wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: wolfSSL:v3.14.2
Branches Tags
wolfSSL:master wolfSSL:nightly-snapshot wolfSSL:devin/1753203298-add-pkcs7-data-oid-support wolfSSL:devin/1747238512-add-ssl-remove-session wolfSSL:pr-8603 wolfSSL:devin/invalid-gentime-crl-test wolfSSL:devin/1742841122-add-dod-pki-oids wolfSSL:rm_arc4 wolfSSL:devin/1742405136-cipherType-to-string wolfSSL:remove-arc4 wolfSSL:devin/1741708186-add-cmake-wolfclu wolfSSL:devin/1742172556-aes-xts-tests wolfSSL:devin/1741319666-remove-qt-guard-add-tests wolfSSL:devin/1740705266-update-mlkemkey-apis wolfSSL:devin/1740757542-null-cipher-evp-update wolfSSL:devin/1740759575-null-cipher-fix wolfSSL:devin-lifeguard/update-rules-d59f9c48 wolfSSL:devin/1739920896-esp32-fixes wolfSSL:devin/1739917420-rename-kyberkey-to-mlkem wolfSSL:devin/1739818351-optimize-test-suite-fix wolfSSL:devin/1739818351-optimize-test-suite wolfSSL:devin/1739784730-fix-tlsext-constants wolfSSL:devin/1739556249-pem-hash-algorithm wolfSSL:devin/1739556249-pem-hash-algorithm-fix2 wolfSSL:devin/1739556249-pem-hash-algorithm-fix wolfSSL:revert-8277-aarch64_no_crypto wolfSSL:revert-5549-fix_sha256_debug wolfSSL:cert-3389 feedc0de:nightly-snapshot feedc0de:devin/1747238512-add-ssl-remove-session feedc0de:pr-8603 feedc0de:devin/invalid-gentime-crl-test feedc0de:devin/1742841122-add-dod-pki-oids feedc0de:rm_arc4 feedc0de:devin/1742405136-cipherType-to-string feedc0de:remove-arc4 feedc0de:devin/1741708186-add-cmake-wolfclu feedc0de:devin/1742172556-aes-xts-tests feedc0de:devin/1741319666-remove-qt-guard-add-tests feedc0de:devin/1740705266-update-mlkemkey-apis feedc0de:devin/1740757542-null-cipher-evp-update feedc0de:devin/1740759575-null-cipher-fix feedc0de:devin-lifeguard/update-rules-d59f9c48 feedc0de:devin/1739920896-esp32-fixes feedc0de:devin/1739917420-rename-kyberkey-to-mlkem feedc0de:devin/1739818351-optimize-test-suite-fix feedc0de:devin/1739818351-optimize-test-suite feedc0de:devin/1739784730-fix-tlsext-constants feedc0de:devin/1739556249-pem-hash-algorithm feedc0de:devin/1739556249-pem-hash-algorithm-fix2 feedc0de:devin/1739556249-pem-hash-algorithm-fix feedc0de:revert-8277-aarch64_no_crypto feedc0de:revert-5549-fix_sha256_debug feedc0de:fixes_with_new_idf feedc0de:master feedc0de:cert-3389
wolfSSL:v5.8.2-stable wolfSSL:WCv5.2.3-RSA-SWITCH wolfSSL:wolfEntropy2 wolfSSL:WCv5.2.3-DHGENPUB-r2 wolfSSL:WCv5.2.3-DHGENPUB wolfSSL:v5.8.0-stable wolfSSL:WCv6.0.0-RC5 wolfSSL:WCv6.0.0-RC4 wolfSSL:WCv5.2.3-STM32-PAA wolfSSL:WCv6.0.0-RC3 wolfSSL:v5.7.6-stable wolfSSL:v5.2.1 wolfSSL:WCv5.2.3-ARMv8-PAA-r2 wolfSSL:WCv6.0.0-RC2 wolfSSL:WCv6.0.0-RC1 wolfSSL:v5.2.1-stable-OS_Seed-HdrOnly wolfSSL:v5.7.4-stable wolfSSL:v5.7.2-stable wolfSSL:wolfEntropy1 wolfSSL:v5.7.0-stable wolfSSL:WCv5.2.3-ARMv8-PAA wolfSSL:v5.6.6-stable wolfSSL:v5.6.4-stable wolfSSL:v5.2.1-stable wolfSSL:WCv5.2.1-PILOT wolfSSL:v5.6.3-stable wolfSSL:v5.6.2-stable wolfSSL:v5.6.0-stable wolfSSL:v5.5.4-stable wolfSSL:v5.5.3-stable wolfSSL:v5.5.2-stable wolfSSL:v5.5.1-stable wolfSSL:v5.5.0-stable wolfSSL:v5.4.0-stable wolfSSL:v5.3.0-stable wolfSSL:v5.2.0-stable wolfSSL:v5.1.1-stable wolfSSL:WCv5.0-RC12 wolfSSL:v5.1.0-stable wolfSSL:WCv5.0-RC11 wolfSSL:WCv5.0-RC10 wolfSSL:v5.0.0-stable wolfSSL:WCv5.0-RC9 wolfSSL:v4.8.1-stable wolfSSL:v4.8.0-stable wolfSSL:WCv5.0-RC8 wolfSSL:WCv5.0-RC7 wolfSSL:WCv5.0-RC6 wolfSSL:WCv5.0-RC5 wolfSSL:v4.7.1r wolfSSL:WCv5.0-RC4 wolfSSL:WCv5.0-RC3 wolfSSL:WCv5.0-RC2 wolfSSL:v4.7.0-stable wolfSSL:v4.6.0-stable wolfSSL:v4.5.0-stable wolfSSL:v4.4.0-stable wolfSSL:v4.3.0-stable wolfSSL:v4.2.0c wolfSSL:v4.2.0-stable wolfSSL:wolfRand-RC2 wolfSSL:v4.1.0-stable wolfSSL:wolfRand-RC1 wolfSSL:v4.0.0-stable wolfSSL:list wolfSSL:WCv4-rng-stable wolfSSL:v3.15.8 wolfSSL:v3.15.7-stable wolfSSL:v3.15.6 wolfSSL:v3.15.5a wolfSSL:v3.15.5-stable wolfSSL:WCv4.0-RC9 wolfSSL:WCv4.0-RC8 wolfSSL:WCv4.0-RC7 wolfSSL:v3.15.3-stable wolfSSL:l wolfSSL:WCv4-stable wolfSSL:v3.15.0-stable wolfSSL:v3.14.5 wolfSSL:WCv4.0-RC6 wolfSSL:WCv4.0-RC5 wolfSSL:WCv4.0-RC4 wolfSSL:v3.14.4 wolfSSL:WCv4.0-RC3 wolfSSL:WCv4.0-RC2 wolfSSL:WCv4.0-RC1 wolfSSL:v3.14.2 wolfSSL:v3.14.0b wolfSSL:v3.14.0a wolfSSL:v3.14.0-stable wolfSSL:v3.13.3 wolfSSL:v3.13.2 wolfSSL:v3.13.0-stable wolfSSL:v3.12.2-stable wolfSSL:v3.12.0-stable wolfSSL:v3.11.1-tls13-beta wolfSSL:v3.11.0-stable wolfSSL:v3.10.4 wolfSSL:v3.10.3 wolfSSL:v3.10.2-stable wolfSSL:v3.10.0a wolfSSL:v3.10.0-stable wolfSSL:v3.9.10b wolfSSL:v3.9.10-stable wolfSSL:v3.9.8 wolfSSL:v3.9.6w wolfSSL:v3.9.6 wolfSSL:v3.9.1 wolfSSL:v3.9.0 wolfSSL:v3.8.0 wolfSSL:v3.7.3 wolfSSL:v3.7.1 wolfSSL:v3.7.0 wolfSSL:v3.6.9d wolfSSL:v3.69.d wolfSSL:v3.6.9c wolfSSL:v3.6.9b wolfSSL:v3.6.9 wolfSSL:v3.6.8 wolfSSL:v3.6.6 wolfSSL:v3.6.2 wolfSSL:v3.6.0b wolfSSL:v3.6.0 wolfSSL:v3.4.8 wolfSSL:v3.4.6 wolfSSL:v3.4.2 wolfSSL:v3.4.0 wolfSSL:v3.3.3 wolfSSL:v3.3.2 wolfSSL:v3.3.0 wolfSSL:v3.2.6 wolfSSL:v3.2.4 wolfSSL:v3.2.0 wolfSSL:v3.1.0 wolfSSL:v3.0.2 wolfSSL:v3.0.0 wolfSSL:v2.9.4 wolfSSL:v2.9.2 wolfSSL:v2.9.1 wolfSSL:v0.5 wolfSSL:v2.9.0 wolfSSL:v2.8.6 wolfSSL:v2.8.5a wolfSSL:v2.8.5 wolfSSL:v2.8.4 wolfSSL:v2.8.3 wolfSSL:v2.8.2 wolfSSL:v2.8.0 wolfSSL:v2.7.2 wolfSSL:v2.7.0 wolfSSL:v2.6.2 wolfSSL:v2.6.0 wolfSSL:v2.5.2b wolfSSL:v2.5.2 wolfSSL:v2.5.0 wolfSSL:v2.4.7 wolfSSL:v2.4.6 wolfSSL:v2.4.2 wolfSSL:v2.4.0 wolfSSL:v2.3.0 wolfSSL:v2.2.2 wolfSSL:v2.2.1 wolfSSL:v2.1.1 wolfSSL:v2.2.0 wolfSSL:v2.1.4 wolfSSL:v2.1.2 wolfSSL:v2.0.8 wolfSSL:v2.0.6 wolfSSL:v2.0.3 wolfSSL:v2.0.2 wolfSSL:v2.0rc3 wolfSSL:v2.0rc2b wolfSSL:v2.0rc2 wolfSSL:v2.0rc1 wolfSSL:v1.9.0 wolfSSL:v1.8.8.0 feedc0de:WCv5.2.3-DHGENPUB-r2 feedc0de:WCv5.2.3-DHGENPUB feedc0de:v5.8.0-stable feedc0de:WCv6.0.0-RC5 feedc0de:WCv6.0.0-RC4 feedc0de:WCv5.2.3-STM32-PAA feedc0de:WCv6.0.0-RC3 feedc0de:v5.7.6-stable feedc0de:WCv5.2.3-ARMv8-PAA-r2 feedc0de:WCv6.0.0-RC2 feedc0de:WCv6.0.0-RC1 feedc0de:v5.2.1-stable-OS_Seed-HdrOnly feedc0de:v5.7.4-stable feedc0de:v5.7.2-stable feedc0de:wolfEntropy1 