WOLFSSL_TLSV1_2:
|
||||
ssl->version = MakeTLSv1_2();
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case WOLFSSL_TLSV1_3:
|
||||
ssl->version = MakeTLSv1_3();
|
||||
break;
|
||||
|
||||
#endif
|
||||
|
||||
default:
|
||||
@@ -4562,9 +4597,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
{
|
||||
/* remove encrypted header if there */
|
||||
char encHeader[] = "Proc-Type";
|
||||
const char* const encHeader = "Proc-Type";
|
||||
word32 headerEndSz = (word32)(bufferEnd - headerEnd);
|
||||
char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz,
|
||||
char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz,
|
||||
PEM_LINE_LEN));
|
||||
if (line != NULL) {
|
||||
word32 lineSz;
|
||||
@@ -6587,8 +6622,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
|
||||
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
|
||||
/* load pem public key from file into der buffer, return der size or error */
|
||||
int wolfSSL_PemPubKeyToDer(const char* fileName,
|
||||
unsigned char* derBuf, int derSz)
|
||||
@@ -6655,42 +6689,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
/* Return bytes written to buff or < 0 for error */
|
||||
int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
|
||||
unsigned char* buff, int buffSz)
|
||||
{
|
||||
int ret;
|
||||
DerBuffer* der = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
|
||||
|
||||
if (pem == NULL || buff == NULL || buffSz <= 0) {
|
||||
WOLFSSL_MSG("Bad pem der args");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("Bad Pem To Der");
|
||||
}
|
||||
else {
|
||||
if (der->length <= (word32)buffSz) {
|
||||
XMEMCPY(buff, der->buffer, der->length);
|
||||
ret = der->length;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Bad der length");
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
|
||||
|
||||
int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
|
||||
int format)
|
||||
@@ -7503,6 +7502,42 @@ int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
|
||||
/* Return bytes written to buff or < 0 for error */
|
||||
int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
|
||||
unsigned char* buff, int buffSz)
|
||||
{
|
||||
int ret;
|
||||
DerBuffer* der = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
|
||||
|
||||
if (pem == NULL || buff == NULL || buffSz <= 0) {
|
||||
WOLFSSL_MSG("Bad pem der args");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("Bad Pem To Der");
|
||||
}
|
||||
else {
|
||||
if (der->length <= (word32)buffSz) {
|
||||
XMEMCPY(buff, der->buffer, der->length);
|
||||
ret = der->length;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Bad der length");
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
FreeDer(&der);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
|
||||
|
||||
|
||||
void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
|
||||
@@ -9754,6 +9789,10 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
|
||||
copyInto->namedGroup = copyFrom->namedGroup;
|
||||
copyInto->ticketSeen = copyFrom->ticketSeen;
|
||||
copyInto->ticketAdd = copyFrom->ticketAdd;
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(©Into->ticketNonce, ©From->ticketNonce,
|
||||
sizeof(TicketNonce));
|
||||
#endif
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz;
|
||||
#endif
|
||||
@@ -9986,6 +10025,10 @@ int AddSession(WOLFSSL* ssl)
|
||||
session->namedGroup = ssl->session.namedGroup;
|
||||
session->ticketSeen = ssl->session.ticketSeen;
|
||||
session->ticketAdd = ssl->session.ticketAdd;
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(&session->ticketNonce, &ssl->session.ticketNonce,
|
||||
sizeof(TicketNonce));
|
||||
#endif
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
session->maxEarlyDataSz = ssl->session.maxEarlyDataSz;
|
||||
#endif
|
||||
@@ -11177,7 +11220,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username)
|
||||
{
|
||||
int r = 0;
|
||||
int srp_side = 0;
|
||||
SrpSide srp_side = SRP_CLIENT_SIDE;
|
||||
WC_RNG rng;
|
||||
byte salt[SRP_SALT_SIZE];
|
||||
|
||||
@@ -11290,9 +11333,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
if (ctx->srp_password != NULL)
|
||||
XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP);
|
||||
|
||||
ctx->srp_password = XMALLOC(XSTRLEN(password) + 1,
|
||||
ctx->heap,
|
||||
DYNAMIC_TYPE_SRP);
|
||||
ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap,
|
||||
DYNAMIC_TYPE_SRP);
|
||||
if (ctx->srp_password == NULL){
|
||||
WOLFSSL_MSG("memory allocation error");
|
||||
return SSL_FAILURE;
|
||||
@@ -16574,7 +16616,7 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
|
||||
{
|
||||
(void)flags;
|
||||
|
||||
ctx->param->check_time = t;
|
||||
ctx->param->check_time = t;
|
||||
ctx->param->flags |= WOLFSSL_USE_CHECK_TIME;
|
||||
}
|
||||
#endif
|
||||
@@ -18331,7 +18373,6 @@ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
|
||||
|
||||
static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
|
||||
{
|
||||
WOLFSSL_MSG("InitwolfSSL_BigNum");
|
||||
if (bn) {
|
||||
bn->neg = 0;
|
||||
bn->internal = NULL;
|
||||
@@ -18873,18 +18914,18 @@ char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {
|
||||
if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_DEC, &len) != MP_OKAY) {
|
||||
WOLFSSL_MSG("mp_radix_size failure");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
|
||||
if (buf == NULL) {
|
||||
WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
|
||||
WOLFSSL_MSG("BN_bn2dec malloc buffer failure");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {
|
||||
if (mp_todecimal((mp_int*)bn->internal, buf) != MP_OKAY) {
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
|
||||
return NULL;
|
||||
}
|
||||
@@ -19042,36 +19083,41 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
|
||||
}
|
||||
#endif /* #ifdef WOLFSSL_KEY_GEN */
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
|
||||
char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
|
||||
{
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
|
||||
int len = 0;
|
||||
char *buf;
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_BN_bn2hex");
|
||||
WOLFSSL_ENTER("wolfSSL_BN_bn2hex");
|
||||
|
||||
if (bn == NULL || bn->internal == NULL) {
|
||||
WOLFSSL_MSG("bn NULL error");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
|
||||
if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_HEX, &len) != MP_OKAY) {
|
||||
WOLFSSL_MSG("mp_radix_size failure");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
|
||||
if (buf == NULL) {
|
||||
WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
|
||||
WOLFSSL_MSG("BN_bn2hex malloc buffer failure");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
|
||||
if (mp_tohex((mp_int*)bn->internal, buf) != MP_OKAY) {
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return buf;
|
||||
#else
|
||||
(void)bn;
|
||||
WOLFSSL_MSG("wolfSSL_BN_bn2hex not compiled in");
|
||||
return (char*)"";
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
@@ -19080,9 +19126,10 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
|
||||
*/
|
||||
int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
|
||||
{
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
|
||||
char *buf;
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_BN_print_fp");
|
||||
WOLFSSL_ENTER("wolfSSL_BN_print_fp");
|
||||
|
||||
if (fp == NULL || bn == NULL || bn->internal == NULL) {
|
||||
WOLFSSL_MSG("bn NULL error");
|
||||
@@ -19099,36 +19146,17 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
|
||||
#else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
|
||||
|
||||
char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
|
||||
{
|
||||
(void)bn;
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY");
|
||||
|
||||
return (char*)"";
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
/* return code compliant with OpenSSL :
|
||||
* 1 if success, 0 if error
|
||||
*/
|
||||
int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
|
||||
{
|
||||
#else
|
||||
(void)fp;
|
||||
(void)bn;
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
|
||||
WOLFSSL_MSG("wolfSSL_BN_print_fp not compiled in");
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
#endif
|
||||
}
|
||||
#endif /* !defined(NO_FILESYSTEM) */
|
||||
#endif /* !NO_FILESYSTEM */
|
||||
|
||||
#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
|
||||
|
||||
WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
|
||||
{
|
||||
@@ -20092,7 +20120,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
|
||||
if (wc_InitRng(rng) < 0)
|
||||
WOLFSSL_MSG("RNG init failed");
|
||||
else if (wc_MakeRsaKey((RsaKey*)rsa->internal,
|
||||
bits, 65537, rng) != MP_OKAY)
|
||||
bits, WC_RSA_EXPONENT, rng) != MP_OKAY)
|
||||
WOLFSSL_MSG("wc_MakeRsaKey failed");
|
||||
else if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS)
|
||||
WOLFSSL_MSG("SetRsaExternal failed");
|
||||
@@ -22182,7 +22210,7 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
|
||||
}
|
||||
|
||||
if (mp_read_radix((mp_int*)order->internal,
|
||||
ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
|
||||
ecc_sets[group->curve_idx].order, MP_RADIX_HEX) != MP_OKAY) {
|
||||
WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
|
||||
mp_clear((mp_int*)order->internal);
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -22364,9 +22392,9 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16);
|
||||
ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX);
|
||||
if (ret == MP_OKAY) {
|
||||
ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16);
|
||||
ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX);
|
||||
}
|
||||
|
||||
/* r = q * m % prime */
|
||||
|
||||
@@ -428,6 +428,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
ProtocolVersion MakeTLSv1(void)
|
||||
{
|
||||
ProtocolVersion pv;
|
||||
@@ -436,6 +437,7 @@ ProtocolVersion MakeTLSv1(void)
|
||||
|
||||
return pv;
|
||||
}
|
||||
#endif /* WOLFSSL_ALLOW_TLSV10 */
|
||||
|
||||
|
||||
ProtocolVersion MakeTLSv1_1(void)
|
||||
@@ -447,7 +449,7 @@ ProtocolVersion MakeTLSv1_1(void)
|
||||
return pv;
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif /* !NO_OLD_TLS */
|
||||
|
||||
|
||||
ProtocolVersion MakeTLSv1_2(void)
|
||||
@@ -952,8 +954,9 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
|
||||
|
||||
TLSX_FreeAll(next, heap);
|
||||
|
||||
/* there is no way to occur more than */
|
||||
/* two extensions of the same type. */
|
||||
/* there is no way to occur more than
|
||||
* two extensions of the same type.