feedc0de:v5.7.0-stable feedc0de:WCv5.2.3-ARMv8-PAA feedc0de:v5.6.6-stable feedc0de:v5.6.4-stable feedc0de:v5.2.1-stable feedc0de:WCv5.2.1-PILOT feedc0de:v5.6.3-stable feedc0de:v5.6.2-stable feedc0de:v5.6.0-stable feedc0de:v5.5.4-stable feedc0de:v5.5.3-stable feedc0de:v5.5.2-stable feedc0de:v5.5.1-stable feedc0de:v5.5.0-stable feedc0de:v5.4.0-stable feedc0de:v5.3.0-stable feedc0de:v5.2.0-stable feedc0de:v5.1.1-stable feedc0de:WCv5.0-RC12 feedc0de:v5.1.0-stable feedc0de:WCv5.0-RC11 feedc0de:WCv5.0-RC10 feedc0de:v5.0.0-stable feedc0de:WCv5.0-RC9 feedc0de:v4.8.1-stable feedc0de:v4.8.0-stable feedc0de:WCv5.0-RC8 feedc0de:WCv5.0-RC7 feedc0de:WCv5.0-RC6 feedc0de:WCv5.0-RC5 feedc0de:v4.7.1r feedc0de:WCv5.0-RC4 feedc0de:WCv5.0-RC3 feedc0de:WCv5.0-RC2 feedc0de:v4.7.0-stable feedc0de:v4.6.0-stable feedc0de:v4.5.0-stable feedc0de:v4.4.0-stable feedc0de:v4.3.0-stable feedc0de:v4.2.0c feedc0de:v4.2.0-stable feedc0de:wolfRand-RC2 feedc0de:v4.1.0-stable feedc0de:wolfRand-RC1 feedc0de:v4.0.0-stable feedc0de:list feedc0de:WCv4-rng-stable feedc0de:v3.15.8 feedc0de:v3.15.7-stable feedc0de:v3.15.6 feedc0de:v3.15.5a feedc0de:v3.15.5-stable feedc0de:WCv4.0-RC9 feedc0de:WCv4.0-RC8 feedc0de:WCv4.0-RC7 feedc0de:v3.15.3-stable feedc0de:l feedc0de:WCv4-stable feedc0de:v3.15.0-stable feedc0de:v3.14.5 feedc0de:WCv4.0-RC6 feedc0de:WCv4.0-RC5 feedc0de:WCv4.0-RC4 feedc0de:v3.14.4 feedc0de:WCv4.0-RC3 feedc0de:WCv4.0-RC2 feedc0de:WCv4.0-RC1 feedc0de:v3.14.2 feedc0de:v3.14.0b feedc0de:v3.14.0a feedc0de:v3.14.0-stable feedc0de:v3.13.3 feedc0de:v3.13.2 feedc0de:v3.13.0-stable feedc0de:v3.12.2-stable feedc0de:v3.12.0-stable feedc0de:v3.11.1-tls13-beta feedc0de:v3.11.0-stable feedc0de:v3.10.4 feedc0de:v3.10.3 feedc0de:v3.10.2-stable feedc0de:v3.10.0a feedc0de:v3.10.0-stable feedc0de:v3.9.10b feedc0de:v3.9.10-stable feedc0de:v3.9.8 feedc0de:v3.9.6w feedc0de:v3.9.6 feedc0de:v3.9.1 feedc0de:v3.9.0 feedc0de:v3.8.0 feedc0de:v3.7.3 feedc0de:v3.7.1 feedc0de:v3.7.0 feedc0de:v3.6.9d feedc0de:v3.69.d feedc0de:v3.6.9c feedc0de:v3.6.9b feedc0de:v3.6.9 feedc0de:v3.6.8 feedc0de:v3.6.6 feedc0de:v3.6.2 feedc0de:v3.6.0b feedc0de:v3.6.0 feedc0de:v3.4.8 feedc0de:v3.4.6 feedc0de:v3.4.2 feedc0de:v3.4.0 feedc0de:v3.3.3 feedc0de:v3.3.2 feedc0de:v3.3.0 feedc0de:v3.2.6 feedc0de:v3.2.4 feedc0de:v3.2.0 feedc0de:v3.1.0 feedc0de:v3.0.2 feedc0de:v3.0.0 feedc0de:v2.9.4 feedc0de:v2.9.2 feedc0de:v2.9.1 feedc0de:v0.5 feedc0de:v2.9.0 feedc0de:v2.8.6 feedc0de:v2.8.5a feedc0de:v2.8.5 feedc0de:v2.8.4 feedc0de:v2.8.3 feedc0de:v2.8.2 feedc0de:v2.8.0 feedc0de:v2.7.2 feedc0de:v2.7.0 feedc0de:v2.6.2 feedc0de:v2.6.0 feedc0de:v2.5.2b feedc0de:v2.5.2 feedc0de:v2.5.0 feedc0de:v2.4.7 feedc0de:v2.4.6 feedc0de:v2.4.2 feedc0de:v2.4.0 feedc0de:v2.3.0 feedc0de:v2.2.2 feedc0de:v2.2.1 feedc0de:v2.1.1 feedc0de:v2.2.0 feedc0de:v2.1.4 feedc0de:v2.1.2 feedc0de:v2.0.8 feedc0de:v2.0.6 feedc0de:v2.0.3 feedc0de:v2.0.2 feedc0de:v2.0rc3 feedc0de:v2.0rc2b feedc0de:v2.0rc2 feedc0de:v2.0rc1 feedc0de:v1.9.0 feedc0de:v1.8.8.0
...
compare: feedc0de:WCv4-stable
Branches Tags
feedc0de:nightly-snapshot feedc0de:devin/1747238512-add-ssl-remove-session feedc0de:pr-8603 feedc0de:devin/invalid-gentime-crl-test feedc0de:devin/1742841122-add-dod-pki-oids feedc0de:rm_arc4 feedc0de:devin/1742405136-cipherType-to-string feedc0de:remove-arc4 feedc0de:devin/1741708186-add-cmake-wolfclu feedc0de:devin/1742172556-aes-xts-tests feedc0de:devin/1741319666-remove-qt-guard-add-tests feedc0de:devin/1740705266-update-mlkemkey-apis feedc0de:devin/1740757542-null-cipher-evp-update feedc0de:devin/1740759575-null-cipher-fix feedc0de:devin-lifeguard/update-rules-d59f9c48 feedc0de:devin/1739920896-esp32-fixes feedc0de:devin/1739917420-rename-kyberkey-to-mlkem feedc0de:devin/1739818351-optimize-test-suite-fix feedc0de:devin/1739818351-optimize-test-suite feedc0de:devin/1739784730-fix-tlsext-constants feedc0de:devin/1739556249-pem-hash-algorithm feedc0de:devin/1739556249-pem-hash-algorithm-fix2 feedc0de:devin/1739556249-pem-hash-algorithm-fix feedc0de:revert-8277-aarch64_no_crypto feedc0de:revert-5549-fix_sha256_debug feedc0de:fixes_with_new_idf feedc0de:master feedc0de:cert-3389 wolfSSL:master wolfSSL:nightly-snapshot wolfSSL:devin/1753203298-add-pkcs7-data-oid-support wolfSSL:devin/1747238512-add-ssl-remove-session wolfSSL:pr-8603 wolfSSL:devin/invalid-gentime-crl-test wolfSSL:devin/1742841122-add-dod-pki-oids wolfSSL:rm_arc4 wolfSSL:devin/1742405136-cipherType-to-string wolfSSL:remove-arc4 wolfSSL:devin/1741708186-add-cmake-wolfclu wolfSSL:devin/1742172556-aes-xts-tests wolfSSL:devin/1741319666-remove-qt-guard-add-tests wolfSSL:devin/1740705266-update-mlkemkey-apis wolfSSL:devin/1740757542-null-cipher-evp-update wolfSSL:devin/1740759575-null-cipher-fix wolfSSL:devin-lifeguard/update-rules-d59f9c48 wolfSSL:devin/1739920896-esp32-fixes wolfSSL:devin/1739917420-rename-kyberkey-to-mlkem wolfSSL:devin/1739818351-optimize-test-suite-fix wolfSSL:devin/1739818351-optimize-test-suite wolfSSL:devin/1739784730-fix-tlsext-constants wolfSSL:devin/1739556249-pem-hash-algorithm wolfSSL:devin/1739556249-pem-hash-algorithm-fix2 wolfSSL:devin/1739556249-pem-hash-algorithm-fix wolfSSL:revert-8277-aarch64_no_crypto wolfSSL:revert-5549-fix_sha256_debug wolfSSL:cert-3389