|
||||
*/
|
||||
break;
|
||||
}
|
||||
} while ((extension = extension->next));
|
||||
@@ -961,6 +964,35 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
|
||||
int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type);
|
||||
|
||||
int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type)
|
||||
{
|
||||
TLSX *extension = TLSX_Find(ssl->extensions, type);
|
||||
|
||||
if (!extension)
|
||||
extension = TLSX_Find(ssl->ctx->extensions, type);
|
||||
|
||||
return extension == NULL;
|
||||
}
|
||||
|
||||
int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl);
|
||||
|
||||
int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl)
|
||||
{
|
||||
SendAlert(ssl, alert_fatal, unsupported_extension);
|
||||
return UNSUPPORTED_EXTENSION;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#define TLSX_CheckUnsupportedExtension(ssl, type) 0
|
||||
#define TLSX_HandleUnsupportedExtension(ssl) 0
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
||||
/** Mark an extension to be sent back to the client. */
|
||||
@@ -968,10 +1000,10 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
|
||||
|
||||
void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
|
||||
{
|
||||
TLSX *ext = TLSX_Find(ssl->extensions, type);
|
||||
TLSX *extension = TLSX_Find(ssl->extensions, type);
|
||||
|
||||
if (ext)
|
||||
ext->resp = 1;
|
||||
if (extension)
|
||||
extension->resp = 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
@@ -1161,7 +1193,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
|
||||
ssl->alpnSelectArg) == 0) {
|
||||
WOLFSSL_MSG("ALPN protocol match");
|
||||
if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
|
||||
== WOLFSSL_SUCCESS) {
|
||||
== WOLFSSL_SUCCESS) {
|
||||
if (extension == NULL) {
|
||||
extension = TLSX_Find(ssl->extensions,
|
||||
TLSX_APPLICATION_LAYER_PROTOCOL);
|
||||
@@ -1172,9 +1204,8 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
|
||||
#endif
|
||||
|
||||
if (extension == NULL || extension->data == NULL) {
|
||||
WOLFSSL_MSG("No ALPN extensions not used or bad");
|
||||
return isRequest ? 0 /* not using ALPN */
|
||||
: BUFFER_ERROR; /* unexpected ALPN response */
|
||||
return isRequest ? 0
|
||||
: TLSX_HandleUnsupportedExtension(ssl);
|
||||
}
|
||||
|
||||
/* validating alpn list length */
|
||||
@@ -1475,12 +1506,10 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
|
||||
return offset;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
||||
/** Finds a SNI object in the provided list. */
|
||||
static SNI* TLSX_SNI_Find(SNI *list, byte type)
|
||||
{
|
||||
SNI *sni = list;
|
||||
SNI* sni = list;
|
||||
|
||||
while (sni && sni->type != type)
|
||||
sni = sni->next;
|
||||
@@ -1488,7 +1517,6 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
|
||||
return sni;
|
||||
}
|
||||
|
||||
|
||||
/** Sets the status of a SNI object. */
|
||||
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
|
||||
{
|
||||
@@ -1511,8 +1539,6 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* NO_WOLFSSL_SERVER */
|
||||
|
||||
/** Parses a buffer of SNI extensions. */
|
||||
static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte isRequest)
|
||||
@@ -1528,27 +1554,44 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
if (!extension)
|
||||
extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
|
||||
|
||||
(void)isRequest;
|
||||
(void)input;
|
||||
if (!isRequest) {
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if (!extension || !extension->data)
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
|
||||
if (!extension || !extension->data) {
|
||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||
* Enable it so that the received sni is available to functions
|
||||
* that use a custom callback when SNI is received */
|
||||
cacheOnly = 1;
|
||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||
#else
|
||||
return isRequest ? 0 /* not using SNI. */
|
||||
: BUFFER_ERROR; /* unexpected SNI response. */
|
||||
#endif
|
||||
if (length > 0)
|
||||
return BUFFER_ERROR; /* SNI response MUST be empty. */
|
||||
|
||||
/* This call enables wolfSSL_SNI_GetRequest() to be called in the
|
||||
* client side to fetch the used SNI. It will only work if the SNI
|
||||
* was set at the SSL object level. Right now we only support one
|
||||
* name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
|
||||
* inclusion of other name types will turn this method inaccurate,
|
||||
* as the extension response doesn't contains information of which
|
||||
* name was accepted.
|
||||
*/
|
||||
TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
|
||||
WOLFSSL_SNI_REAL_MATCH);
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!isRequest)
|
||||
return length ? BUFFER_ERROR /* SNI response MUST be empty. */
|
||||
: 0; /* nothing else to do. */
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (!extension || !extension->data) {
|
||||
#if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
|
||||
/* This will keep SNI even though TLSX_UseSNI has not been called.
|
||||
* Enable it so that the received sni is available to functions
|
||||
* that use a custom callback when SNI is received.
|
||||
*/
|
||||
|
||||
cacheOnly = 1;
|
||||
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
|
||||
#else
|
||||
/* Skipping, SNI not enabled at server side. */
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (OPAQUE16_LEN > length)
|
||||
return BUFFER_ERROR;
|
||||
@@ -1587,9 +1630,9 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
break;
|
||||
#endif
|
||||
byte matched = cacheOnly ||
|
||||
((XSTRLEN(sni->data.host_name) == size)
|
||||
&& (XSTRNCMP(sni->data.host_name,
|
||||
(const char*)input + offset, size) == 0));
|
||||
((XSTRLEN(sni->data.host_name) == size) &&
|
||||
(XSTRNCMP(sni->data.host_name,
|
||||
(const char*)input + offset, size) == 0));
|
||||
|
||||
if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
|
||||
int r = TLSX_UseSNI(&ssl->extensions,
|
||||
@@ -1623,7 +1666,8 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
(void)input;
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
@@ -1678,7 +1722,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
|
||||
void* heap)
|
||||
{
|
||||
TLSX* extension;
|
||||
SNI* sni = NULL;
|
||||
SNI* sni = NULL;
|
||||
|
||||
if (extensions == NULL || data == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -1689,6 +1733,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
|
||||
extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
|
||||
if (!extension) {
|
||||
int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
|
||||
|
||||
if (ret != 0) {
|
||||
TLSX_SNI_Free(sni, heap);
|
||||
return ret;
|
||||
@@ -1702,13 +1747,14 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
|
||||
/* remove duplicate SNI, there should be only one of each type. */
|
||||
do {
|
||||
if (sni->next && sni->next->type == type) {
|
||||
SNI *next = sni->next;
|
||||
SNI* next = sni->next;
|
||||
|
||||
sni->next = next->next;
|
||||
TLSX_SNI_Free(next, heap);
|
||||
|
||||
/* there is no way to occur more than */
|
||||
/* two SNIs of the same type. */
|
||||
/* there is no way to occur more than
|
||||
* two SNIs of the same type.
|
||||
*/
|
||||
break;
|
||||
}
|
||||
} while ((sni = sni->next));
|
||||
@@ -1753,8 +1799,8 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
||||
byte type, byte* sni, word32* inOutSz)
|
||||
{
|
||||
word32 offset = 0;
|
||||
word32 len32 = 0;
|
||||
word16 len16 = 0;
|
||||
word32 len32 = 0;
|
||||
word16 len16 = 0;
|
||||
|
||||
if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
|
||||
return INCOMPLETE_DATA;
|
||||
@@ -1933,11 +1979,17 @@ static word16 TLSX_MFL_Write(byte* data, byte* output)
|
||||
static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte isRequest)
|
||||
{
|
||||
(void)isRequest;
|
||||
|
||||
if (length != ENUM_LEN)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
#ifdef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
|
||||
(void) isRequest;
|
||||
#else
|
||||
if (!isRequest)
|
||||
if (TLSX_CheckUnsupportedExtension(ssl, TLSX_MAX_FRAGMENT_LENGTH))
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
#endif
|
||||
|
||||
switch (*input) {
|
||||
case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
|
||||
case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
|
||||
@@ -1953,9 +2005,10 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (isRequest) {
|
||||
int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
|
||||
int ret = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
|
||||
|
||||
if (r != WOLFSSL_SUCCESS) return r; /* throw error */
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret; /* throw error */
|
||||
|
||||
TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
|
||||
}
|
||||
@@ -1967,22 +2020,19 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
|
||||
{
|
||||
byte* data = NULL;
|
||||
int ret = 0;
|
||||
int ret = 0;
|
||||
|
||||
if (extensions == NULL)
|
||||
if (extensions == NULL || mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
|
||||
data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX);
|
||||
if (data == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
data[0] = mfl;
|
||||
|
||||
/* push new MFL extension. */
|
||||
if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap))
|
||||
!= 0) {
|
||||
ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap);
|
||||
if (ret != 0) {
|
||||
XFREE(data, heap, DYNAMIC_TYPE_TLSX);
|
||||
return ret;
|
||||
}
|
||||
@@ -2014,21 +2064,25 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
|
||||
static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
byte isRequest)
|
||||
{
|
||||
(void)isRequest;
|
||||
|
||||
if (length != 0 || input == NULL)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (isRequest) {
|
||||
int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
|
||||
if (!isRequest) {
|
||||
#ifndef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
|
||||
if (TLSX_CheckUnsupportedExtension(ssl, TLSX_TRUNCATED_HMAC))
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
int ret = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
|
||||
|
||||
if (r != WOLFSSL_SUCCESS)
|
||||
return r; /* throw error */
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret; /* throw error */
|
||||
|
||||
TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
|
||||
TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
ssl->truncated_hmac = 1;
|
||||
|
||||
@@ -2042,7 +2096,8 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
|
||||
if (extensions == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0)
|
||||
ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
@@ -2156,8 +2211,8 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
|
||||
csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
|
||||
|
||||
if (!csr)
|
||||
return BUFFER_ERROR; /* unexpected extension */
|
||||
if (!csr) /* unexpected extension */
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
|
||||
/* enable extension at ssl level */
|
||||
ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
|
||||
@@ -2518,8 +2573,8 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
csr2 = extension ?
|
||||
(CertificateStatusRequestItemV2*)extension->data : NULL;
|
||||
|
||||
if (!csr2)
|
||||
return BUFFER_ERROR; /* unexpected extension */
|
||||
if (!csr2) /* unexpected extension */
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
|
||||
/* enable extension at ssl level */
|
||||
for (; csr2; csr2 = csr2->next) {
|
||||
@@ -2881,38 +2936,44 @@ static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap)
|
||||
static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name,
|
||||
void* heap)
|
||||
{
|
||||
if (list == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
while (1) {
|
||||
if (list->name == name)
|
||||
return 0; /* curve alreay in use */
|
||||
while (list) {
|
||||
if (list->name == name) {
|
||||
ret = 0; /* curve alreay in use */
|
||||
break;
|
||||
}
|
||||
|
||||
if (list->next == NULL)
|
||||
return TLSX_SupportedCurve_New(&list->next, name, heap);
|
||||
if (list->next == NULL) {
|
||||
ret = TLSX_SupportedCurve_New(&list->next, name, heap);
|
||||
break;
|
||||
}
|
||||
|
||||
list = list->next;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
|
||||
{
|
||||
if (list == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
while (1) {
|
||||
if (list->format == format)
|
||||
return 0; /* format already in use */
|
||||
while (list) {
|
||||
if (list->format == format) {
|
||||
ret = 0; /* format already in use */
|
||||
break;
|
||||
}
|
||||
|
||||
if (list->next == NULL)
|
||||
return TLSX_PointFormat_New(&list->next, format, heap);
|
||||
if (list->next == NULL) {
|
||||
ret = TLSX_PointFormat_New(&list->next, format, heap);
|
||||
break;
|
||||
}
|
||||
|
||||
list = list->next;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
@@ -3032,7 +3093,8 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
word16 name;
|
||||
int ret;
|
||||
|
||||
(void) isRequest; /* shut up compiler! */
|
||||
if(!isRequest && !IsAtLeastTLSv1_3(ssl->version))
|
||||
return BUFFER_ERROR; /* servers doesn't send this extension. */
|
||||
|
||||
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
|
||||
return BUFFER_ERROR;
|
||||
@@ -3047,7 +3109,6 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
ato16(input + offset, &name);
|
||||
|
||||
ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
|
||||
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret; /* throw error */
|
||||
}
|
||||
@@ -3718,7 +3779,9 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
(void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
|
||||
|
||||
if (!isRequest) {
|
||||
/* client side */
|
||||
if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET))
|
||||
return TLSX_HandleUnsupportedExtension(ssl);
|
||||
|
||||
if (length != 0)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
@@ -4853,8 +4916,13 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
|
||||
if (length != OPAQUE16_LEN + len)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
XMEMCPY(suites->hashSigAlgo, input, len);
|
||||
/* truncate hashSigAlgo list if too long */
|
||||
suites->hashSigAlgoSz = len;
|
||||
if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
|
||||
WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
|
||||
suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
|
||||
}
|
||||
XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz);
|
||||
|
||||
return TLSX_SignatureAlgorithms_MapPss(ssl, input, len);
|
||||
}
|
||||
@@ -6461,11 +6529,11 @@ static INLINE byte GetHmacLength(int hmac)
|
||||
case sha256_mac:
|
||||
return WC_SHA256_DIGEST_SIZE;
|
||||
#endif
|
||||
#ifndef NO_SHA384
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case sha384_mac:
|
||||
return WC_SHA384_DIGEST_SIZE;
|
||||
#endif
|
||||
#ifndef NO_SHA512
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case sha512_mac:
|
||||
return WC_SHA512_DIGEST_SIZE;
|
||||
#endif
|
||||
@@ -8100,10 +8168,11 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType)
|
||||
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case encrypted_extensions:
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
@@ -8186,10 +8255,11 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType)
|
||||
case hello_retry_request:
|
||||
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_TLS13
|
||||
case encrypted_extensions:
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
@@ -8569,18 +8639,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
WOLFSSL_METHOD* wolfTLSv1_client_method(void)
|
||||
{
|
||||
return wolfTLSv1_client_method_ex(NULL);
|
||||
}
|
||||
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
|
||||
{
|
||||
return wolfTLSv1_1_client_method_ex(NULL);
|
||||
}
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap)
|
||||
{
|
||||
WOLFSSL_METHOD* method =
|
||||
@@ -8590,7 +8654,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
||||
InitSSL_Method(method, MakeTLSv1());
|
||||
return method;
|
||||
}
|
||||
#endif /* WOLFSSL_ALLOW_TLSV10 */
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
|
||||
{
|
||||
return wolfTLSv1_1_client_method_ex(NULL);
|
||||
}
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap)
|
||||
{
|
||||
@@ -8687,18 +8756,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
|
||||
#ifdef WOLFSSL_ALLOW_TLSV10
|
||||
WOLFSSL_METHOD* wolfTLSv1_server_method(void)
|
||||
{
|
||||
return wolfTLSv1_server_method_ex(NULL);
|
||||
}
|
||||
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
|
||||
{
|
||||
return wolfTLSv1_1_server_method_ex(NULL);
|
||||
}
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap)
|
||||
{
|
||||
WOLFSSL_METHOD* method =
|
||||
@@ -8710,7 +8773,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
||||
}
|
||||
return method;
|
||||
}
|
||||
#endif /* WOLFSSL_ALLOW_TLSV10 */
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
|
||||
{
|
||||
return wolfTLSv1_1_server_method_ex(NULL);
|
||||
}
|
||||
|
||||
WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap)
|
||||
{
|
||||
|
||||
+120
-4
@@ -169,6 +169,7 @@ static int Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen,
|
||||
* TLS v1.3 defines this function.
|
||||
*
|
||||
* okm The generated pseudorandom key - output key material.
|
||||
* okmLen The length of generated pseudorandom key - output key material.
|
||||
* prk The salt - pseudo-random key.
|
||||
* prkLen The length of the salt - pseudo-random key.
|
||||
* protocol The TLS protocol label.
|
||||
@@ -808,6 +809,62 @@ static int DeriveMasterSecret(WOLFSSL* ssl)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
#if defined(HAVE_SESSION_TICKET)
|
||||
/* Length of the resumption label. */
|
||||
#define RESUMPTION_LABEL_SZ 10
|
||||
/* Resumption label for generating PSK assocated with the ticket. */
|
||||
static const byte resumptionLabel[RESUMPTION_LABEL_SZ+1] = "resumption";
|
||||
/* Derive the PSK assocated with the ticket.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
* nonce The nonce to derive with.
|
||||
* nonceLen The length of the nonce to derive with.
|
||||
* secret The derived secret.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen,
|
||||
byte* secret)
|
||||
{
|
||||
int digestAlg;
|
||||
/* Only one protocol version defined at this time. */
|
||||
const byte* protocol = tls13ProtocolLabel;
|
||||
word32 protocolLen = TLS13_PROTOCOL_LABEL_SZ;
|
||||
|
||||
WOLFSSL_MSG("Derive Resumption PSK");
|
||||
|
||||
switch (ssl->specs.mac_algorithm) {
|
||||
#ifndef NO_SHA256
|
||||
case sha256_mac:
|
||||
digestAlg = WC_SHA256;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case sha384_mac:
|
||||
digestAlg = WC_SHA256;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13_TLS13_SHA512
|
||||
case sha512_mac:
|
||||
digestAlg = WC_SHA256;
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
return HKDF_Expand_Label(secret, ssl->specs.hash_size,
|
||||
ssl->session.masterSecret, ssl->specs.hash_size,
|
||||
protocol, protocolLen, resumptionLabel,
|
||||
RESUMPTION_LABEL_SZ, nonce, nonceLen, digestAlg);
|
||||
}
|
||||
#endif /* HAVE_SESSION_TICKET */
|
||||
#endif /* WOLFSSL_TLS13_DRAFT_18 */
|
||||
|
||||
|
||||
/* Calculate the HMAC of message data to this point.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
@@ -1430,7 +1487,7 @@ static INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
|
||||
nonce[i] ^= iv[i];
|
||||
}
|
||||
|
||||
#ifdef HAVE_CHACHA
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
/* Encrypt with ChaCha20 and create authenication tag with Poly1305.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
@@ -1630,7 +1687,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CHACHA
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
/* Decrypt with ChaCha20 and check authenication tag with Poly1305.
|
||||
*
|
||||
* ssl The SSL/TLS object.