feedc0de:WCv5.2.3-DHGENPUB-r2 feedc0de:WCv5.2.3-DHGENPUB feedc0de:v5.8.0-stable feedc0de:WCv6.0.0-RC5 feedc0de:WCv6.0.0-RC4 feedc0de:WCv5.2.3-STM32-PAA feedc0de:WCv6.0.0-RC3 feedc0de:v5.7.6-stable feedc0de:WCv5.2.3-ARMv8-PAA-r2 feedc0de:WCv6.0.0-RC2 feedc0de:WCv6.0.0-RC1 feedc0de:v5.2.1-stable-OS_Seed-HdrOnly feedc0de:v5.7.4-stable feedc0de:v5.7.2-stable feedc0de:wolfEntropy1 feedc0de:v5.7.0-stable feedc0de:WCv5.2.3-ARMv8-PAA feedc0de:v5.6.6-stable feedc0de:v5.6.4-stable feedc0de:v5.2.1-stable feedc0de:WCv5.2.1-PILOT feedc0de:v5.6.3-stable feedc0de:v5.6.2-stable feedc0de:v5.6.0-stable feedc0de:v5.5.4-stable feedc0de:v5.5.3-stable feedc0de:v5.5.2-stable feedc0de:v5.5.1-stable feedc0de:v5.5.0-stable feedc0de:v5.4.0-stable feedc0de:v5.3.0-stable feedc0de:v5.2.0-stable feedc0de:v5.1.1-stable feedc0de:WCv5.0-RC12 feedc0de:v5.1.0-stable feedc0de:WCv5.0-RC11 feedc0de:WCv5.0-RC10 feedc0de:v5.0.0-stable feedc0de:WCv5.0-RC9 feedc0de:v4.8.1-stable feedc0de:v4.8.0-stable feedc0de:WCv5.0-RC8 feedc0de:WCv5.0-RC7 feedc0de:WCv5.0-RC6 feedc0de:WCv5.0-RC5 feedc0de:v4.7.1r feedc0de:WCv5.0-RC4 feedc0de:WCv5.0-RC3 feedc0de:WCv5.0-RC2 feedc0de:v4.7.0-stable feedc0de:v4.6.0-stable feedc0de:v4.5.0-stable feedc0de:v4.4.0-stable feedc0de:v4.3.0-stable feedc0de:v4.2.0c feedc0de:v4.2.0-stable feedc0de:wolfRand-RC2 feedc0de:v4.1.0-stable feedc0de:wolfRand-RC1 feedc0de:v4.0.0-stable feedc0de:list feedc0de:WCv4-rng-stable feedc0de:v3.15.8 feedc0de:v3.15.7-stable feedc0de:v3.15.6 feedc0de:v3.15.5a feedc0de:v3.15.5-stable feedc0de:WCv4.0-RC9 feedc0de:WCv4.0-RC8 feedc0de:WCv4.0-RC7 feedc0de:v3.15.3-stable feedc0de:l feedc0de:WCv4-stable feedc0de:v3.15.0-stable feedc0de:v3.14.5 feedc0de:WCv4.0-RC6 feedc0de:WCv4.0-RC5 feedc0de:WCv4.0-RC4 feedc0de:v3.14.4 feedc0de:WCv4.0-RC3 feedc0de:WCv4.0-RC2 feedc0de:WCv4.0-RC1 feedc0de:v3.14.2 feedc0de:v3.14.0b feedc0de:v3.14.0a feedc0de:v3.14.0-stable feedc0de:v3.13.3 feedc0de:v3.13.2 feedc0de:v3.13.0-stable feedc0de:v3.12.2-stable feedc0de:v3.12.0-stable feedc0de:v3.11.1-tls13-beta feedc0de:v3.11.0-stable feedc0de:v3.10.4 feedc0de:v3.10.3 feedc0de:v3.10.2-stable feedc0de:v3.10.0a feedc0de:v3.10.0-stable feedc0de:v3.9.10b feedc0de:v3.9.10-stable feedc0de:v3.9.8 feedc0de:v3.9.6w feedc0de:v3.9.6 feedc0de:v3.9.1 feedc0de:v3.9.0 feedc0de:v3.8.0 feedc0de:v3.7.3 feedc0de:v3.7.1 feedc0de:v3.7.0 feedc0de:v3.6.9d feedc0de:v3.69.d feedc0de:v3.6.9c feedc0de:v3.6.9b feedc0de:v3.6.9 feedc0de:v3.6.8 feedc0de:v3.6.6 feedc0de:v3.6.2 feedc0de:v3.6.0b feedc0de:v3.6.0 feedc0de:v3.4.8 feedc0de:v3.4.6 feedc0de:v3.4.2 feedc0de:v3.4.0 feedc0de:v3.3.3 feedc0de:v3.3.2 feedc0de:v3.3.0 feedc0de:v3.2.6 feedc0de:v3.2.4 feedc0de:v3.2.0 feedc0de:v3.1.0 feedc0de:v3.0.2 feedc0de:v3.0.0 feedc0de:v2.9.4 feedc0de:v2.9.2 feedc0de:v2.9.1 feedc0de:v0.5 feedc0de:v2.9.0 feedc0de:v2.8.6 feedc0de:v2.8.5a feedc0de:v2.8.5 feedc0de:v2.8.4 feedc0de:v2.8.3 feedc0de:v2.8.2 feedc0de:v2.8.0 feedc0de:v2.7.2 feedc0de:v2.7.0 feedc0de:v2.6.2 feedc0de:v2.6.0 feedc0de:v2.5.2b feedc0de:v2.5.2 feedc0de:v2.5.0 feedc0de:v2.4.7 feedc0de:v2.4.6 feedc0de:v2.4.2 feedc0de:v2.4.0 feedc0de:v2.3.0 feedc0de:v2.2.2 feedc0de:v2.2.1 feedc0de:v2.1.1 feedc0de:v2.2.0 feedc0de:v2.1.4 feedc0de:v2.1.2 feedc0de:v2.0.8 feedc0de:v2.0.6 feedc0de:v2.0.3 feedc0de:v2.0.2 feedc0de:v2.0rc3 feedc0de:v2.0rc2b feedc0de:v2.0rc2 feedc0de:v2.0rc1 feedc0de:v1.9.0 feedc0de:v1.8.8.0 wolfSSL:v5.8.2-stable wolfSSL:WCv5.2.3-RSA-SWITCH wolfSSL:wolfEntropy2 wolfSSL:WCv5.2.3-DHGENPUB-r2 wolfSSL:WCv5.2.3-DHGENPUB wolfSSL:v5.8.0-stable wolfSSL:WCv6.0.0-RC5 wolfSSL:WCv6.0.0-RC4 wolfSSL:WCv5.2.3-STM32-PAA wolfSSL:WCv6.0.0-RC3 wolfSSL:v5.7.6-stable wolfSSL:v5.2.1 wolfSSL:WCv5.2.3-ARMv8-PAA-r2 wolfSSL:WCv6.0.0-RC2 wolfSSL:WCv6.0.0-RC1 wolfSSL:v5.2.1-stable-OS_Seed-HdrOnly wolfSSL:v5.7.4-stable wolfSSL:v5.7.2-stable wolfSSL:wolfEntropy1 wolfSSL:v5.7.0-stable wolfSSL:WCv5.2.3-ARMv8-PAA wolfSSL:v5.6.6-stable wolfSSL:v5.6.4-stable wolfSSL:v5.2.1-stable wolfSSL:WCv5.2.1-PILOT wolfSSL:v5.6.3-stable wolfSSL:v5.6.2-stable wolfSSL:v5.6.0-stable wolfSSL:v5.5.4-stable wolfSSL:v5.5.3-stable wolfSSL:v5.5.2-stable wolfSSL:v5.5.1-stable wolfSSL:v5.5.0-stable wolfSSL:v5.4.0-stable wolfSSL:v5.3.0-stable wolfSSL:v5.2.0-stable wolfSSL:v5.1.1-stable wolfSSL:WCv5.0-RC12 wolfSSL:v5.1.0-stable wolfSSL:WCv5.0-RC11 wolfSSL:WCv5.0-RC10 wolfSSL:v5.0.0-stable wolfSSL:WCv5.0-RC9 wolfSSL:v4.8.1-stable wolfSSL:v4.8.0-stable wolfSSL:WCv5.0-RC8 wolfSSL:WCv5.0-RC7 wolfSSL:WCv5.0-RC6 wolfSSL:WCv5.0-RC5 wolfSSL:v4.7.1r wolfSSL:WCv5.0-RC4 wolfSSL:WCv5.0-RC3 wolfSSL:WCv5.0-RC2 wolfSSL:v4.7.0-stable wolfSSL:v4.6.0-stable wolfSSL:v4.5.0-stable wolfSSL:v4.4.0-stable wolfSSL:v4.3.0-stable wolfSSL:v4.2.0c wolfSSL:v4.2.0-stable wolfSSL:wolfRand-RC2 wolfSSL:v4.1.0-stable wolfSSL:wolfRand-RC1 wolfSSL:v4.0.0-stable wolfSSL:list wolfSSL:WCv4-rng-stable wolfSSL:v3.15.8 wolfSSL:v3.15.7-stable wolfSSL:v3.15.6 wolfSSL:v3.15.5a wolfSSL:v3.15.5-stable wolfSSL:WCv4.0-RC9 wolfSSL:WCv4.0-RC8 wolfSSL:WCv4.0-RC7 wolfSSL:v3.15.3-stable wolfSSL:l wolfSSL:WCv4-stable wolfSSL:v3.15.0-stable wolfSSL:v3.14.5 wolfSSL:WCv4.0-RC6 wolfSSL:WCv4.0-RC5 wolfSSL:WCv4.0-RC4 wolfSSL:v3.14.4 wolfSSL:WCv4.0-RC3 wolfSSL:WCv4.0-RC2 wolfSSL:WCv4.0-RC1 wolfSSL:v3.14.2 wolfSSL:v3.14.0b wolfSSL:v3.14.0a wolfSSL:v3.14.0-stable wolfSSL:v3.13.3 wolfSSL:v3.13.2 wolfSSL:v3.13.0-stable wolfSSL:v3.12.2-stable wolfSSL:v3.12.0-stable wolfSSL:v3.11.1-tls13-beta wolfSSL:v3.11.0-stable wolfSSL:v3.10.4 wolfSSL:v3.10.3 wolfSSL:v3.10.2-stable wolfSSL:v3.10.0a wolfSSL:v3.10.0-stable wolfSSL:v3.9.10b wolfSSL:v3.9.10-stable wolfSSL:v3.9.8 wolfSSL:v3.9.6w wolfSSL:v3.9.6 wolfSSL:v3.9.1 wolfSSL:v3.9.0 wolfSSL:v3.8.0 wolfSSL:v3.7.3 wolfSSL:v3.7.1 wolfSSL:v3.7.0 wolfSSL:v3.6.9d wolfSSL:v3.69.d wolfSSL:v3.6.9c wolfSSL:v3.6.9b wolfSSL:v3.6.9 wolfSSL:v3.6.8 wolfSSL:v3.6.6 wolfSSL:v3.6.2 wolfSSL:v3.6.0b wolfSSL:v3.6.0 wolfSSL:v3.4.8 wolfSSL:v3.4.6 wolfSSL:v3.4.2 wolfSSL:v3.4.0 wolfSSL:v3.3.3 wolfSSL:v3.3.2 wolfSSL:v3.3.0 wolfSSL:v3.2.6 wolfSSL:v3.2.4 wolfSSL:v3.2.0 wolfSSL:v3.1.0 wolfSSL:v3.0.2 wolfSSL:v3.0.0 wolfSSL:v2.9.4 wolfSSL:v2.9.2 wolfSSL:v2.9.1 wolfSSL:v0.5 wolfSSL:v2.9.0 wolfSSL:v2.8.6 wolfSSL:v2.8.5a wolfSSL:v2.8.5 wolfSSL:v2.8.4 wolfSSL:v2.8.3 wolfSSL:v2.8.2 wolfSSL:v2.8.0 wolfSSL:v2.7.2 wolfSSL:v2.7.0 wolfSSL:v2.6.2 wolfSSL:v2.6.0 wolfSSL:v2.5.2b wolfSSL:v2.5.2 wolfSSL:v2.5.0 wolfSSL:v2.4.7 wolfSSL:v2.4.6 wolfSSL:v2.4.2 wolfSSL:v2.4.0 wolfSSL:v2.3.0 wolfSSL:v2.2.2 wolfSSL:v2.2.1 wolfSSL:v2.1.1 wolfSSL:v2.2.0 wolfSSL:v2.1.4 wolfSSL:v2.1.2 wolfSSL:v2.0.8 wolfSSL:v2.0.6 wolfSSL:v2.0.3 wolfSSL:v2.0.2 wolfSSL:v2.0rc3 wolfSSL:v2.0rc2b wolfSSL:v2.0rc2 wolfSSL:v2.0rc1 wolfSSL:v1.9.0 wolfSSL:v1.8.8.0