|
||||
@@ -2055,8 +2112,15 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
|
||||
#endif
|
||||
/* Resumption PSK is master secret. */
|
||||
ssl->arrays->psk_keySz = ssl->specs.hash_size;
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
|
||||
ssl->arrays->psk_keySz);
|
||||
#else
|
||||
if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data,
|
||||
ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_PSK
|
||||
@@ -2916,8 +2980,15 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
|
||||
|
||||
/* Resumption PSK is resumption master secret. */
|
||||
ssl->arrays->psk_keySz = ssl->specs.hash_size;
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
|
||||
ssl->specs.hash_size);
|
||||
ssl->arrays->psk_keySz);
|
||||
#else
|
||||
if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data,
|
||||
ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Derive the early secret using the PSK. */
|
||||
ret = DeriveEarlySecret(ssl);
|
||||
@@ -5550,6 +5621,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
||||
word32 ageAdd;
|
||||
word16 length;
|
||||
word32 now;
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
const byte* nonce;
|
||||
byte nonceLength;
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("DoTls13NewSessionTicket");
|
||||
|
||||
@@ -5567,6 +5642,24 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
||||
ato32(input + *inOutIdx, &ageAdd);
|
||||
*inOutIdx += SESSION_ADD_SZ;
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* Ticket nonce. */
|
||||
if ((*inOutIdx - begin) + 1 > size)
|
||||
return BUFFER_ERROR;
|
||||
nonceLength = input[*inOutIdx];
|
||||
if (nonceLength == 0)
|
||||
return INVALID_PARAMETER;
|
||||
if (nonceLength > MAX_TICKET_NONCE_SZ) {
|
||||
WOLFSSL_MSG("Nonce length not supported");
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
*inOutIdx += 1;
|
||||
if ((*inOutIdx - begin) + nonceLength > size)
|
||||
return BUFFER_ERROR;
|
||||
nonce = input + *inOutIdx;
|
||||
*inOutIdx += 1;
|
||||
#endif
|
||||
|
||||
/* Ticket length. */
|
||||
if ((*inOutIdx - begin) + LENGTH_SZ > size)
|
||||
return BUFFER_ERROR;
|
||||
@@ -5592,6 +5685,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
ssl->session.maxEarlyDataSz = ssl->options.maxEarlyDataSz;
|
||||
#endif
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
ssl->session.ticketNonce.len = nonceLength;
|
||||
XMEMCPY(&ssl->session.ticketNonce.data, nonce, nonceLength);
|
||||
#endif
|
||||
|
||||
if ((*inOutIdx - begin) + EXTS_SZ > size)
|
||||
return BUFFER_ERROR;
|
||||
@@ -5751,6 +5848,16 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* Start ticket nonce at 0 and go up to 255. */
|
||||
if (ssl->session.ticketNonce.len == 0) {
|
||||
ssl->session.ticketNonce.len = DEF_TICKET_NONCE_SZ;
|
||||
ssl->session.ticketNonce.data[0] = 0;
|
||||
}
|
||||
else
|
||||
ssl->session.ticketNonce.data[0]++;
|
||||
#endif
|
||||
|
||||
if (!ssl->options.noTicketTls13) {
|
||||
if ((ret = CreateTicket(ssl)) != 0)
|
||||
return ret;
|
||||
@@ -5768,6 +5875,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
|
||||
/* Lifetime | Age Add | Ticket | Extensions */
|
||||
length = SESSION_HINT_SZ + SESSION_ADD_SZ + LENGTH_SZ +
|
||||
ssl->session.ticketLen + extSz;
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* Nonce */
|
||||
length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ;
|
||||
#endif
|
||||
sendSz = idx + length + MAX_MSG_EXTRA;
|
||||
|
||||
/* Check buffers are big enough and grow if needed. */
|
||||
@@ -5788,6 +5899,11 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
|
||||
c32toa(ssl->session.ticketAdd, output + idx);
|
||||
idx += SESSION_ADD_SZ;
|
||||
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
output[idx++] = ssl->session.ticketNonce.len;
|
||||
output[idx++] = ssl->session.ticketNonce.data[0];
|
||||
#endif
|
||||
|
||||
/* length */
|
||||
c16toa(ssl->session.ticketLen, output + idx);
|
||||
idx += LENGTH_SZ;
|
||||
@@ -6003,8 +6119,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
byte type, word32 size, word32 totalSz)
|
||||
{
|
||||
int ret = 0;
|
||||
(void)totalSz;
|
||||
word32 inIdx = *inOutIdx;
|
||||
(void)totalSz;
|
||||
|
||||
WOLFSSL_ENTER("DoTls13HandShakeMsgType");
|
||||
|
||||
|
||||
+36
-17
@@ -271,8 +271,10 @@ static void test_wolfSSL_Method_Allocators(void)
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
|
||||
#endif
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
|
||||
#ifdef WOLFSL_ALLOW_TLSV10
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
|
||||
#endif
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
|
||||
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
|
||||
#endif
|
||||
@@ -756,7 +758,9 @@ static void test_wolfSSL_EC(void)
|
||||
EC_POINT *Gxy, *new_point;
|
||||
BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
|
||||
BIGNUM *X, *Y;
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
|
||||
char* hexStr;
|
||||
#endif
|
||||
const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
|
||||
/* NISTP256R1 Gx/Gy */
|
||||
const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
|
||||
@@ -792,6 +796,21 @@ static void test_wolfSSL_EC(void)
|
||||
/* check if point X coordinate is zero */
|
||||
AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
|
||||
|
||||
/* check bx2hex */
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL)
|
||||
hexStr = BN_bn2hex(k);
|
||||
AssertStrEQ(hexStr, kTest);
|
||||
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
|
||||
|
||||
hexStr = BN_bn2hex(Gx);
|
||||
AssertStrEQ(hexStr, kGx);
|
||||
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
|
||||
|
||||
hexStr = BN_bn2hex(Gy);
|
||||
AssertStrEQ(hexStr, kGy);
|
||||
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
|
||||
/* cleanup */
|
||||
BN_free(X);
|
||||
BN_free(Y);
|
||||
@@ -1789,7 +1808,7 @@ static void test_wolfSSL_UseSNI_connection(void)
|
||||
{0, use_SNI_at_ctx, 0, verify_SNI_real_matching},
|
||||
|
||||
/* success case at ssl */
|
||||
{0, 0, use_SNI_at_ssl, 0},
|
||||
{0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
|
||||
{0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
|
||||
|
||||
/* default missmatch behavior */
|
||||
@@ -7782,7 +7801,7 @@ static int test_wc_MakeRsaKey (void)
|
||||
if (ret == 0) {
|
||||
ret = wc_InitRng(&rng);
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@@ -7791,9 +7810,9 @@ static int test_wc_MakeRsaKey (void)
|
||||
#ifndef HAVE_USER_RSA
|
||||
/* Test bad args. */
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(NULL, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(NULL, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, 65537, NULL);
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, NULL);
|
||||
}
|
||||
if (ret == BAD_FUNC_ARG) {
|
||||
/* e < 3 */
|
||||
@@ -7812,9 +7831,9 @@ static int test_wc_MakeRsaKey (void)
|
||||
#else
|
||||
/* Test bad args. */
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(NULL, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(NULL, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret == USER_CRYPTO_ERROR) {
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, 65537, NULL);
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, NULL);
|
||||
}
|
||||
if (ret == USER_CRYPTO_ERROR) {
|
||||
/* e < 3 */
|
||||
@@ -7925,7 +7944,7 @@ static int test_wc_RsaKeyToDer (void)
|
||||
}
|
||||
/* Make key. */
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret != 0) {
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@@ -8018,7 +8037,7 @@ static int test_wc_RsaKeyToPublicDer (void)
|
||||
ret = wc_InitRng(&rng);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
}
|
||||
|
||||
printf(testingFmt, "wc_RsaKeyToPublicDer()");
|
||||
@@ -8106,7 +8125,7 @@ static int test_wc_RsaPublicEncryptDecrypt (void)
|
||||
ret = wc_InitRng(&rng);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
}
|
||||
/* Encrypt. */
|
||||
printf(testingFmt, "wc_RsaPublicEncrypt()");
|
||||
@@ -8194,7 +8213,7 @@ static int test_wc_RsaPublicEncryptDecrypt_ex (void)
|
||||
ret = wc_InitRng(&rng);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
}
|
||||
/* Encrypt */
|
||||
printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
|
||||
@@ -8301,7 +8320,7 @@ static int test_wc_RsaSSL_SignVerify (void)
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
}
|
||||
/* Sign. */
|
||||
printf(testingFmt, "wc_RsaSSL_Sign()");
|
||||
@@ -8447,7 +8466,7 @@ static int test_wc_RsaEncryptSize (void)
|
||||
|
||||
printf(testingFmt, "wc_RsaEncryptSize()");
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaEncryptSize(&key);
|
||||
}
|
||||
@@ -8464,7 +8483,7 @@ static int test_wc_RsaEncryptSize (void)
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, FOURK_BUF, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, FOURK_BUF, WC_RSA_EXPONENT, &rng);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaEncryptSize(&key);
|
||||
}
|
||||
@@ -8521,7 +8540,7 @@ static int test_wc_RsaFlattenPublicKey (void)
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_MakeRsaKey(&key, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&key, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret >= 0) {
|
||||
ret = 0;
|
||||
} else {
|
||||
|
||||
+33
-25
@@ -37,7 +37,8 @@
|
||||
#define MAX_COMMAND_SZ 240
|
||||
#define MAX_SUITE_SZ 80
|
||||
#define NOT_BUILT_IN -123
|
||||
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
|
||||
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \
|
||||
!defined(WOLFSSL_ALLOW_TLSV10)
|
||||
#define VERSION_TOO_OLD -124
|
||||
#endif
|
||||
|
||||
@@ -61,49 +62,48 @@ static char forceDefCipherListFlag[] = "-HdefCipherList";
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_ALLOW_SSLV3
|
||||
/* if the protocol version is sslv3 return 1, else 0 */
|
||||
static int IsSslVersion(const char* line)
|
||||
#ifdef VERSION_TOO_OLD
|
||||
static int GetTlsVersion(const char* line)
|
||||
{
|
||||
int version = -1;
|
||||
const char* find = "-v ";
|
||||
const char* begin = strstr(line, find);
|
||||
|
||||
if (begin) {
|
||||
int version = -1;
|
||||
|
||||
begin += 3;
|
||||
|
||||
version = atoi(begin);
|
||||
|
||||
if (version == 0)
|
||||
return 1;
|
||||
}
|
||||
return version;
|
||||
}
|
||||
|
||||
return 0;
|
||||
#ifndef WOLFSSL_ALLOW_SSLV3
|
||||
/* if the protocol version is sslv3 return 1, else 0 */