284 Commits
v3.14.2 ... WCv4-stabl

Author SHA1 Message Date
John Safranek
dd0489db8c 1. Added the pair-wise consistency test to the RSA Key Gen. 
2. Modified an RSA key size test case so it didn't try to make a key that was too big.
 2018-05-17 17:41:34 -07:00
John Safranek
4dacd31ea4 Force to zero the buffer used to generate the DH private key. 2018-05-16 15:47:13 -04:00
John Safranek
6a31f103aa Test Fixes 
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
 2018-05-16 15:47:13 -04:00
John Safranek
12edf80e2b FIPS Revalidation 
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
 2018-05-16 15:47:13 -04:00
John Safranek
ceed6e08fd FIPS Revalidation 
1. Add second RNG initialization API to let caller pass in a nonce.
 2018-05-16 15:47:13 -04:00
John Safranek
20d8a4a376 FIPS Revalidation 
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
 2018-05-16 15:47:13 -04:00
John Safranek
1ff4ea1ec9 Test Fixes 
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.

This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
 2018-05-16 15:47:13 -04:00
John Safranek
6b6ed2c42f FIPS Revalidation 
1. Created a new IDE project directory for WIN10.
2. Reverted the Windows IDE project files.
 2018-05-16 15:47:13 -04:00
John Safranek
a8dbdd6c28 Test Fixes 
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
 2018-05-16 15:47:13 -04:00
John Safranek
4d0a061acb FIPS Revalidation 
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
 2018-05-16 15:47:13 -04:00
John Safranek
3be824ad68 Test Fixes 
1. Changed the _InitHmac() function in ssl.c to have a different name.
2. Added switch in ssl.c to use _InitHmac or _HMAC_Init depending on FIPS option.
 2018-05-16 15:47:13 -04:00
John Safranek
f7fa648f77 Test Fixes 
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
 2018-05-16 15:47:13 -04:00
John Safranek
1538ceef47 FIPS Revalidation 
1. Update the Windows project settings.
 2018-05-16 15:47:13 -04:00
John Safranek
dde1f87de9 Test Fixes 
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
 2018-05-16 15:47:13 -04:00
John Safranek
6d4777f3ca Test Fixes 
1. MSC doesn't allow for inline assembly. Restore the intrinsic version of AES_GCM_encrypt and AES_GCM_decrypt for MSC AES-NI builds. This is lacking AVX.
 2018-05-16 15:47:13 -04:00
John Safranek
418cca5efd Test Fixes 
1. Something changed in the wolfSSL layer with respect to setting some constants for old FIPS mode, didn't take into account new FIPS mode.
 2018-05-16 15:47:13 -04:00
John Safranek
b120a27c3e FIPS Revalidation 
1. Update the GenerateSeed() function for RDSEED on Windows to use the intrinsic function instead of inline assembly.
 2018-05-16 15:47:13 -04:00
John Safranek
4f1dd3b9a7 Test Fixes 
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
 2018-05-16 15:47:13 -04:00
John Safranek
eea4d6da50 Test Fixes 
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
 2018-05-16 15:47:12 -04:00
John Safranek
dc31dbaeaf FIPS Revalidation/Test Fixes 
1. Added APIs to perform RSA-PSS verify and padding operation in the same call.
2. Change to RsaPSS sign and verify to pick the proper salt length if the key is 1024-bits and the hash is SHA-512.
 2018-05-16 15:47:12 -04:00
John Safranek
27470aa704 FIPS Revalidation/Test Fixes 
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
 2018-05-16 15:47:12 -04:00
John Safranek
8fb3a0c078 FIPS Revalidation 
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
 2018-05-16 15:47:12 -04:00
John Safranek
6796ab5f8c FIPS Revalidation 
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
 2018-05-16 15:47:12 -04:00
John Safranek
c2f964039e FIPS Revalidation 
1. Updated the configure.ac to add in the RSA direct function to FIPS builds
 2018-05-16 15:47:12 -04:00
John Safranek
6d7599cf47 FIPS Revalidation 
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
 2018-05-16 15:47:12 -04:00
John Safranek
4ba026c0bf Test Fixes 
1. Added error code for ECDHE FIPS KAT failure.
 2018-05-16 15:47:12 -04:00
John Safranek
19da916102 Test Fixes 
1. Removed redundant forward declaration of RsaKey from hmac.h.
2. Updated gitignore with the first and last files.
3. Updated autogen with touching the first and last files.
 2018-05-16 15:47:12 -04:00
John Safranek
3685b7b176 Test Fixes 
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
 2018-05-16 15:47:12 -04:00
John Safranek
13ff245166 FIPS Revalidation 
1. AES-GCM encrypt IV length allowed to be 8-bits.
 2018-05-16 15:47:12 -04:00
John Safranek
90a5bde0f2 FIPS Revalidation 
1. Update the const data and code segment tags for the Windown builds.
 2018-05-16 15:47:12 -04:00
John Safranek
4b3933aa1b FIPS Revalidation 
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
 2018-05-16 15:47:12 -04:00
John Safranek
33040a25d8 FIPS Revalidation 
1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
 2018-05-16 15:47:12 -04:00
John Safranek
d0d2527950 FIPS Revalidation 
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
 2018-05-16 15:47:12 -04:00
John Safranek
4bcd7b7986 AES-GCM 
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
 2018-05-16 15:47:12 -04:00
John Safranek
eb1a76bf2a FIPS Revalidation 
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
 2018-05-16 15:47:12 -04:00
John Safranek
aa968eac98 FIPS Revalidation 
1. Enable SHA-224 by default if building for FIPSv2.
 2018-05-16 15:47:12 -04:00
John Safranek
fe8d46da95 FIPS Revalidation 
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
 2018-05-16 15:47:12 -04:00
John Safranek
be61204fd7 FIPS Revalidation 
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
 2018-05-16 15:47:12 -04:00
John Safranek
f6fe3744a7 FIPS Update 
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
 2018-05-16 15:47:12 -04:00
John Safranek
df4d748f59 FIPS Update 
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
 2018-05-16 15:47:12 -04:00
John Safranek
6352208e04 FIPS Update 
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
 2018-05-16 15:47:12 -04:00
John Safranek
0c5d704c7f AES-CCM FIPS 
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
 2018-05-16 15:47:12 -04:00
toddouska
8ff328cb39 Merge pull request #1551 from dgarske/asynccheck 
Added new `async-check.sh` script
 2018-05-16 08:02:11 -07:00
toddouska
b5e0499022 Merge pull request #1550 from dgarske/rsaverify 
Check returned size matches signature size for RSA verify in openssl compatibility
 2018-05-16 08:00:31 -07:00
toddouska
bbc178a704 Merge pull request #1548 from JacobBarthelmeh/Testing 
fix ecc public key print with X509 print function
 2018-05-16 07:59:19 -07:00
toddouska
8619062ae7 Merge pull request #1522 from dgarske/mbedtls_compat 
Port for using AWS FreeRTOS
 2018-05-16 07:57:55 -07:00
toddouska
1be8a6e4ef Merge pull request #1502 from ejohnstown/update-m4 
Update M4 Autoconf Files
 2018-05-16 07:57:13 -07:00
John Safranek
9c33244158 Update ax_pthread.m4 
The AX_PTHREAD macro has a check for side-effects of the pthread flag beyond the functions being available. It also checks for a particular macro being set when compiling the test file. When running the build through the scan-build static analysis, for some reason, the check value isn't set. The build fails. I commented the check out for now.
 2018-05-11 17:39:51 -07:00
John Safranek
2a4d386a50 Update ax_pthread.m4 
1. Updated to the most recent copy of ax_pthread.m4.
2. Removed the darwin-clang check m4.
3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib.
 2018-05-11 10:21:47 -07:00
David Garske
83257d662a Also check returned size matches for RSA verfiy in openssl compatability layer. 2018-05-11 17:09:07 +02:00
David Garske
af9507391a Fixes and improvements for FreeRTOS AWS. Fixes for building openssl compatibility with FreeRTOS. Fixes for TLS 1.3 possibly uninitialized vars. 2018-05-11 16:40:32 +02:00
David Garske
cb2f1d6d7d Added new async-check.sh script for setting up the async simulator for internal testing. 2018-05-11 16:38:24 +02:00
toddouska
7a4da340d4 Merge pull request #1547 from JacobBarthelmeh/Docs 
add aes init function to docs
 2018-05-09 16:40:36 -07:00
Jacob Barthelmeh
110c41613f cast on return of malloc 2018-05-09 14:50:26 -06:00
Chris Conlon
c910d84507 Merge pull request #1527 from kojo1/RenesasCSPlus 
Renesas CS+ projects
 2018-05-09 10:07:16 -06:00
Takashi Kojo
66e59e4a6a Rollback #if condition 2018-05-09 10:58:10 +09:00
Jacob Barthelmeh
4f0893bda5 fix ecc public key print with X509 print function 2018-05-07 14:16:27 -06:00
Jacob Barthelmeh
fd691a5795 add aes init function to docs 2018-05-07 10:24:44 -06:00
toddouska
08165d5a16 Merge pull request #1540 from SparkiDev/tls13_ticket_fix 
NewSessionTicket parsing error fix
 2018-05-04 10:54:23 -07:00
toddouska
0fec651338 Merge pull request #1539 from cconlon/toradix 
expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined
 2018-05-04 10:49:21 -07:00
toddouska
6e5258b56e Merge pull request #1538 from dgarske/fixmatchdomainnull 
Fix for handling match on domain name that may have a null terminator inside
 2018-05-04 10:25:28 -07:00
Takashi Kojo
ecd2e75564 #ifndef FREESCALE_LTC_ECC with fe_init 2018-05-04 07:34:47 +09:00
Sean Parkinson
69ce10f292 NewSessionTicket parsing error fix 2018-05-04 08:18:54 +10:00
David Garske
3fd47bdff3 Fix for example client/server with -H exitWithRet option to make sure all cleanup is performed. Resolves valgrind report due to TicketCleanup() not being called. 2018-05-03 13:39:37 -07:00
Chris Conlon
bb7bcfd877 expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined 2018-05-03 13:41:23 -06:00
toddouska
a2fa61cd3d Merge pull request #1534 from SparkiDev/tls13_static_rsa 
Fix TLS 1.3, change Client Hello version to work with static RSA (TLS 1.0 - TLS 1.2)
 2018-05-03 12:38:55 -07:00
toddouska
1c09c06349 Merge pull request #1533 from SparkiDev/tls13_draft26 
Allow building TLS 1.3 at draft 26
 2018-05-03 12:37:39 -07:00
toddouska
74618d0e3c Merge pull request #1532 from SparkiDev/test_fix 
Fixes for tests
 2018-05-03 11:44:01 -07:00
toddouska
73d85774df Merge pull request #1525 from dgarske/sockclose 
Cleanup of the socket close code
 2018-05-03 11:42:30 -07:00
David Garske
325402cf5a Minor fix for the expected failure case use of ssl after free. Renamed skipExit to exitWithRet. 2018-05-03 10:02:59 -07:00
David Garske
89a4c98670 * Added support for expected fail test cases with example client/server and suites unit test. 
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
 2018-05-03 09:40:51 -07:00
David Garske
d43aa37041 Fix for handling match on domain name that may have a null terminator inside. The check should match on len from ASN.1 reguardless of a null character. 2018-05-03 09:33:05 -07:00
Sean Parkinson
996ee78d50 Fix Client Hello version to work with static RSA 2018-05-02 10:20:55 +10:00
Chris Conlon
d60b16c5b8 Merge pull request #1531 from kaleb-himes/FIPS-CHECK-SCRIPT 
revert to default but exclude for sgx/netos
 2018-05-01 15:14:00 -06:00
Sean Parkinson
27c3a70e13 Allow building TLS 1.3 at draft 26 2018-05-01 15:19:18 +10:00
Sean Parkinson
5845482fc0 Fixes for tests 
Fix the benchmark client to set all groups supported.
Fix TLS 1.3 test script to work on PPC - check counter in separate test.
 2018-05-01 14:27:38 +10:00
kaleb-himes
c5a39b9048 rever to default but exclude for sgx/netos projects 2018-04-30 15:17:58 -06:00
toddouska
65eb79e5cd Merge pull request #1519 from dgarske/buildfixes 
Build fixes for a few configurations
 2018-04-30 11:49:16 -07:00
toddouska
d53716496a Merge pull request #1521 from dgarske/tlsx_returncodes 
Refactor of the TLSX code to support returning error codes
 2018-04-30 11:46:41 -07:00
toddouska
3ad708fb20 Merge pull request #1514 from dgarske/certdates 
Enhancements and cleanup to ASN date/time
 2018-04-30 11:14:38 -07:00
toddouska
8311628f93 Merge pull request #1508 from kaleb-himes/FIPS-CHECK-SCRIPT 
Fips check script
 2018-04-30 10:50:03 -07:00
Takashi Kojo
4c5982949e minor fix 2018-04-28 13:25:41 +09:00
toddouska
7de23d65ce Merge pull request #1517 from dgarske/sighash 
Added new signature wrapper functions to allow use of hash directly
 2018-04-27 16:07:56 -07:00
Takashi Kojo
6e96318785 Readme.txt 2018-04-28 06:36:56 +09:00
toddouska
8ef777315a Merge pull request #1516 from dgarske/gccarm 
GCC-ARM IDE example improvements
 2018-04-27 14:13:45 -07:00
Takashi Kojo
e69af98a7e fix warnings 2018-04-28 06:06:45 +09:00
Takashi Kojo
3e9028387f test project 2018-04-28 05:46:42 +09:00
Takashi Kojo
c5df9d56ad wolfssl_lib project 2018-04-28 05:39:42 +09:00
Takashi Kojo
ac791610dd USE_WOLF_TIMEVAL_T 2018-04-28 05:28:49 +09:00
Takashi Kojo
22a2b45108 duplicated fe_init for non-configure based IDE 2018-04-28 05:07:00 +09:00
Takashi Kojo
a91ac55e24 define valiable before exec statements 2018-04-28 05:05:45 +09:00
Takashi Kojo
2cc2f224f8 XTIME in LowResTimer 2018-04-28 05:03:51 +09:00
David Garske
e9dd44a667 Merge pull request #1524 from abrahamsonn/master 
Doxygen landing page update
 2018-04-27 11:44:00 -07:00
David Garske
3200040d1a Cleanup of the socket close code used for examples, CRL/OCSP and BIO. Now only a single macro is responsible for closing a socket CloseSocket and all duplicate code is eliminated. 2018-04-27 10:29:19 -07:00
abrahamsonn
9424a96289 Doxygen landing page update 2018-04-27 10:56:13 -06:00
connerWolfSSL
e45f0efc3f Documentation Fixes (#1520) 
* Fixed documentation errors found by check_api script
* Formatting changes so that comments/API pairs are more obvious
 2018-04-27 09:50:34 -07:00
David Garske
5c97374156 Fix for RSA RSS check to make sure RSA is enabled. Added TLS 1.3 DH check for key sizes. 2018-04-26 14:04:54 -07:00
David Garske
ef7b40dcab Refactor of the TLSX code to support returning error codes. 
* The `SANITY_MSG_E` responses in `TLSX_SupportedVersions_GetSize`, `TLSX_SupportedVersions_Write`, `TLSX_Cookie_GetSize` and `TLSX_Cookie_Write` would incorrectly be handled.
* Added build-time checks in `tls13.c` for dependencies on `HAVE_HKDF` and `WC_RSA_PSS`.
 2018-04-26 11:30:57 -07:00
David Garske
fe4cbb2a03 Fix for Jenkins report Expected Configurations Test - NIGHTLY BUILD #267, building ./configure --disable-asn --disable-ecc --disable-rsa --enable-psk --enable-sni. Reported unused variables, parameters and function. 2018-04-26 05:47:48 -07:00
David Garske
04626c6a1f Fixes build issue using wrong DES define for WC_MAX_SYM_KEY_SIZE macro. Reproduced using ./configure --enable-leanpsk --enable-des3. Fixes issue #1518. 2018-04-26 05:35:04 -07:00
David Garske
fc02003f76 Added new signature wrapper functions to allow direct use of hash wc_SignatureVerifyHash and wc_SignatureGenerateHash. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC. 2018-04-25 13:10:53 -07:00
toddouska
c1d4f659ad Merge pull request #1511 from ejohnstown/dist-tweak 
Make Dist Automation Tweak
 2018-04-25 10:56:40 -07:00
toddouska
107290b552 Merge pull request #1515 from dgarske/buildfixes 
Fixes for various build configurations
 2018-04-25 10:23:27 -07:00
toddouska
5c61810d4d Merge pull request #1497 from SparkiDev/tls13_draft28 
Tls13 draft28
 2018-04-25 10:17:37 -07:00
David Garske
a9f32c30da Fix for SGX build after C99 changes strings.h: No such file or directory. 2018-04-25 07:56:54 -07:00
David Garske
3c684886ad Fixes to resolve building --enable-tls13 --disable-ecc --enable-curve25519 --enable-ed25519. 2018-04-25 07:54:53 -07:00
David Garske
089e1b6b9b Fix for expected Configurations Test - NIGHTLY BUILD #265 and ifdef cleanup. 2018-04-25 07:54:53 -07:00
David Garske
2e6c195b43 GCC-ARM IDE improvements: 
* Added documentation for `ECC_USER_CURVES`.
* Added option for RSA PSS padding support.
 2018-04-24 15:26:53 -07:00
David Garske
65c9277213 More fixes from Jenkins testing. 2018-04-24 14:01:33 -07:00
toddouska
ff1559275d Merge pull request #1512 from dgarske/c99 
Fixes to resolve issues with c99 compliance
 2018-04-24 13:36:41 -07:00
toddouska
1ddccf63dc Merge pull request #1496 from JacobBarthelmeh/Compatibility-Layer 
Compatibility layer
 2018-04-24 13:33:33 -07:00
David Garske
e63afa08bd Fix a couple of minor Jenkins issues. 2018-04-24 13:25:28 -07:00
David Garske
56025f38b9 Enhancements and cleanup to ASN date/time: 
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
 2018-04-24 13:04:36 -07:00
David Garske
b48a9ded15 Fix to allow user to force build using WOLF_C99 option. 2018-04-23 13:52:58 -07:00
David Garske
289a282183 Fixes to resolve issues with c99 compliance (building with ./configure CFLAGS="-std=c99"). 
* Fix for ReadDir checking for file flag to use `S_ISREG(ctx->s.st_mode)` syntax.
* Added macro for strsep `XSTRSEP`. Added wolf implementation as `wc_strsep` enabled as C99 or `USE_WOLF_STRSEP`.
* Fix to use `gethostbyname` for c99 instead of `getaddrinfo`.
* For c99 use wolf strtok `wc_strtok`.
* Exposed API's for `wc_strtok` and `wc_strsep` when available.
* Include `sys/time.h` when available from autocon `HAVE_SYS_TIME_H` or c99.
* include `<strings.h>` when `HAVE_STRINGS_H` or c99.
 2018-04-23 13:47:22 -07:00
Eric Blankenhorn
568d24c63c Coverity fixes (#1509) 
* Coverity fixes 3
 2018-04-23 09:20:28 -07:00
John Safranek
9831a8ac94 Added a dist-hook target to the Makefile to copy the default options.h.in over options.h. 2018-04-20 11:07:57 -07:00
thivyaashok
7d425a5ce6 Added support for an anonymous cipher suite (#1267) 
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
 2018-04-20 10:35:37 -07:00
thivyaashok
853756a73c Added a TLS alert message 115 (#1391) 
Added a new TLS alert message `unknown_psk_identity` (115) from RFC 4279,  section 2.
 2018-04-20 10:23:57 -07:00
Sean Parkinson
94157634e1 TLS 1.3 fixes/improvements 
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
 2018-04-20 09:44:02 +10:00
kaleb-himes
3476a9b55a versions for Baxter updated, new tag in fips v3.12.6 2018-04-19 15:24:22 -06:00
David Garske
9e4bb3fee1 Merge pull request #1504 from SparkiDev/nginx-pemenc 
Key derivation for encrypted PEM uses salt length of 8 in OpenSSL
 2018-04-19 11:23:39 -07:00
David Garske
f7cb5c5c15 Merge pull request #1507 from kaleb-himes/README-update 
Bring special notes inline with commit 8edbca1b21b6fcd6d09910c66bbf35…
 2018-04-19 11:17:25 -07:00
JacobBarthelmeh
b7c61a72c8 Merge pull request #1503 from kojo1/Ticket3793 
HMAC with SHA2
 2018-04-19 09:38:55 -06:00
kaleb-himes
23615dd15f Bring special notes inline with commit 8edbca1b21 2018-04-18 09:58:03 -06:00
Takashi Kojo
bf950198f2 api.c: option conditions 2018-04-18 13:02:40 +09:00
Sean Parkinson
6689ee965a Key derivation for encrypted PEM uses salt length of 8 in OpenSSL 2018-04-18 12:37:06 +10:00
Takashi Kojo
7c7913264b remove printf 2018-04-18 09:25:24 +09:00
Takashi Kojo
56af3a5b36 add HMAC SHA2 2018-04-18 08:47:39 +09:00
Jacob Barthelmeh
57d40bc6d1 remove internal data types in ssl.h 2018-04-17 15:57:23 -06:00
John Safranek
11065f9222 added the missing macro file ax_require_defined.m4. 2018-04-17 13:23:17 -07:00
brian@tangent.org
48b3aa90d3 Update autoconf m4 files, except pthreads which should be its own commit 2018-04-17 13:20:33 -07:00
John Safranek
a116b5ba83 Merge pull request #1500 from BrianAker/patch-1 
Adding Copyright notice to autoconf files.
 2018-04-17 11:15:36 -07:00
toddouska
09706a4ed2 Merge pull request #1488 from SparkiDev/tls13_perf 
Changes for interop and performance
 2018-04-16 09:16:13 -07:00
Brian Aker
3179d6ce2b Adding Copyright notice to autoconf files. 2018-04-14 22:30:02 -10:00
toddouska
942c720dc4 Merge pull request #1499 from ejohnstown/aes-asm 
AES assembly file name change
 2018-04-13 11:23:03 -07:00
Jacob Barthelmeh
f9eda5d790 free test certificate after use 2018-04-13 09:16:22 -06:00
Eric Blankenhorn
a0d8327320 Coverity fixes 2 (#1493) 
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
 2018-04-13 05:35:18 -07:00
Sean Parkinson
9600266483 WOLFSSL_FUNC_TIME changes 
Warning in code about using this define.
Remove usage of WOLFSSL_FUNC_TIME from server.c.
 2018-04-13 12:13:31 +10:00
Sean Parkinson
0b47811c46 Changes for interop and performance 
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
 2018-04-13 12:01:20 +10:00
John Safranek
425cee64a7 AES assembly file name change 
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
 2018-04-12 16:47:58 -07:00
toddouska
84f7bd8cde Merge pull request #1494 from dgarske/wpas 
Fix for building wpa_supplicant
 2018-04-12 13:49:31 -07:00
toddouska
eacd98fe4e Merge pull request #1491 from dgarske/config 
Configure improvements and new options
 2018-04-12 13:48:20 -07:00
toddouska
8f1e8be2d0 Merge pull request #1490 from dgarske/hashoid_cleanup 
Hash OID cleanup
 2018-04-12 13:46:47 -07:00
Jacob Barthelmeh
cfaed48f90 adjust GetInt call with ASN1 integer to big number 2018-04-12 14:40:20 -06:00
Jacob Barthelmeh
df06707496 Handle larger values with ASN1 INTEGER structure 2018-04-12 14:07:29 -06:00
David Garske
cf1230d232 Fix for building wpa_supplicant (./configure --enable-wpas) after PemToDer refactor in PR #1467. 2018-04-12 06:53:44 -07:00
David Garske
1f7b954d47 Fix for wc_GetCTC_HashOID in FIPS mode. Uses the new wc_HashTypeConvert to handle conversion from unique WC_ALGO (int) to WC_HASH_TYPE_ALGO (enum wc_HashType). 2018-04-12 06:51:23 -07:00
David Garske
ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske
689203d310 Added some more features to the --enable-all. Added new --enable-webclient option. 2018-04-11 13:54:07 -07:00
David Garske
ee5d78f84f Added new wc_OidGetHash API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated wc_GetCTC_HashOID to use wc_HashGetOID and maintain back compat. 2018-04-11 13:53:30 -07:00
toddouska
d85580691b Merge pull request #1492 from dgarske/fix_noasn_pwdbased 
Fixes for ASN disabled and PWDBASED enabled / Win FIPS
 2018-04-11 12:09:30 -07:00
David Garske
83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske
3f3e332a3a Fix for evp.c statement will never be executed in wolfSSL_EVP_CIPHER_CTX_block_size. 2018-04-11 08:18:39 -07:00
David Garske
38aa56cc40 Fix for Windows FIPS build in current master. Resolves issue with missing DES/AES key size enums. 2018-04-10 20:07:14 -07:00
David Garske
565f394972 Fix for building without ASN and PWDBASED enabled (./configure --disable-asn --enable-pwdbased). 2018-04-10 16:36:11 -07:00
toddouska
e25da80766 Merge pull request #1467 from dgarske/asnpemtoder 
PEM Encrypted Keys cleanup and PemToDer move to wolfCrypt asn.c
 2018-04-09 16:33:30 -07:00
David Garske
a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske
5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys). 2018-04-09 13:28:15 -07:00
David Garske
d68a6fb4c7 Make sure wc_encrypt.h includes the ciphers. 2018-04-09 13:28:15 -07:00
David Garske
98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske
2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske
9be11bf62c Fix to correct missing wolfSSL_EVP_BytesToKey header int he NO_MD5 case. 2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske
e60032b961 Fix for duplicate API defs. 2018-04-09 13:28:15 -07:00
David Garske
b01535b483 Fix for stray character. 2018-04-09 13:28:15 -07:00
David Garske
8a31f13cb6 Remove obsolete WOLFSSL_PEMPUBKEY_TODER_DEFINED header logic. 2018-04-09 13:28:15 -07:00
David Garske
6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00
David Garske
c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00
David Garske
264496567a Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option. 2018-04-09 13:28:15 -07:00
David Garske
f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
toddouska
2ded38ec2b Merge pull request #1485 from dgarske/tlskeygeneccorcurve 
Fix TLS 1.3 with ED25519/CURVE25519 enabled and ECC disabled
 2018-04-09 12:12:31 -07:00
David Garske
21833e245f Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using ./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13. Refactor TLSX_KeyShare_GenEccKey to support either ECC or CURVE25519. Fix for PemToDer to handle ED25519 without ECC enabled. 2018-04-09 10:10:08 -07:00
David Garske
2a460d3d05 Merge pull request #1484 from embhorn/coverity 
Coverity fixes
 2018-04-06 18:18:38 -07:00
Eric Blankenhorn
36b9b0b558 Updates from code review 2018-04-06 17:29:27 -05:00
Eric Blankenhorn
86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00
Eric Blankenhorn
d2c1a1906d Fixes for CID 184980 185017 185047 185167 2018-04-06 11:10:37 -05:00
toddouska
6090fb9020 Merge pull request #1483 from dgarske/winvs 
Fixes for unused `heap` warnings
 2018-04-06 09:01:49 -07:00
toddouska
e56209cee4 Merge pull request #1482 from dgarske/nourand 
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
 2018-04-06 09:00:37 -07:00
Eric Blankenhorn
920e6ed911 Fix warning in ssl.c 2018-04-06 09:30:54 -05:00
Eric Blankenhorn
c6ad885459 Coverity fixes for tls.c/n CID 184996 185112 185122 2018-04-06 09:08:00 -05:00
Eric Blankenhorn
ec429e50b1 Fixes for ssl.c 2018-04-06 07:45:12 -05:00
David Garske
426335b68f Found additional VS unused heap warnings. Replace tabs with 4-spaces. 2018-04-05 12:28:32 -07:00
toddouska
2b48a074eb Merge pull request #1480 from dgarske/extcache 
Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA
 2018-04-05 10:52:44 -07:00
David Garske
bab62cc435 Added new define NO_DEV_URANDOM to disable the use of /dev/urandom. Added better named define WC_RNG_BLOCKING to indicate block w/sleep(0) is okay. 2018-04-05 09:34:43 -07:00
David Garske
ede006b3e1 Merge pull request #1479 from JacobBarthelmeh/HardwareAcc 
Fix PIC32 AES-CBC and add test case
 2018-04-05 09:15:08 -07:00
Eric Blankenhorn
5439402c1d Refactor for max record size (#1475) 
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
 2018-04-05 09:11:58 -07:00
David Garske
412d4d76ee Fix for HAVE_EXT_CACHE callbacks not being available without OPENSSL_EXTRA defined. Added tests for external cache callbacks. 2018-04-05 07:10:04 -07:00