|
||||
static int IsSslVersion(const char* line)
|
||||
{
|
||||
int version = GetTlsVersion(line);
|
||||
return (version == 0) ? 1 : 0;
|
||||
}
|
||||
#endif /* !WOLFSSL_ALLOW_SSLV3 */
|
||||
|
||||
#ifndef WOLFSSL_ALLOW_TLSV10
|
||||
/* if the protocol version is TLSv1.0 return 1, else 0 */
|
||||
static int IsTls10Version(const char* line)
|
||||
{
|
||||
int version = GetTlsVersion(line);
|
||||
return (version == 1) ? 1 : 0;
|
||||
}
|
||||
#endif /* !WOLFSSL_ALLOW_TLSV10 */
|
||||
|
||||
#ifdef NO_OLD_TLS
|
||||
/* if the protocol version is less than tls 1.2 return 1, else 0 */
|
||||
static int IsOldTlsVersion(const char* line)
|
||||
{
|
||||
const char* find = "-v ";
|
||||
const char* begin = strstr(line, find);
|
||||
|
||||
if (begin) {
|
||||
int version = -1;
|
||||
|
||||
begin += 3;
|
||||
|
||||
version = atoi(begin);
|
||||
|
||||
if (version < 3)
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
int version = GetTlsVersion(line);
|
||||
return (version < 3) ? 1 : 0;
|
||||
}
|
||||
#endif /* NO_OLD_TLS */
|
||||
#endif /* VERSION_TOO_OLD */
|
||||
|
||||
|
||||
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
|
||||
@@ -214,6 +214,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
|
||||
return VERSION_TOO_OLD;
|
||||
}
|
||||
#endif
|
||||
#ifndef WOLFSSL_ALLOW_TLSV10
|
||||
if (IsTls10Version(commandLine) == 1) {
|
||||
#ifdef DEBUG_SUITE_TESTS
|
||||
printf("protocol version on line %s is too old\n", commandLine);
|
||||
#endif
|
||||
return VERSION_TOO_OLD;
|
||||
}
|
||||
#endif
|
||||
#ifdef NO_OLD_TLS
|
||||
if (IsOldTlsVersion(commandLine) == 1) {
|
||||
#ifdef DEBUG_SUITE_TESTS
|
||||
|
||||
@@ -2944,7 +2944,7 @@ void bench_rsaKeyGen(int doAsync)
|
||||
int ret = 0, i, count = 0, times, pending = 0;
|
||||
int k, keySz;
|
||||
const int keySizes[2] = {1024, 2048};
|
||||
const long rsa_e_val = 65537;
|
||||
const long rsa_e_val = WC_RSA_EXPONENT;
|
||||
|
||||
/* clear for done cleanup */
|
||||
XMEMSET(genKey, 0, sizeof(genKey));
|
||||
|
||||
+1362
-1333
File diff suppressed because it is too large
Load Diff
@@ -6196,6 +6196,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
|
||||
XSTRNCPY(footer, END_RSA_PRIV, footerLen);
|
||||
XSTRNCAT(footer, "\n", 1);
|
||||
}
|
||||
else if (type == PUBLICKEY_TYPE) {
|
||||
XSTRNCPY(header, BEGIN_PUB_KEY, headerLen);
|
||||
XSTRNCAT(header, "\n", 1);
|
||||
|
||||
XSTRNCPY(footer, END_PUB_KEY, footerLen);
|
||||
XSTRNCAT(footer, "\n", 1);
|
||||
}
|
||||
#ifndef NO_DSA
|
||||
else if (type == DSA_PRIVATEKEY_TYPE) {
|
||||
XSTRNCPY(header, BEGIN_DSA_PRIV, headerLen);
|
||||
|
||||
@@ -28,8 +28,8 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/cpuid.h>
|
||||
|
||||
#if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
|
||||
defined(WOLFSSL_AESNI)
|
||||
#if (defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
|
||||
defined(WOLFSSL_AESNI)) && !defined(WOLFSSL_NO_ASM)
|
||||
/* Each platform needs to query info type 1 from cpuid to see if aesni is
|
||||
* supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
|
||||
*/
|
||||
|
||||
+14
-11
@@ -1099,7 +1099,7 @@ static int wc_ecc_curve_load_item(const char* src, mp_int** dst,
|
||||
if (err == MP_OKAY) {
|
||||
curve->load_mask |= mask;
|
||||
|
||||
err = mp_read_radix(*dst, src, 16);
|
||||
err = mp_read_radix(*dst, src, MP_RADIX_HEX);
|
||||
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
if (err == MP_OKAY)
|
||||
@@ -2599,7 +2599,7 @@ static int wc_ecc_cmp_param(const char* curveParam,
|
||||
err = mp_read_unsigned_bin(&a, param, paramSz);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_radix(&b, curveParam, 16);
|
||||
err = mp_read_radix(&b, curveParam, MP_RADIX_HEX);
|
||||
|
||||
if (err == MP_OKAY) {
|
||||
if (mp_cmp(&a, &b) != MP_EQ) {
|
||||
@@ -4951,7 +4951,7 @@ int wc_ecc_check_key(ecc_key* key)
|
||||
if (err == MP_OKAY)
|
||||
err = mp_init(b);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_radix(b, key->dp->Bf, 16);
|
||||
err = mp_read_radix(b, key->dp->Bf, MP_RADIX_HEX);
|
||||
#else
|
||||
b = curve->Bf;
|
||||
#endif
|
||||
@@ -5378,9 +5378,9 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen)
|
||||
if (err != MP_OKAY)
|
||||
return err;
|
||||
|
||||
err = mp_read_radix(&rtmp, r, 16);
|
||||
err = mp_read_radix(&rtmp, r, MP_RADIX_HEX);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_radix(&stmp, s, 16);
|
||||
err = mp_read_radix(&stmp, s, MP_RADIX_HEX);
|
||||
|
||||
/* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */
|
||||
if (err == MP_OKAY)
|
||||
@@ -5496,11 +5496,11 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
|
||||
/* read Qx */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_radix(key->pubkey.x, qx, 16);
|
||||
err = mp_read_radix(key->pubkey.x, qx, MP_RADIX_HEX);
|
||||
|
||||
/* read Qy */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_read_radix(key->pubkey.y, qy, 16);
|
||||
err = mp_read_radix(key->pubkey.y, qy, MP_RADIX_HEX);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_set(key->pubkey.z, 1);
|
||||
@@ -5509,7 +5509,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
|
||||
if (err == MP_OKAY) {
|
||||
if (d != NULL) {
|
||||
key->type = ECC_PRIVATEKEY;
|
||||
err = mp_read_radix(&key->k, d, 16);
|
||||
err = mp_read_radix(&key->k, d, MP_RADIX_HEX);
|
||||
} else {
|
||||
key->type = ECC_PUBLICKEY;
|
||||
}
|
||||
@@ -6440,7 +6440,8 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a,
|
||||
/* back off if we are on the 521 bit curve */
|
||||
if (y == 66) --x;
|
||||
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order,
|
||||
MP_RADIX_HEX)) != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -6591,7 +6592,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
|
||||
/* back off if we are on the 521 bit curve */
|
||||
if (y == 66) --x;
|
||||
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order,
|
||||
MP_RADIX_HEX)) != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -6622,7 +6624,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
|
||||
/* back off if we are on the 521 bit curve */
|
||||
if (y == 66) --x;
|
||||
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
|
||||
if ((err = mp_read_radix(&order, ecc_sets[x].order,
|
||||
MP_RADIX_HEX)) != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
@@ -4169,7 +4169,8 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
|
||||
#endif /* defined(HAVE_ECC) || !defined(NO_PWDBASED) */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC)
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC) || \
|
||||
defined(DEBUG_WOLFSSL)
|
||||
|
||||
static const int lnz[16] = {
|
||||
4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
|
||||
@@ -4315,7 +4316,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
|
||||
return mp_div_d(a, b, NULL, c);
|
||||
}
|
||||
|
||||
#endif /* defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY)||defined(HAVE_ECC) */
|
||||
#endif /* WOLFSSL_KEY_GEN || HAVE_COMP_KEY || HAVE_ECC || DEBUG_WOLFSSL */
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
|
||||
@@ -4746,7 +4747,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
|
||||
mp_zero(a);
|
||||
|
||||
/* make sure the radix is ok */
|
||||
if (radix < 2 || radix > 64) {
|
||||
if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
@@ -4808,7 +4809,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
|
||||
defined(WOLFSSL_DEBUG_MATH)
|
||||
defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
|
||||
|
||||
/* returns size of ASCII representation */
|
||||
int mp_radix_size (mp_int *a, int radix, int *size)
|
||||
@@ -4820,13 +4821,13 @@ int mp_radix_size (mp_int *a, int radix, int *size)
|
||||
*size = 0;
|
||||
|
||||
/* special case for binary */
|
||||
if (radix == 2) {
|
||||
if (radix == MP_RADIX_BIN) {
|
||||
*size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
/* make sure the radix is in range */
|
||||
if (radix < 2 || radix > 64) {
|
||||
if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
@@ -4875,7 +4876,7 @@ int mp_toradix (mp_int *a, char *str, int radix)
|
||||
char *_s = str;
|
||||
|
||||
/* check range of the radix */
|
||||
if (radix < 2 || radix > 64) {
|
||||
if (radix < MP_RADIX_BIN || radix > MP_RADIX_MAX) {
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
@@ -4933,7 +4934,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose)
|
||||
printf("%s: ptr=%p, used=%d, sign=%d, size=%d, mpd=%d\n",
|
||||
desc, a, a->used, a->sign, size, (int)sizeof(mp_digit));
|
||||
|
||||
mp_toradix(a, buffer, 16);
|
||||
mp_tohex(a, buffer);
|
||||
printf(" %s\n ", buffer);
|
||||
|
||||
if (verbose) {
|
||||
|
||||
+12
-8
@@ -207,8 +207,8 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length)
|
||||
void WOLFSSL_ENTER(const char* msg)
|
||||
{
|
||||
if (loggingEnabled) {
|
||||
char buffer[80];
|
||||
sprintf(buffer, "wolfSSL Entering %s", msg);
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg);
|
||||
wolfssl_log(ENTER_LOG , buffer);
|
||||
}
|
||||
}
|
||||
@@ -217,8 +217,9 @@ void WOLFSSL_ENTER(const char* msg)
|
||||
void WOLFSSL_LEAVE(const char* msg, int ret)
|
||||
{
|
||||
if (loggingEnabled) {
|
||||
char buffer[80];
|
||||
sprintf(buffer, "wolfSSL Leaving %s, return %d", msg, ret);
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d",
|
||||
msg, ret);
|
||||
wolfssl_log(LEAVE_LOG , buffer);
|
||||
}
|
||||
}
|
||||
@@ -241,18 +242,20 @@ void WOLFSSL_ERROR(int error)
|
||||
if (loggingEnabled && error != WC_PENDING_E)
|
||||
#endif
|
||||
{
|
||||
char buffer[80];
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
|
||||
(void)usrCtx; /* a user ctx for future flexibility */
|
||||
(void)func;
|
||||
|
||||
if (wc_LockMutex(&debug_mutex) != 0) {
|
||||
WOLFSSL_MSG("Lock debug mutex failed");
|
||||
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
|
||||
XSNPRINTF(buffer, sizeof(buffer),
|
||||
"wolfSSL error occurred, error = %d", error);
|
||||
}
|
||||
else {
|
||||
if (error < 0) error = error - (2*error); /*get absolute value*/
|
||||
sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s",
|
||||
XSNPRINTF(buffer, sizeof(buffer),
|
||||
"wolfSSL error occurred, error = %d line:%d file:%s",
|
||||
error, line, file);
|
||||
if (wc_AddErrorNode(error, line, buffer, (char*)file) != 0) {
|
||||
WOLFSSL_MSG("Error creating logging node");
|
||||
@@ -263,7 +266,8 @@ void WOLFSSL_ERROR(int error)