toddouska
a1d6bc68de Merge pull request #1478 from dgarske/fixeccmaxsize 
Fix for ECC max bits
 2018-04-04 16:27:15 -07:00
Jacob Barthelmeh
815219b589 fix pic32 AES-CBC and add test case 2018-04-04 16:09:11 -06:00
David Garske
bc76f57959 Fix for ECC max bits ( MAX_ECC_BITS). 2018-04-04 13:39:14 -07:00
David Garske
a78c6ba4ea Fix for unused heap warnings. 2018-04-04 12:51:45 -07:00
toddouska
aa660bc9b8 Merge pull request #1477 from dgarske/fix_strtok 
Fix for issue with `wc_strtok` function declaration
 2018-04-04 12:35:38 -07:00
David Garske
2189827287 Fix for issue with wc_strtok function declaration not being available because of include order. Fixes issue #1469. 2018-04-04 10:41:14 -07:00
toddouska
0da4a8f1fe Merge pull request #1476 from dgarske/fix_haveextcache 
Fix building with `HAVE_EXT_CACHE` when `OPENSSL_EXTRA` is not defined
 2018-04-04 10:34:07 -07:00
toddouska
2deb977ecf Merge pull request #1473 from dgarske/pkcs7_norsa 
Enabled PKCS7 support without RSA
 2018-04-04 10:33:11 -07:00
toddouska
960d2ec031 Merge pull request #1471 from JacobBarthelmeh/Fuzzer 
sanity check on buffer read
 2018-04-04 10:31:55 -07:00
toddouska
1196a3b64d Merge pull request #1455 from dgarske/nitroxv 
Nitrox V fixes and additions
 2018-04-04 10:27:53 -07:00
David Garske
5702e8ee48 Fix building with HAVE_EXT_CACHE when OPENSSL_EXTRA is not defined. Fixes issue #1474. 2018-04-04 09:02:52 -07:00
David Garske
c288d0815d Added support for building and using PKCS7 without RSA (assuming ECC is enabled). 2018-04-03 09:26:57 -07:00
David Garske
0c898f513d Nitrox V fixes and additions: 
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
 2018-04-03 09:14:20 -07:00
Eric Blankenhorn
adb817e8d2 Feature update for tls_bench test that will allow passing in arguments (#1466) 
* Feature update for tls_bench test that will allow passing in command line arguments that enable test features.
* Fix type conversion errors.
* Fixed use of uninitialized data. Declare DH arrays as const.
 2018-04-02 14:00:34 -07:00
Jacob Barthelmeh
6a1013888f sanity check on buffer read 2018-04-02 14:30:58 -06:00
JacobBarthelmeh
b33feb9dbf Merge pull request #1470 from kojo1/EVP 
EVP_CipherUpdate return value for inlen == 0
 2018-04-02 14:03:48 -06:00
Takashi Kojo
c60d9ff983 if(ret != 1) error 2018-04-01 13:27:08 +09:00
Takashi Kojo
1c0b84d47d openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1; 2018-04-01 12:13:18 +09:00
kaleb-himes
effaa18b32 Fixing some kinks 2018-03-30 12:46:59 -06:00
Chris Conlon
87c1658ab8 Merge pull request #1464 from jrblixt/unitTest_api_addPkcs7-nightlyBuildFix2 
Nightly build fix for PKCS#7 errors.
 2018-03-29 15:26:11 -06:00
toddouska
86a5330b31 Merge pull request #1462 from ejohnstown/cxxflags 
Configure Update
 2018-03-28 16:41:15 -07:00
John Safranek
e59bb43878 Configure Update 
Revise default compiler optimization flags enable name to something more descriptive.
 2018-03-28 13:19:46 -07:00
toddouska
3a8a7b8a55 Merge pull request #1458 from dgarske/cleanupthreaded 
wolfCrypt ECC FP cleanup for thread local storage cases
 2018-03-28 12:25:20 -07:00
John Safranek
e6a19bb1e8 Configure Update 
Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
 2018-03-27 16:41:39 -07:00
jrblixt
1cd6075b9d Nightly build fix. 2018-03-27 16:54:14 -06:00
David Garske
c9d840ed8d Fix for the HAVE_THEAD_LS case with FP_ECC where starting a new thead and doing ECC operations and not calling wc_ecc_fp_free. Added missing wolfCrypt_Init to API docs. 2018-03-27 14:29:39 -07:00
toddouska
f62d372bbe Merge pull request #1461 from cconlon/netbsd-update 
update NetBSD fips-check version to include selftest ECDSA fix
 2018-03-27 13:28:49 -07:00
toddouska
9de2bdce24 Merge pull request #1460 from dgarske/winecc 
Enable ECC, AES-GCM and SHA-512/384 by default in VS
 2018-03-27 13:28:23 -07:00
toddouska
504b13530e Merge pull request #1459 from cconlon/selftest_fixes 
Fix for wolfCrypt test and CAVP selftest build
 2018-03-27 13:27:28 -07:00
John Safranek
477d2413cd Configure Update 
1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS.
2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
 2018-03-27 10:23:44 -07:00
toddouska
9f231e0020 Merge pull request #1453 from dgarske/ecc508a_linux 
Support for building with `WOLFSSL_ATECC508A` on other targets
 2018-03-27 09:57:39 -07:00
David Garske
42e6ea8685 Added ECC_TIMING_RESISTANT to eliminate harden warnings. 2018-03-26 15:54:29 -07:00
David Garske
8fbc765dba Enable ECC, AES-GCM and SHA-512/384 by default in Windows Visual Studio projects. 2018-03-26 15:09:51 -07:00
Chris Conlon
9edaac8e1c update NetBSD fips-check version to include selftest ECDSA fix 2018-03-26 14:37:39 -06:00
Chris Conlon
021560035b fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS 2018-03-26 09:43:37 -06:00
Chris Conlon
d2aa7d0a37 exclude ecc_import_unsigned test when building for CAVP selftest 2018-03-23 16:31:17 -06:00
Chris Conlon
c08f5b86cf Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018 
Unit test functions for PKCS#7.
 2018-03-23 10:00:33 -06:00
toddouska
aee6f4d0ca Merge pull request #1457 from dgarske/base16 
Base16/64 improvements
 2018-03-22 15:14:57 -07:00
jrblixt
316a2b9fb4 Review changes: Chris. 2018-03-22 15:35:25 -06:00
toddouska
a92696edec Merge pull request #1454 from dgarske/noprivkey 
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
 2018-03-22 12:47:22 -07:00
toddouska
040e0ab752 Merge pull request #1456 from dgarske/iocbname 
Refactor IO callback function names to use `_CTX_`
 2018-03-22 12:40:48 -07:00
toddouska
43f4faa7be Merge pull request #1452 from cconlon/mcapifix 
fix unused param warning with NO_ERROR_STRINGS
 2018-03-22 12:39:19 -07:00
David Garske
3bf325290d Base16/64 improvements: 
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
 2018-03-22 10:36:56 -07:00
David Garske
0cff2f8b10 Replace use of PUB_KEY_SIZE (from CryptoAuthLib) with new ECC_MAX_CRYPTO_HW_PUBKEY_SIZE. 2018-03-22 09:45:27 -07:00
David Garske
8c4bfd825a Support for building the ATECC508A without WOLFSSL_ATMEL defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with WOLFSSL_ATECC508A defined on other targets such as Linux. 2018-03-22 09:39:21 -07:00
Chris Conlon
2989c73411 Merge pull request #1447 from JacobBarthelmeh/PKCS7 
remove pkcs7 requirement of x963kdf when ecc is disabled
 2018-03-22 10:01:55 -06:00
David Garske
e564c973b6 Refactor IO callback function names to use _CTX_ to eliminate confusion about the first parameter. 2018-03-21 16:08:55 -07:00
David Garske
4b51431546 Fix for possible unused ctx in wolfSSL_CTX_IsPrivatePkSet when no ECC, RSA or ED25519. 2018-03-21 15:46:08 -07:00
toddouska
104f7a0170 Merge pull request #1451 from JacobBarthelmeh/Optimizations 
Adjust X509 small build and add more macro guards
 2018-03-21 15:15:27 -07:00
toddouska
f3d0879ed7 Merge pull request #1449 from dgarske/asn_nullterm 
ASN improvements for building header/footer in `wc_DerToPemEx`
 2018-03-21 15:13:46 -07:00
toddouska
2a356228be Merge pull request #1445 from SparkiDev/wpas_fix 
Fixes for wpa_supplicant
 2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6 * Added support for not loading a private key for server or client when HAVE_PK_CALLBACK is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. 
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
 2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
26bb86690a fix for unused parameter warning 2018-03-21 10:06:06 -06:00
Chris Conlon
14bb14c6ab fix unused param warning with NO_ERROR_STRINGS 2018-03-21 09:56:08 -06:00
Jacob Barthelmeh
90f97f4a5a fix for unused variable 2018-03-21 09:16:43 -06:00
Jacob Barthelmeh
0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
d9917049c4 use bit fields with WOLFSSL_CTX structure 2018-03-20 22:07:42 -06:00
Jacob Barthelmeh
087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Sean Parkinson
c9c2e1a8a7 Don't base signature algorithm support on certificate 
The signature algorithm support is what you can do with another key, not
what you can do with your key.
 2018-03-21 08:33:54 +10:00
Jacob Barthelmeh
4d65e4cc1e add WOLFSSL_NO_DH186 macro to optionally compile out DH186 function 2018-03-20 15:31:20 -06:00
Jacob Barthelmeh
df6ea54cd5 add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build 2018-03-20 15:06:35 -06:00
jrblixt
2788183e79 Known config. tests fix. 2018-03-20 14:35:26 -06:00
toddouska
bba0a3e88c Merge pull request #1448 from dgarske/ecc_cleanup 
ECC import/export cleanups and additions
 2018-03-20 11:05:15 -07:00
toddouska
38d1eea8cd Merge pull request #1446 from SparkiDev/tls13_draft27 
TLS v1.3 support for Draft 23 and Draft 27
 2018-03-20 09:13:03 -07:00
toddouska
18879ce271 Merge pull request #1440 from dgarske/VerifyRsaSign_PKCallback 
Added VerifyRsaSign PK callback
 2018-03-20 09:02:18 -07:00
David Garske
764aec071c Further improvement to the null termination and newline logic in wc_DerToPemEx. 2018-03-19 22:58:18 -07:00
David Garske
59aa893260 Cleanup ECC point import/export code. Added new API wc_ecc_import_unsigned to allow importing public x/y and optional private as unsigned char. Cleanup wc_ecc_sign_hash to move the hardware crypto code into a separate function. Added missing tests for wc_ecc_export_public_raw, wc_ecc_export_private_raw and new test for wc_ecc_import_unsigned. 2018-03-19 13:28:57 -07:00
toddouska
87c70e76a9 Merge pull request #1441 from dgarske/ocsp_nb 
Fix for handling OCSP with non-blocking
 2018-03-19 12:05:59 -07:00
David Garske
2cc1a1c5bf Renamed callbacks for VerifySign to SignCheck. Switched the new callback context to use the one for the sign. Fix for callback pointer check on VerifyRsaSign. Added inline comments about the new RsaSignCheckCb and RsaPssSignCheckCb. 2018-03-19 10:19:24 -07:00
toddouska
cb8f8a953b Merge pull request #1438 from SparkiDev/nginx_pem_write 
Fix PEM_write_bio_X509 to work with new BIO code
 2018-03-19 09:13:51 -07:00
toddouska
1040cf9caa Merge pull request #1437 from dgarske/eccrsrawtosig 
Added new ECC API `wc_ecc_rs_raw_to_sig`
 2018-03-19 09:12:39 -07:00
Jacob Barthelmeh
467608b6c9 remove pkcs7 requirement of x963kdf when ecc is disabled 2018-03-19 10:08:46 -06:00
toddouska
7ce2efd572 Merge pull request #1431 from JacobBarthelmeh/Optimizations 
more aes macro key size guards
 2018-03-19 09:07:05 -07:00
toddouska
b28c6a394f Merge pull request #1428 from JacobBarthelmeh/Certs 
Update to certificate renew scripts
 2018-03-19 09:05:15 -07:00
Sean Parkinson
bd53d7ba59 TLS v1.3 support for Draft 23 and Draft 27 
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
 2018-03-19 16:15:02 +10:00
Sean Parkinson
b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
jrblixt
1aba6e9b44 Prepare for PR. 2018-03-16 17:07:28 -06:00
kaleb-himes
323abafc1c backup updates for SGX and DB jobs 2018-03-16 15:34:30 -06:00
David Garske
fa73f7bc55 Fix for handling OCSP with non-blocking. The HashInput function was being called on the re-entry, which produced a bad mac response from server. Also cleanup for some of the WC_PENDING_E logic for the non-async cases to reduce code size. 2018-03-16 12:05:07 -07:00
David Garske
e858ec11ac Fix unused arg when building with pk callbacks disabled. 2018-03-16 09:37:07 -07:00
David Garske
ed7774e94a Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context. 2018-03-15 14:43:41 -07:00
Sean Parkinson
3f99a2a391 Fix PEM_write_bio_X509 to work with new BIO code 2018-03-15 10:45:49 +10:00
Jacob Barthelmeh
a207cae0f4 add some more macro guards to reduce size 2018-03-14 17:24:23 -06:00
Jacob Barthelmeh
607bd96317 add ocsp cert renew and test-pathlen to script 2018-03-14 16:35:16 -06:00
David Garske
9ccf876a21 Added new ECC API wc_ecc_rs_raw_to_sig to take raw unsigned R and S and encodes them into ECDSA signature format. 2018-03-14 10:59:25 -07:00
David Garske
d8fe341998 First pass at added PK_CALLBACK support for VerifyRsaSign. 2018-03-14 09:54:18 -07:00
Jacob Barthelmeh
8fb3ccacb7 opensslextra fixs and warning for unused variable 2018-03-12 18:05:24 -06:00
Jacob Barthelmeh
c41bc8205c account for build with no aes and no des3 2018-03-12 16:41:26 -06:00
Jacob Barthelmeh
6b04ebe3a4 fix for compiling with different build settings 2018-03-12 16:12:10 -06:00
Jacob Barthelmeh
fa21fb4a27 more aes macro key size guards 2018-03-12 15:44:48 -06:00
Jacob Barthelmeh
e41f5de556 default generate ed25519 cert with renew and add ecc crls to script 2018-03-09 14:09:34 -07:00
Jacob Barthelmeh
d9738563af add ed25519 certificate generation to renewcerts.sh 2018-03-09 10:43:36 -07:00
Jacob Barthelmeh
f6b5427f2b bad sig certificate renew script 2018-03-09 09:50:52 -07:00
Jacob Barthelmeh
849e1eb10d updating renewcerts script 2018-03-09 00:35:14 -07:00
208 changed files with 22137 additions and 7545 deletions
Expand all files Collapse all files

8
.gitignore vendored
View File

@ -40,9 +40,10 @@ wolfssl-config
cyassl.sublime*
fips.h
fips.c
fipsv2.c
fips_test.c
fips
wolfcrypt_first.c
wolfcrypt_last.c
selftest.c
src/async.c
wolfssl/async.h
@ -223,6 +224,11 @@ wrapper/CSharp/x64/
# Visual Studio Code Workspace Files
*.vscode
*.userprefs
*.exe
*.dll
.vs
Backup
UpgradeLog.htm
IDE/INTIME-RTOS/Debug_*
IDE/VS-ARM/.vs

8
IDE/GCC-ARM/Header/user_settings.h
View File

@ -87,6 +87,11 @@ extern "C" {
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 0
#define WC_RSA_PSS
#endif
#else
#define NO_RSA
#endif
@ -378,6 +383,9 @@ extern unsigned int custom_rand_generate(void);
#undef NO_CRYPT_BENCHMARK
//#define NO_CRYPT_BENCHMARK
#undef WOLFCRYPT_ONLY
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */

1
IDE/GCC-ARM/README.md
View File

@ -64,3 +64,4 @@ AES GCM: `GCM_SMALL`, `GCM_WORD32` or `GCM_TABLE`: Tunes performance and flash/m
* `USE_SLOW_SHA512`: Over twice as small, but 50% slower
* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with.
* `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
* `ECC_USER_CURVES`: Allows user to defines curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....

4
IDE/GCC-ARM/Source/tls_client.c
View File

@ -108,8 +108,8 @@ static int tls_client(void)
/*------------------------------------------------------------------------*/
/* END CIPHER SUITE OPTIONS */
/*------------------------------------------------------------------------*/
wolfSSL_SetIORecv(ctx, CbIORecv);
wolfSSL_SetIOSend(ctx, CbIOSend);
wolfSSL_CTX_SetIORecv(ctx, CbIORecv);
wolfSSL_CTX_SetIOSend(ctx, CbIOSend);
if ((ssl = wolfSSL_new(ctx)) == NULL) {
error = wolfSSL_get_error(ssl, 0);

13
IDE/Renesas/cs+/Projects/Readme.txt Normal file
View File

@ -0,0 +1,13 @@
wolfssl_lib:
Build wolfssl_lib.lib
test:
Get missing files
- create DUMMY project
- copy all files under DUMMY project except DUMMY.*
- uncomment "Use SIM I/O" lines in resetprg.c
- set heap size in sbrk.h
- set stack size in stacksct.h
Build test wolfCrypt

2
IDE/Renesas/cs+/Projects/common/strings.h Normal file
View File

@ -0,0 +1,2 @@
int strncasecmp(const char *s1, const char * s2, unsigned int sz);

1
IDE/Renesas/cs+/Projects/common/unistd.h Normal file
View File

@ -0,0 +1 @@
/* DUMMY Header */

46
IDE/Renesas/cs+/Projects/common/user_settings.h Normal file
View File

@ -0,0 +1,46 @@
#define NO_MAIN_DRIVER
#define BENCH_EMBEDDED
#define NO_WRITEV
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM
#define USE_CERT_BUFFERS_2048
#define WOLFSSL_USER_CURRTIME
#define SIZEOF_LONG_LONG 8
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#define NO_FILESYSTEM
#define WOLFSSL_LOG_PRINTF
/* #define DEBUG_WOLFSSL */
#define OPENSSL_EXTRA
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_DH_CONST
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define USER_TIME
#define XTIME time
#define USE_WOLF_SUSECONDS_T
#define USE_WOLF_TIMEVAL_T
#define WOLFSSL_USER_CURRTIME /* for benchmark */
#define WOLFSSL_GENSEED_FORTEST /* Wardning: define your own seed gen */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define SINGLE_THREADED /* or define RTOS option */
/* #define WOLFSSL_CMSIS_RTOS */
/* #define NO_DH */
#define HAVE_AESGCM
#define WOLFSSL_SHA512
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519

41
IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c Normal file
View File

@ -0,0 +1,41 @@
/* wolfssl_dummy.c
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
typedef unsigned long time_t;
#define YEAR 2018
#define MON 5
static int tick = 0;
time_t time(time_t *t)
{
return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
}
#include <ctype.h>
int strncasecmp(const char *s1, const char * s2, unsigned int sz)
{
for( ; sz>0; sz--)
if(toupper(s1++) != toupper(s2++))
return 1;
return 0;
}

1643
IDE/Renesas/cs+/Projects/test/test.mtpj Normal file
View File

File diff suppressed because it is too large Load Diff

47
IDE/Renesas/cs+/Projects/test/test_main.c Normal file
View File

@ -0,0 +1,47 @@
/***********************************************************************/
/* */
/* FILE :Main.c or Main.cpp */
/* DATE :Tue, Oct 31, 2006 */
/* DESCRIPTION :Main Program */
/* CPU TYPE : */
/* */
/* NOTE:THIS IS A TYPICAL EXAMPLE. */
/* */
/***********************************************************************/
#include "typedefine.h"
#ifdef __cplusplus
#include <ios> // Remove the comment when you use ios
_SINT ios_base::Init::init_cnt; // Remove the comment when you use ios
#endif
#include "stdio.h"
void main(void);
#ifdef __cplusplus
extern "C" {
void abort(void);
}
#endif
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
void wolfcrypt_test(func_args args);
void main(void)
{
func_args args = { 1 };
printf("Start wolfCrypt Test\n");
wolfcrypt_test(args);
printf("End wolfCrypt Test\n");
}
#ifdef __cplusplus
void abort(void)
{
}
#endif

2309
IDE/Renesas/cs+/Projects/wolfssl_lib/wolfssl_lib.mtpj Normal file
View File

File diff suppressed because it is too large Load Diff

11
IDE/WIN/user_settings.h
View File

@ -36,6 +36,17 @@
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#define HAVE_AESGCM
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS
#define HAVE_ECC
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#else
/* The servers and clients */
#define OPENSSL_EXTRA

70
IDE/WIN10/README.txt Normal file
View File

@ -0,0 +1,70 @@
# Notes on the wolfssl-fips project
First, if you did not get the FIPS files with your archive, you must contact
wolfSSL to obtain them.
# Building the wolfssl-fips project
The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
must be built as a static library, for the moment.
The library project is built with Whole Program Optimization disabled. This is
required so that necessary components of the library are not optimized away.
There are two functions added to the library that are used as markers in
memory for the in-core memory check of the code. WPO consolidates them into a
single function. WPO also optimizes away the automatic FIPS entry function.
Each of the source files inside the FIPS boundary defines their own code and
constant section. The code section names start with ".fipsA$" and the constant
section names start with ".fipsB$". Each subsection has a letter to organize
them in a secific order. This specific ordering puts marker functions and
constants on either end of the boundary so it can be hashed.
# In Core Memory Test
The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
FIPS library code and constant data and compares it with a known value in
the code.
The Randomized Base Address setting needs to be disabled on the 32-bit builds
but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
being different throws off the in-core memory calculation. It looks like in
64-bit mode the library uses all offsets, so the core hash calculation
is the same every time.
The "verifyCore" check value in the source fips_test.c needs to be updated when
building the code. The POS performs this check and the default failure callback
will print out the calculated checksum. When developing your code, copy this
value and paste it back into your code in the verifyCore initializer then
rebuild the code. When statically linking, you may have to recalculate your
check value when changing your application.
# Build Options
The default build options should be the proper default set of options:
* HAVE_FIPS
* HAVE_THREAD_LS
* HAVE_AESGCM
* HAVE_HASHDRBG
* WOLFSSL_SHA384
* WOLFSSL_SHA512
* NO_HC128
* NO_RC4
* NO_RABBIT
* NO_DSA
* NO_MD4
The "NO" options explicitly disable algorithms that are not allowed in
FIPS mode.
Additionally one may enable:
* HAVE_ECC
* OPENSSL_EXTRA
* WOLFSSL_KEY_GEN
These settings are defined in IDE/WIN/user_settings.h.

9
IDE/WIN10/include.am Normal file
View File

@ -0,0 +1,9 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/WIN10/README.txt
EXTRA_DIST+= IDE/WIN10/test.vcxproj
EXTRA_DIST+= IDE/WIN10/wolfssl-fips.sln
EXTRA_DIST+= IDE/WIN10/wolfssl-fips.vcxproj
EXTRA_DIST+= IDE/WIN10/user_settings.h

277
IDE/WIN10/test.vcxproj Normal file
View File

@ -0,0 +1,277 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Debug|Win32">
<Configuration>DLL Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Debug|x64">
<Configuration>DLL Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Release|Win32">
<Configuration>DLL Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Release|x64">
<Configuration>DLL Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
</PropertyGroup>
<PropertyGroup>
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<WholeProgramOptimization>true</WholeProgramOptimization>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<WholeProgramOptimization>true</WholeProgramOptimization>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<TargetMachine>MachineX86</TargetMachine>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
<ClCompile>
<AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<PrecompiledHeader />
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
<AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\wolfcrypt\test\test.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="wolfssl-fips.vcxproj">
<Project>{73973223-5ee8-41ca-8e88-1d60e89a237b}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

75
IDE/WIN10/user_settings.h Executable file
View File

@ -0,0 +1,75 @@
#ifndef _WIN_USER_SETTINGS_H_
#define _WIN_USER_SETTINGS_H_
/* Verify this is Windows */
#ifndef _WIN32
#error This user_settings.h header is only designed for Windows
#endif
/* Configurations */
#if defined(HAVE_FIPS)
/* FIPS */
#define OPENSSL_EXTRA
#define HAVE_THREAD_LS
#define WOLFSSL_KEY_GEN
#define HAVE_AESGCM
#define HAVE_HASHDRBG
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define NO_PSK
#define NO_HC128
#define NO_RC4
#define NO_RABBIT
#define NO_DSA
#define NO_MD4
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
#define WOLFSSL_SHA224
#define WOLFSSL_SHA3
#define WC_RSA_PSS
#define WC_RSA_NO_PADDING
#define HAVE_ECC
#define ECC_SHAMIR
#define HAVE_ECC_CDH
#define ECC_TIMING_RESISTANT
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB
#define HAVE_AESCCM
#define WOLFSSL_CMAC
#define HAVE_HKDF
#define WOLFSSL_PUBLIC_MP
#endif /* FIPS v2 */
#else
/* Enables blinding mode, to prevent timing attacks */
#define WC_RSA_BLINDING
#if defined(WOLFSSL_LIB)
/* The lib */
#define OPENSSL_EXTRA
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#define HAVE_AESGCM
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS
#define HAVE_ECC
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#else
/* The servers and clients */
#define OPENSSL_EXTRA
#define NO_PSK
#endif
#endif /* HAVE_FIPS */
#endif /* _WIN_USER_SETTINGS_H_ */

56
IDE/WIN10/wolfssl-fips.sln Normal file
View File

@ -0,0 +1,56 @@

Microsoft Visual Studio Solution File, Format Version 10.00
# Visual Studio Express 2012 for Windows Desktop
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Debug|x64 = Debug|x64
DLL Debug|Win32 = DLL Debug|Win32
DLL Debug|x64 = DLL Debug|x64
DLL Release|Win32 = DLL Release|Win32
DLL Release|x64 = DLL Release|x64
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = DLL Debug|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = DLL Release|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = DLL Release|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = DLL Release|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