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
}
|
||||
#else
|
||||
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
|
||||
XSNPRINTF(buffer, sizeof(buffer),
|
||||
"wolfSSL error occurred, error = %d", error);
|
||||
#endif
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
wolfssl_log(ERROR_LOG , buffer);
|
||||
|
||||
@@ -140,8 +140,8 @@ STATIC INLINE word64 rotrFixed64(word64 x, word64 y)
|
||||
STATIC INLINE word64 ByteReverseWord64(word64 value)
|
||||
{
|
||||
#if defined(WOLFCRYPT_SLOW_WORD64)
|
||||
return (word64)(ByteReverseWord32((word32)value)) << 32 |
|
||||
ByteReverseWord32((word32)(value>>32));
|
||||
return (word64)((word64)ByteReverseWord32((word32) value)) << 32 |
|
||||
(word64)ByteReverseWord32((word32)(value >> 32));
|
||||
#else
|
||||
value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) |
|
||||
((value & W64LIT(0x00FF00FF00FF00FF)) << 8);
|
||||
@@ -192,7 +192,7 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
||||
STATIC INLINE void ForceZero(const void* mem, word32 len)
|
||||
{
|
||||
volatile byte* z = (volatile byte*)mem;
|
||||
#ifdef WOLFSSL_X86_64_BUILD
|
||||
#if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE)
|
||||
volatile word64* w;
|
||||
|
||||
for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w))
|
||||
|
||||
+12
-3
@@ -73,8 +73,11 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output)
|
||||
0x0D, 0x01, 0x07, 0x04 };
|
||||
const byte digestedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x07, 0x05 };
|
||||
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
const byte encryptedData[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x07, 0x06 };
|
||||
#endif
|
||||
|
||||
int idSz;
|
||||
int typeSz = 0, idx = 0;
|
||||
@@ -112,10 +115,12 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output)
|
||||
typeName = digestedData;
|
||||
break;
|
||||
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
case ENCRYPTED_DATA:
|
||||
typeSz = sizeof(encryptedData);
|
||||
typeName = encryptedData;
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown PKCS#7 Type");
|
||||
@@ -382,7 +387,7 @@ typedef struct ESD {
|
||||
enum wc_HashType hashType;
|
||||
byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
|
||||
byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
|
||||
byte encContentDigest[512];
|
||||
byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
|
||||
|
||||
byte outerSeq[MAX_SEQ_SZ];
|
||||
byte outerContent[MAX_EXP_SZ];
|
||||
@@ -3217,7 +3222,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
int keySz;
|
||||
word32 encOID;
|
||||
word32 keyIdx;
|
||||
byte issuerHash[WC_SHA_DIGEST_SIZE];
|
||||
byte issuerHash[KEYID_SIZE];
|
||||
byte* outKey = NULL;
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
@@ -3245,7 +3250,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* if we found correct recipient, issuer hashes will match */
|
||||
if (XMEMCMP(issuerHash, pkcs7->issuerHash, WC_SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(issuerHash, pkcs7->issuerHash, KEYID_SIZE) == 0) {
|
||||
*recipFound = 1;
|
||||
}
|
||||
|
||||
@@ -4153,6 +4158,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
|
||||
/* build PKCS#7 encryptedData content type, return encrypted size */
|
||||
int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
{
|
||||
@@ -4617,6 +4624,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
||||
return encryptedContentSz - padLen;
|
||||
}
|
||||
|
||||
#endif /* NO_PKCS7_ENCRYPTED_DATA */
|
||||
|
||||
#else /* HAVE_PKCS7 */
|
||||
|
||||
|
||||
|
||||
@@ -545,6 +545,22 @@ WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inS
|
||||
}
|
||||
#endif /* HAVE_AESCCM */
|
||||
|
||||
WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId)
|
||||
{
|
||||
if (aes == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
aes->heap = heap;
|
||||
(void)devId;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
WOLFSSL_API void wc_AesFree(Aes* aes)
|
||||
{
|
||||
(void)aes;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_TI_CRYPT */
|
||||
|
||||
#endif /* NO_AES */
|
||||
|
||||
@@ -182,6 +182,22 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
|
||||
return -1 ;
|
||||
}
|
||||
|
||||
WOLFSSL_API int wc_Des3Init(Des3* des, void* heap, int devId)
|
||||
{
|
||||
if (des == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
des->heap = heap;
|
||||
(void)devId;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
WOLFSSL_API void wc_Des3Free(Des3* des)
|
||||
{
|
||||
(void)des;
|
||||
}
|
||||
|
||||
|
||||
#endif /* WOLFSSL_TI_CRYPT */
|
||||
|
||||
|
||||
+1
-1
@@ -418,7 +418,7 @@ static INLINE void AddLength(wc_Sha* sha, word32 len)
|
||||
t = e; e = d; d = c; c = b; b = a; a = t;
|
||||
}
|
||||
#else
|
||||
/* nearly 1 K bigger in code size but 25% faster */
|
||||
/* nearly 1 K bigger in code size but 25% faster */
|
||||
/* 4 rounds of 20 operations each. Loop unrolled. */
|
||||
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
|
||||
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
|
||||
|
||||
+1725
-1190
File diff suppressed because it is too large
Load Diff
@@ -327,7 +327,7 @@ do \
|
||||
} \
|
||||
} \
|
||||
while (0)
|
||||
#endif
|
||||
#endif /* SHA3_BY_SPEC */
|
||||
|
||||
/* The block operation performed on the state.
|
||||
*
|
||||
@@ -376,7 +376,7 @@ static void BlockSha3(word64 *s)
|
||||
}
|
||||
#else
|
||||
#include "sha3_long.i"
|
||||
#endif
|
||||
#endif /* WOLFSSL_SHA3_SMALL */
|
||||
|
||||
/* Convert the array of bytes, in little-endian order, to a 64-bit integer.
|
||||
*
|
||||
|
||||
+1887
-696
File diff suppressed because it is too large
Load Diff
+3
-3
@@ -2600,7 +2600,7 @@ int mp_montgomery_calc_normalization(mp_int *a, mp_int *b)
|
||||
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
|
||||
defined(WOLFSSL_DEBUG_MATH)
|
||||
defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
/* swap the elements of two integers, for cases where you can't simply swap the
|
||||
@@ -3252,7 +3252,7 @@ int mp_set(fp_int *a, fp_digit b)
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
|
||||
defined(WOLFSSL_DEBUG_MATH)
|
||||
defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
|
||||
|
||||
/* returns size of ASCII representation */
|
||||
int mp_radix_size (mp_int *a, int radix, int *size)
|
||||
@@ -3373,7 +3373,7 @@ void mp_dump(const char* desc, mp_int* a, byte verbose)
|
||||
printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n",
|
||||
desc, a, a->used, a->sign, size, (int)sizeof(fp_digit));
|
||||
|
||||
mp_toradix(a, buffer, 16);
|
||||
mp_tohex(a, buffer);
|
||||
printf(" %s\n ", buffer);
|
||||
|
||||
if (verbose) {
|
||||
|
||||
+47
-11
@@ -293,7 +293,9 @@ int scrypt_test(void);
|
||||
#ifdef HAVE_PKCS7
|
||||
int pkcs7enveloped_test(void);
|
||||
int pkcs7signed_test(void);
|
||||
int pkcs7encrypted_test(void);
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
int pkcs7encrypted_test(void);
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT)
|
||||
int cert_test(void);
|
||||
@@ -838,10 +840,12 @@ int wolfcrypt_test(void* args)
|
||||
else
|
||||
printf( "PKCS7signed test passed!\n");
|
||||
|
||||
if ( (ret = pkcs7encrypted_test()) != 0)
|
||||
return err_sys("PKCS7encrypted test failed!\n", ret);
|
||||
else
|
||||
printf( "PKCS7encrypted test passed!\n");
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
if ( (ret = pkcs7encrypted_test()) != 0)
|
||||
return err_sys("PKCS7encrypted test failed!\n", ret);
|
||||
else
|
||||
printf( "PKCS7encrypted test passed!\n");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_VALGRIND
|
||||
@@ -6916,8 +6920,11 @@ static const CertName certDefaultName = {
|
||||
};
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
#if (defined(HAVE_ED25519) && defined(WOLFSSL_TEST_CERT)) || \
|
||||
defined(HAVE_ECC)
|
||||
static const char certKeyUsage[] =
|
||||
"digitalSignature,nonRepudiation";
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)
|
||||
static const char certKeyUsage2[] =
|
||||
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
|
||||
@@ -8220,7 +8227,7 @@ int rsa_test(void)
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-5550, exit_rsa);
|
||||
}
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
|
||||
ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, &rng);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-5551, exit_rsa);
|
||||
}
|
||||
@@ -10988,6 +10995,9 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
#ifdef HAVE_ECC_VERIFY
|
||||
int verify = 0;
|
||||
#endif
|
||||
#ifndef USE_CERT_BUFFERS_256
|
||||
FILE* file;
|
||||
#endif
|
||||
|
||||
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
@@ -11003,7 +11013,6 @@ static int ecc_test_make_pub(WC_RNG* rng)
|
||||
XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
|
||||
tmpSz = (size_t)sizeof_ecc_key_der_256;
|
||||
#else
|
||||
FILE* file;
|
||||
file = fopen(eccKeyDerFile, "rb");
|
||||
if (!file) {
|
||||
ERROR_OUT(-6812, done);
|
||||
@@ -14073,7 +14082,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
0x72,0x6c,0x64
|
||||
};
|
||||
|
||||
#if !defined(NO_AES) && defined(HAVE_ECC)
|
||||
#if !defined(NO_AES) && defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
|
||||
byte optionalUkm[] = {
|
||||
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
|
||||
};
|
||||
@@ -14083,8 +14092,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
{
|
||||
/* key transport key encryption technique */
|
||||
#ifndef NO_RSA
|
||||
#ifndef NO_DES3
|
||||
{data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
|
||||
rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataDES3.der"},
|
||||
#endif
|
||||
|
||||
#ifndef NO_AES
|
||||
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
|
||||
@@ -14294,6 +14305,8 @@ int pkcs7enveloped_test(void)
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
|
||||
typedef struct {
|
||||
const byte* content;
|
||||
word32 contentSz;
|
||||
@@ -14495,6 +14508,8 @@ int pkcs7encrypted_test(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* NO_PKCS7_ENCRYPTED_DATA */
|
||||
|
||||
|
||||
typedef struct {
|
||||
const byte* content;
|
||||
@@ -14540,7 +14555,11 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
static byte senderNonceOid[] =
|
||||
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
|
||||
0x09, 0x05 };
|
||||
#ifndef NO_SHA
|
||||
static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#else
|
||||
static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#endif
|
||||
static byte messageType[] = { 0x13, 2, '1', '9' };
|
||||
static byte senderNonce[PKCS7_NONCE_SZ + 2];
|
||||
|
||||
@@ -14684,15 +14703,21 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
}
|
||||
}
|
||||
|
||||
/* generate trans ID */
|
||||
/* generate transactionID (used with SCEP) */
|
||||
{
|
||||
#ifndef NO_SHA
|
||||
wc_Sha sha;
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
#else
|
||||
wc_Sha256 sha;
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
int j,k;
|
||||
|
||||
transId[0] = 0x13;
|
||||
transId[1] = WC_SHA_DIGEST_SIZE * 2;
|
||||
transId[1] = sizeof(digest) * 2;
|
||||
|
||||
#ifndef NO_SHA
|
||||
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -14702,8 +14727,19 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
||||
wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_ShaFinal(&sha, digest);
|
||||
wc_ShaFree(&sha);
|
||||
#else
|
||||
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
return -7704;
|
||||
}
|
||||
wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_Sha256Final(&sha, digest);
|
||||
wc_Sha256Free(&sha);
|
||||
#endif
|
||||
|
||||
for (j = 0, k = 2; j < WC_SHA_DIGEST_SIZE; j++, k += 2) {
|
||||
for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
|
||||
XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -50,12 +50,12 @@
|
||||
#define WOLFSSL_RSA_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
|
||||
enum {
|
||||
RSA_PUBLIC = 0,
|
||||
RSA_PRIVATE = 1,
|
||||
};
|
||||
|
||||
|
||||
/* RSA */
|
||||
struct RsaKey {
|
||||
IppsBigNumState* n;
|
||||
|
||||
+2
-1
@@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes {
|
||||
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
|
||||
WANT_READ = -323, /* want read, call again */
|
||||
NOT_READY_ERROR = -324, /* handshake layer not ready */
|
||||
PMS_VERSION_ERROR = -325, /* pre m secret version error */
|
||||
|
||||
VERSION_ERROR = -326, /* record layer version error */
|
||||
WANT_WRITE = -327, /* want write, call again */
|
||||
BUFFER_ERROR = -328, /* malformed buffer input */
|
||||
@@ -164,6 +164,7 @@ enum wolfSSL_ErrorCodes {
|
||||
MCAST_HIGHWATER_CB_E = -426, /* Multicast highwater cb err */
|
||||
ALERT_COUNT_E = -427, /* Alert Count exceeded err */
|
||||
EXT_MISSING = -428, /* Required extension not found */
|
||||
UNSUPPORTED_EXTENSION = -429, /* TLSX not requested by client */
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
|
||||
+32
-11
@@ -646,7 +646,7 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CHACHA
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_CHACHA20_POLY1305_SHA256
|
||||
#endif
|
||||
@@ -955,7 +955,7 @@ enum Misc {
|
||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
|
||||
#else
|
||||
TLS_DRAFT_MINOR = 0x14, /* Minor version number of TLS draft */
|
||||
TLS_DRAFT_MINOR = 0x15, /* Minor version number of TLS draft */
|
||||
#endif
|
||||
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
|
||||
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
|
||||
@@ -1003,6 +1003,9 @@ enum Misc {
|
||||
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
|
||||
SESSION_HINT_SZ = 4, /* session timeout hint */
|
||||
SESSION_ADD_SZ = 4, /* session age add */
|
||||
TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
|
||||
DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
|
||||
MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */
|
||||
MAX_LIFETIME = 604800, /* maximum ticket lifetime */
|
||||
MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
|
||||
|
||||
@@ -1034,7 +1037,6 @@ enum Misc {
|
||||
HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
|
||||
HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
|
||||
HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
|
||||
HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
|
||||
|
||||
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
|
||||
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
|
||||
@@ -1192,6 +1194,12 @@ enum Misc {
|
||||
/* 150 suites for now! */
|
||||
#endif
|
||||
|
||||
/* number of items in the signature algo list */
|
||||
#ifndef WOLFSSL_MAX_SIGALGO
|
||||
#define WOLFSSL_MAX_SIGALGO 32
|
||||
#endif
|
||||
|
||||
|
||||
/* set minimum ECC key size allowed */
|
||||
#ifndef WOLFSSL_MIN_ECC_BITS
|
||||
#ifdef WOLFSSL_MAX_STRENGTH
|
||||
@@ -1527,7 +1535,7 @@ typedef struct Suites {
|
||||
word16 suiteSz; /* suite length in bytes */
|
||||
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
|
||||
byte suites[WOLFSSL_MAX_SUITE_SZ];
|
||||
byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
|
||||
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
|
||||
byte setSuites; /* user set suites from default */
|
||||
byte hashAlgo; /* selected hash algorithm */
|
||||
byte sigAlgo; /* selected sig algorithm */
|
||||
@@ -1896,24 +1904,24 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
#ifdef HAVE_SNI
|
||||
|
||||
typedef struct SNI {
|
||||
byte type; /* SNI Type */
|
||||
union { char* host_name; } data; /* SNI Data */
|
||||
struct SNI* next; /* List Behavior */
|
||||
byte type; /* SNI Type */
|
||||
union { char* host_name; } data; /* SNI Data */
|
||||
struct SNI* next; /* List Behavior */
|
||||
byte status; /* Matching result */
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
byte options; /* Behavior options */
|
||||
byte status; /* Matching result */
|
||||
#endif
|
||||
} SNI;
|
||||
|
||||
WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
|
||||
word16 size, void* heap);
|
||||
WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
|
||||
WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
|
||||
void** data);
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
|
||||
byte options);
|
||||
WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
|
||||
WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
|
||||
void** data);
|
||||
WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
|
||||
byte type, byte* sni, word32* inOutSz);
|
||||
#endif
|
||||
@@ -2150,6 +2158,16 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
|
||||
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
/* Ticket nonce - for deriving PSK.
|
||||
* Length allowed to be: 1..255. Only support 4 bytes.
|
||||
*/
|
||||
typedef struct TicketNonce {
|
||||
byte len;
|
||||
byte data[MAX_TICKET_NONCE_SZ];
|
||||
} TicketNonce;
|
||||
#endif
|
||||
|
||||
/* The PreSharedKey extension information - entry in a linked list. */
|
||||
typedef struct PreSharedKey {
|
||||
word16 identityLen; /* Length of identity */
|
||||
@@ -2670,6 +2688,9 @@ struct WOLFSSL_SESSION {
|
||||
byte namedGroup;
|
||||
word32 ticketSeen; /* Time ticket seen (ms) */
|
||||
word32 ticketAdd; /* Added by client */
|
||||
#ifndef WOLFSSL_TLS13_DRAFT_18
|
||||
TicketNonce ticketNonce; /* Nonce used to derive PSK */
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
word32 maxEarlyDataSz;
|
||||
|
||||
+9
-5
@@ -301,6 +301,7 @@ enum AlertDescription {
|
||||
protocol_version = 70,
|
||||
#endif
|
||||
no_renegotiation = 100,
|
||||
unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */
|
||||
unrecognized_name = 112, /**< RFC 6066, section 3 */
|
||||
bad_certificate_status_response = 113, /**< RFC 6066, section 8 */
|
||||
no_application_protocol = 120
|
||||
@@ -1536,6 +1537,7 @@ enum {
|
||||
WOLFSSL_TLSV1 = 1,
|
||||
WOLFSSL_TLSV1_1 = 2,
|
||||
WOLFSSL_TLSV1_2 = 3,
|
||||
WOLFSSL_TLSV1_3 = 4,
|
||||
WOLFSSL_USER_CA = 1, /* user added as trusted */
|
||||
WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */
|
||||
};
|
||||
@@ -1549,6 +1551,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
|
||||
WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
|
||||
WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
|
||||
WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
|
||||
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
|
||||
unsigned char*, int, const char*);
|
||||
@@ -1918,6 +1921,11 @@ WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
|
||||
unsigned char options);
|
||||
WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
|
||||
unsigned char type, unsigned char options);
|
||||
WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
|
||||
const unsigned char* clientHello, unsigned int helloSz,
|
||||
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
|
||||
|
||||
#endif /* NO_WOLFSSL_SERVER */
|
||||
|
||||
/* SNI status */
|
||||
enum {
|
||||
@@ -1931,12 +1939,8 @@ WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
|
||||
|
||||
WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
|
||||
unsigned char type, void** data);
|
||||
WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
|
||||
const unsigned char* clientHello, unsigned int helloSz,
|
||||
unsigned char type, unsigned char* sni, unsigned int* inOutSz);
|
||||
|
||||
#endif
|
||||
#endif
|
||||
#endif /* HAVE_SNI */
|
||||
|
||||
/* Application-Layer Protocol Negotiation */
|
||||
#ifdef HAVE_ALPN
|
||||
|
||||
@@ -248,10 +248,16 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
|
||||
#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
|
||||
#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
|
||||
|
||||
#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
|
||||
#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
|
||||
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
|
||||
#define mp_tohex(M, S) mp_toradix((M), (S), 16)
|
||||
#define MP_RADIX_BIN 2
|
||||
#define MP_RADIX_OCT 8
|
||||
#define MP_RADIX_DEC 10
|
||||
#define MP_RADIX_HEX 16
|
||||
#define MP_RADIX_MAX 64
|
||||
|
||||
#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN)
|
||||
#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT)
|
||||
#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
|
||||
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
|
||||
|
||||
#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
|
||||
|
||||
|
||||
@@ -133,6 +133,7 @@ typedef struct PKCS7 {
|
||||
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
|
||||
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
|
||||
WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
|
||||
|
||||
WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
|
||||
word32 outputSz);
|
||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
|
||||
@@ -144,11 +145,15 @@ WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
|
||||
WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||
word32 pkiMsgSz, byte* output,
|
||||
word32 outputSz);
|
||||
|
||||
#ifndef NO_PKCS7_ENCRYPTED_DATA
|
||||
WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
|
||||
byte* output, word32 outputSz);
|
||||
WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
|
||||
word32 pkiMsgSz, byte* output,
|
||||
word32 outputSz);
|
||||
#endif /* NO_PKCS7_ENCRYPTED_DATA */
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
@@ -44,16 +44,16 @@ typedef struct {
|
||||
#ifndef TI_HASH_TEST
|
||||
|
||||
#if !defined(NO_MD5)
|
||||
typedef wolfssl_TI_Hash Md5;
|
||||
typedef wolfssl_TI_Hash wc_Md5;
|
||||
#endif
|
||||
#if !defined(NO_SHA)
|
||||
typedef wolfssl_TI_Hash Sha;
|
||||
typedef wolfssl_TI_Hash wc_Sha;
|
||||
#endif
|
||||
#if !defined(NO_SHA256)
|
||||
typedef wolfssl_TI_Hash Sha256;
|
||||
typedef wolfssl_TI_Hash wc_Sha256;
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHA224)
|
||||
typedef wolfssl_TI_Hash Sha224;
|
||||
typedef wolfssl_TI_Hash wc_Sha224;
|
||||
#endif
|
||||
|
||||
#endif /* !TI_HASH_TEST */
|
||||
|
||||
@@ -27,6 +27,13 @@
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
|
||||
/* RSA default exponent */
|
||||
#ifndef WC_RSA_EXPONENT
|
||||
#define WC_RSA_EXPONENT 65537L
|
||||
#endif
|
||||
|
||||
|
||||
/* allow for user to plug in own crypto */
|
||||
#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
|
||||
#include "user_rsa.h"
|
||||
@@ -90,7 +97,6 @@ enum {
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
/* RSA */
|
||||
struct RsaKey {
|
||||
mp_int n, e, d, p, q, dP, dQ, u;
|
||||
|
||||
@@ -596,6 +596,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#define NO_WOLFSSL_DIR
|
||||
#define USE_FAST_MATH
|
||||
#define TFM_TIMING_RESISTANT
|
||||
#define ECC_TIMING_RESISTANT
|
||||
#define WC_RSA_BLINDING
|
||||
#define NO_DEV_RANDOM
|
||||
#define NO_FILESYSTEM
|
||||
#define USE_CERT_BUFFERS_2048
|
||||
@@ -603,6 +605,7 @@ extern void uITRON4_free(void *p) ;
|
||||
#define USER_TIME
|
||||
#define HAVE_ECC
|
||||
#define HAVE_ALPN
|
||||
#define USE_WOLF_STRTOK /* use with HAVE_ALPN */
|
||||
#define HAVE_TLS_EXTENSIONS
|
||||
#define HAVE_AESGCM
|
||||
#define HAVE_SUPPORTED_CURVES
|
||||
@@ -1495,6 +1498,9 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_PKCS7
|
||||
#if defined(NO_AES) && defined(NO_DES3)
|
||||
#error PKCS7 needs either AES or 3DES enabled, please enable one
|
||||
#endif
|
||||
#ifndef HAVE_AES_KEYWRAP
|
||||
#error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
|
||||
#endif
|
||||
|
||||
@@ -91,6 +91,9 @@ typedef struct wc_Sha {
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
hashUpdCache cache; /* cache for updates */
|
||||
#endif
|
||||
#if defined(STM32_HASH) && defined(WOLFSSL_STM32_CUBEMX)
|
||||
HASH_HandleTypeDef hashHandle;
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WC_ASYNC_DEV asyncDev;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
@@ -66,6 +66,14 @@
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#define SHA256_NOINLINE __declspec(noinline)
|
||||
#elif defined(__GNUC__)
|
||||
#define SHA256_NOINLINE __attribute__((noinline))
|
||||
#else
|
||||
#define SHA256_NOINLINE
|
||||
#endif
|
||||
|
||||
#ifndef NO_OLD_WC_NAMES
|
||||
#define Sha256 wc_Sha256
|
||||
#define SHA256 WC_SHA256
|
||||
@@ -96,6 +104,9 @@ typedef struct wc_Sha256 {
|
||||
word32 loLen; /* length in bytes */
|
||||
word32 hiLen; /* length in bytes */
|
||||
void* heap;
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
const byte* data;
|
||||
#endif
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
hashUpdCache cache; /* cache for updates */
|
||||
#endif
|
||||
|
||||
@@ -59,6 +59,14 @@
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#define SHA512_NOINLINE __declspec(noinline)
|
||||
#elif defined(__GNUC__)
|
||||
#define SHA512_NOINLINE __attribute__((noinline))
|
||||
#else
|
||||
#define SHA512_NOINLINE
|
||||
#endif
|
||||
|
||||
#ifndef NO_OLD_WC_NAMES
|
||||
#define Sha512 wc_Sha512
|
||||
#define SHA512 WC_SHA512
|
||||
@@ -78,12 +86,15 @@ enum {
|
||||
|
||||
/* wc_Sha512 digest */
|
||||
typedef struct wc_Sha512 {
|
||||
word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
|
||||
word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
|
||||
word32 buffLen; /* in bytes */
|
||||
word64 loLen; /* length in bytes */
|
||||
word64 hiLen; /* length in bytes */
|
||||
word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
|
||||
word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
|
||||
void* heap;
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
const byte* data;
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WC_ASYNC_DEV asyncDev;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
+19
-3
@@ -64,6 +64,10 @@
|
||||
#define MAX(x,y) ((x)>(y)?(x):(y))
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_NO_ASM
|
||||
#undef TFM_NO_ASM
|
||||
#define TFM_NO_ASM
|
||||
#endif
|
||||
|
||||
#ifndef NO_64BIT
|
||||
/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
|
||||
@@ -632,10 +636,22 @@ typedef fp_int mp_int;
|
||||
#define MP_MASK FP_MASK
|
||||
|
||||
/* Prototypes */
|
||||
#define mp_zero(a) fp_zero(a)
|
||||
#define mp_zero(a) fp_zero(a)
|
||||
#define mp_isone(a) fp_isone(a)
|
||||
#define mp_iseven(a) fp_iseven(a)
|
||||
#define mp_isneg(a) fp_isneg(a)
|
||||
#define mp_iseven(a) fp_iseven(a)
|
||||
#define mp_isneg(a) fp_isneg(a)
|
||||
|
||||
#define MP_RADIX_BIN 2
|
||||
#define MP_RADIX_OCT 8
|
||||
#define MP_RADIX_DEC 10
|
||||
#define MP_RADIX_HEX 16
|
||||
#define MP_RADIX_MAX 64
|
||||
|
||||
#define mp_tobinary(M, S) mp_toradix((M), (S), MP_RADIX_BIN)
|
||||
#define mp_tooctal(M, S) mp_toradix((M), (S), MP_RADIX_OCT)
|
||||
#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
|
||||
#define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX)
|
||||
|
||||
MP_API int mp_init (mp_int * a);
|
||||
MP_API void mp_clear (mp_int * a);
|
||||
MP_API void mp_free (mp_int * a);
|
||||
|
||||
+28
-21
@@ -51,26 +51,30 @@
|
||||
|
||||
|
||||
/* try to set SIZEOF_LONG or LONG_LONG if user didn't */
|
||||
#if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__)
|
||||
#if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
|
||||
#if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
|
||||
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) \
|
||||
|| defined(__mips64) || defined(__x86_64__) || \
|
||||
((defined(sun) || defined(__sun)) && \
|
||||
(defined(LP64) || defined(_LP64))))
|
||||
#if (defined(__alpha__) || defined(__ia64__) || \
|
||||
defined(_ARCH_PPC64) || defined(__mips64) || \
|
||||
defined(__x86_64__) || \
|
||||
((defined(sun) || defined(__sun)) && \
|
||||
(defined(LP64) || defined(_LP64))))
|
||||
/* long should be 64bit */
|
||||
#define SIZEOF_LONG 8
|
||||
#elif defined(__i386__) || defined(__CORTEX_M3__)
|
||||
/* long long should be 64bit */
|
||||
#define SIZEOF_LONG_LONG 8
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
|
||||
#define WORD64_AVAILABLE
|
||||
#define W64LIT(x) x##ui64
|
||||
typedef unsigned __int64 word64;
|
||||
#elif defined(__EMSCRIPTEN__)
|
||||
#define WORD64_AVAILABLE
|
||||
#define W64LIT(x) x##ull
|
||||
typedef unsigned long long word64;
|
||||
#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
|
||||
#define WORD64_AVAILABLE
|
||||
#define W64LIT(x) x##LL
|
||||
@@ -83,12 +87,9 @@
|
||||
#define WORD64_AVAILABLE
|
||||
#define W64LIT(x) x##LL
|
||||
typedef unsigned long long word64;
|
||||
#else
|
||||
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
|
||||
mp_digit, no 64 bit type so make mp_digit 16 bit */
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(NO_64BIT) && defined(WORD64_AVAILABLE)
|
||||
/* These platforms have 64-bit CPU registers. */
|
||||
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
|
||||
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
|
||||
@@ -109,7 +110,12 @@
|
||||
#define WOLFCRYPT_SLOW_WORD64
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#else
|
||||
#undef WORD64_AVAILABLE
|
||||
typedef word32 wolfssl_word;
|
||||
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
|
||||
mp_digit, no 64 bit type so make mp_digit 16 bit */
|
||||
#endif
|
||||
|
||||
enum {
|
||||
WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),
|
||||
@@ -309,7 +315,7 @@
|
||||
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
|
||||
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
|
||||
|
||||
#ifdef MICROCHIP_PIC32
|
||||
#if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS)
|
||||
/* XC32 does not support strncasecmp, so use case sensitive one */
|
||||
#define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
|
||||
#elif defined(USE_WINDOWS_API)
|
||||
@@ -318,7 +324,8 @@
|
||||
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
|
||||
#endif
|
||||
|
||||
/* snprintf is used in asn.c for GetTimeString and PKCS7 test */
|
||||
/* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
|
||||
debugging is turned on */
|
||||
#ifndef USE_WINDOWS_API
|
||||
#define XSNPRINTF snprintf
|
||||
#else
|
||||
@@ -327,16 +334,16 @@
|
||||
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN)
|
||||
/* use only Thread Safe version of strtok */
|
||||
#if !defined(USE_WINDOWS_API) && !defined(INTIME_RTOS)
|
||||
#define XSTRTOK strtok_r
|
||||
#elif defined(__MINGW32__) || defined(WOLFSSL_TIRTOS) || \
|
||||
#if defined(__MINGW32__) || defined(WOLFSSL_TIRTOS) || \
|
||||
defined(USE_WOLF_STRTOK)
|
||||
#ifndef USE_WOLF_STRTOK
|
||||
#define USE_WOLF_STRTOK
|
||||
#endif
|
||||
#define XSTRTOK wc_strtok
|
||||
#else
|
||||
#elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS)
|
||||
#define XSTRTOK strtok_s
|
||||
#else
|
||||
#define XSTRTOK strtok_r
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
@@ -445,9 +452,9 @@
|
||||
};
|
||||
|
||||
/* max error buffer string size */
|
||||
enum {
|
||||
WOLFSSL_MAX_ERROR_SZ = 80
|
||||
};
|
||||
#ifndef WOLFSSL_MAX_ERROR_SZ
|
||||
#define WOLFSSL_MAX_ERROR_SZ 80
|
||||
#endif
|
||||
|
||||
/* stack protection */
|
||||
enum {
|
||||
|
||||
Reference in New Issue
Block a user