308
IDE/WIN10/wolfssl-fips.vcxproj Normal file
View File

@ -0,0 +1,308 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Debug|Win32">
<Configuration>DLL Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Debug|x64">
<Configuration>DLL Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Release|Win32">
<Configuration>DLL Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="DLL Release|x64">
<Configuration>DLL Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
<RootNamespace>wolfssl-fips</RootNamespace>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<PlatformToolset>v110</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<BaseAddress>0x5A000000</BaseAddress>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>false</DataExecutionPrevention>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level4</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>false</DataExecutionPrevention>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<WholeProgramOptimization>false</WholeProgramOptimization>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<BaseAddress>0x5A000000</BaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<WholeProgramOptimization>false</WholeProgramOptimization>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\wolfcrypt\src\aes.c" />
<ClCompile Include="..\..\wolfcrypt\src\asn.c" />
<ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
<ClCompile Include="..\..\wolfcrypt\src\coding.c" />
<ClCompile Include="..\..\src\crl.c" />
<ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
<ClCompile Include="..\..\wolfcrypt\src\des3.c" />
<ClCompile Include="..\..\wolfcrypt\src\dh.c" />
<ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
<ClCompile Include="..\..\wolfcrypt\src\error.c" />
<ClCompile Include="..\..\wolfcrypt\src\fips.c">
<WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
<WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</WholeProgramOptimization>
<WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</WholeProgramOptimization>
<WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</WholeProgramOptimization>
</ClCompile>
<ClCompile Include="..\..\wolfcrypt\src\fips_test.c" />
<ClCompile Include="..\..\wolfcrypt\src\hash.c" />
<ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
<ClCompile Include="..\..\wolfcrypt\src\integer.c" />
<ClCompile Include="..\..\src\internal.c" />
<ClCompile Include="..\..\src\wolfio.c" />
<ClCompile Include="..\..\src\keys.c" />
<ClCompile Include="..\..\wolfcrypt\src\logging.c" />
<ClCompile Include="..\..\wolfcrypt\src\md5.c" />
<ClCompile Include="..\..\wolfcrypt\src\memory.c" />
<ClCompile Include="..\..\src\ocsp.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
<ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
<ClCompile Include="..\..\wolfcrypt\src\random.c" />
<ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
<ClCompile Include="..\..\wolfcrypt\src\signature.c" />
<ClCompile Include="..\..\src\ssl.c" />
<ClCompile Include="..\..\src\tls.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_first.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_last.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
<ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
</CustomBuild>
</ItemGroup>
<ItemGroup>
<ClInclude Include="user_settings.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

1
IDE/include.am
View File

@ -4,6 +4,7 @@
include IDE/XCODE/include.am
include IDE/WIN/include.am
include IDE/WIN10/include.am
include IDE/WIN-SGX/include.am
include IDE/LINUX-SGX/include.am
include IDE/WORKBENCH/include.am

5
Makefile.am
View File

@ -207,4 +207,7 @@ merge-clean:
@find ./ | $(GREP) \.OTHER | xargs rm -f
@find ./ | $(GREP) \.BASE | xargs rm -f
@find ./ | $(GREP) \~$$ | xargs rm -f
dist-hook:
cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h

2
README
View File

@ -44,7 +44,7 @@ Note 1)
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
or enable ECC (ECC is on by default), or you must enable static
key cipher suites with
WOLFSSL_STATIC_DH
WOLFSSL_STATIC_RSA

2
README.md
View File

@ -33,7 +33,7 @@ There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH. This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default on 64bit systems), or you must enable static
or enable ECC (ECC is on by default), or you must enable static
key cipher suites with
WOLFSSL_STATIC_DH
WOLFSSL_STATIC_RSA

2
SCRIPTS-LIST
View File

@ -10,6 +10,8 @@ commit-tests.sh - our commit tests, must pass before a commit is accepted, use
fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt
comment out last line to leave working directory
async-check.sh - internal script for validating wolfSSL Async using the simulator.
gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non
filesystem testing

80
async-check.sh Executable file
View File

@ -0,0 +1,80 @@
#!/bin/bash
# async-check.sh
# This script creates symbolic links to the required asynchronous
# file for using the asynchronous simulator and make check
#
# $ ./async-check [keep]
#
# - keep: (default off) ./async and links kept around for inspection
#
function Usage() {
printf '\n%s\n' "Usage: $0 [keep]"
printf '\n%s\n\n' "Where \"keep\" means keep (default off) async files around for inspection"
printf '%s\n' "EXAMPLE:"
printf '%s\n' "---------------------------------"
printf '%s\n' "./async-check.sh keep"
printf '%s\n\n' "---------------------------------"
}
ASYNC_REPO=git@github.com:wolfSSL/wolfAsyncCrypt.git
#ASYNC_REPO=../wolfAsyncCrypt
# Optionally keep async files
if [ "x$1" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi
if [ -d ./async ];
then
echo "\n\nUsing existing async repo\n\n"
else
# make a clone of the wolfAsyncCrypt repository
git clone $ASYNC_REPO async
[ $? -ne 0 ] && echo "\n\nCouldn't checkout the wolfAsyncCrypt repository\n\n" && exit 1
fi
# setup auto-conf
./autogen.sh
# link files
ln -s -F ../../async/wolfcrypt/src/async.c ./wolfcrypt/src/async.c
ln -s -F ../../async/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h
ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c
ln -s -F ../../../../async/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c
ln -s -F ../../../../async/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md
ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h
ln -s -F ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h
ln -s -F ../../../../async/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c
ln -s -F ../../../../async/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
ln -s -F ../../../../async/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md
./configure --enable-asynccrypt --enable-all
make check
[ $? -ne 0 ] && echo "\n\nMake check failed. Debris left for analysis." && exit 1
# Clean up
popd
if [ "x$KEEP" == "xno" ];
then
unlink ./wolfcrypt/src/async.c
unlink ./wolfssl/wolfcrypt/async.h
unlink ./wolfcrypt/src/port/intel/quickassist.c
unlink ./wolfcrypt/src/port/intel/quickassist_mem.c
unlink ./wolfcrypt/src/port/intel/README.md
unlink ./wolfssl/wolfcrypt/port/intel/quickassist.h
unlink ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h
unlink ./wolfcrypt/src/port/cavium/cavium_nitrox.c
unlink ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
unlink ./wolfcrypt/src/port/cavium/README.md
rm -rf ./async
# restore original README.md files
git checkout -- wolfcrypt/src/port/cavium/README.md
git checkout -- wolfcrypt/src/port/intel/README.md
fi

5
autogen.sh
View File

@ -18,7 +18,10 @@ if test -e .git; then
# touch fips files for non fips distribution
touch ./ctaocrypt/src/fips.c
touch ./ctaocrypt/src/fips_test.c
touch ./wolfcrypt/src/fipsv2.c
touch ./wolfcrypt/src/fips.c
touch ./wolfcrypt/src/fips_test.c
touch ./wolfcrypt/src/wolfcrypt_first.c
touch ./wolfcrypt/src/wolfcrypt_last.c
touch ./wolfssl/wolfcrypt/fips.h
# touch CAVP selftest files for non-selftest distribution

6
certs/crl/gencrls.sh
View File

@ -104,4 +104,10 @@ mv tmp eccSrvCRL.pem
# install (only needed if working outside wolfssl)
#cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
# caEccCrl
openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
# ca-ecc384-cert
openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
exit 0

18
certs/ed25519/gen-ed25519.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
EXAMPLE=$1
echo "This uses ed25519 certificate generator from wolfssl-examples github"
echo "The script takes in the directory to wolfssl-examples"
pushd ${EXAMPLE}
make
if [ $? -ne 0 ]; then
echo "Unable to build example"
exit 1
fi
./tls.sh
popd
mv ${EXAMPLE}/*.pem .
mv ${EXAMPLE}/*.der .

133
certs/renewcerts.sh
View File

@ -8,6 +8,10 @@
# client-ecc-cert.der
# ca-cert.pem
# ca-cert.der
# ca-ecc-cert.pem
# ca-ecc-cert.der
# ca-ecc384-cert.pem
# ca-ecc384-cert.der
# server-cert.pem
# server-cert.der
# server-ecc-rsa.pem
@ -17,6 +21,7 @@
# server-ecc-comp.pem
# client-ca.pem
# test/digsigku.pem
# ecc-privOnlyCert.pem
# updates the following crls:
# crl/cliCrl.pem
# crl/crl.pem
@ -100,12 +105,38 @@ function run_renewcerts(){
openssl x509 -in ca-cert.pem -text > tmp.pem
mv tmp.pem ca-cert.pem
############################################################
########## update the self-signed ca-ecc-cert.pem ##########
############################################################
echo "Updating ca-ecc-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc-key.pem -nodes -out ca-ecc-cert.csr
openssl x509 -req -in ca-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc-key.pem -out ca-ecc-cert.pem
rm ca-ecc-cert.csr
openssl x509 -in ca-ecc-cert.pem -text > tmp.pem
mv tmp.pem ca-ecc-cert.pem
############################################################
########## update the self-signed ca-ecc384-cert.pem #######
############################################################
echo "Updating ca-ecc384-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc384-key.pem -nodes -sha384 -out ca-ecc384-cert.csr
openssl x509 -req -in ca-ecc384-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc384-key.pem -sha384 -out ca-ecc384-cert.pem
rm ca-ecc384-cert.csr
openssl x509 -in ca-ecc384-cert.pem -text > tmp.pem
mv tmp.pem ca-ecc384-cert.pem
############################################################
##### update the self-signed (1024-bit) ca-cert.pem ########
############################################################
echo "Updating 1024-bit ca-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -out \1024/ca-cert.csr
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -sha1 -out \1024/ca-cert.csr
openssl x509 -req -in \1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/ca-key.pem -out \1024/ca-cert.pem
rm \1024/ca-cert.csr
@ -169,7 +200,7 @@ function run_renewcerts(){
echo "Updating 1024-bit server-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes > \1024/server-req.pem
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes -sha1 > \1024/server-req.pem
openssl x509 -req -in \1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA \1024/ca-cert.pem -CAkey \1024/ca-key.pem -set_serial 01 > \1024/server-cert.pem
@ -209,7 +240,7 @@ function run_renewcerts(){
mv tmp.pem client-ecc-cert.pem
############################################################
########## update the self-signed server-ecc.pem ###########
########## update the server-ecc.pem #######################
############################################################
echo "Updating server-ecc.pem"
echo ""
@ -217,7 +248,7 @@ function run_renewcerts(){
echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key.pem -out server-ecc.pem
openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions server_ecc -CAfile ca-ecc-cert.pem -CAkey ca-ecc-key.pem -out server-ecc.pem
rm server-ecc.csr
openssl x509 -in server-ecc.pem -text > tmp.pem
@ -244,6 +275,18 @@ function run_renewcerts(){
echo ""
cat client-cert.pem client-ecc-cert.pem > client-ca.pem
############################################################
###### update the self-signed ecc-privOnlyCert.pem #########
############################################################
echo "Updating ecc-privOnlyCert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e ".\n.\n.\nWR\n.\nDE\n.\n.\n.\n" | openssl req -new -key ecc-privOnlyKey.pem -nodes -out ecc-privOnly.csr
openssl x509 -req -in ecc-privOnly.csr -days 1000 -signkey ecc-privOnlyKey.pem -out ecc-privOnlyCert.pem
rm ecc-privOnly.csr
############################################################
###### update the self-signed test/digsigku.pem ##########
############################################################
@ -263,10 +306,15 @@ function run_renewcerts(){
############################################################
########## make .der files from .pem files #################
############################################################
openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
echo "Creating der formatted certs..."
echo ""
openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
openssl x509 -inform PEM -in \1024/server-cert.pem -outform DER -out \1024/server-cert.der
openssl x509 -inform PEM -in \1024/ca-cert.pem -outform DER -out \1024/ca-cert.der
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
openssl x509 -inform PEM -in ca-ecc-cert.pem -outform DER -out ca-ecc-cert.der
openssl x509 -inform PEM -in ca-ecc384-cert.pem -outform DER -out ca-ecc384-cert.der
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der
@ -281,6 +329,57 @@ function run_renewcerts(){
echo ""
echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin
############################################################
###### update the test-servercert.p12 file #################
############################################################
echo "Updating test-servercert.p12 (password is \"wolfSSL test\")"
echo ""
echo "wolfSSL test" | openssl pkcs12 -des3 -descert -export -in server-cert.pem -inkey server-key.pem -certfile ca-cert.pem -out test-servercert.p12 -password stdin
############################################################
###### calling gen-ext-certs.sh ##################
############################################################
echo "Calling gen-ext-certs.sh"
echo ""
cd ..
./certs/test/gen-ext-certs.sh
cd ./certs
############################################################
###### calling gen-badsig.sh ##################
############################################################
echo "Calling gen-badsig.sh"
echo ""
cd ./test
./gen-badsig.sh
cd ../
############################################################
########## generate ocsp certs ######################
############################################################
echo "Changing directory to ocsp..."
echo ""
# guard against recursive calls to renewcerts.sh
if [ -d ocsp ]; then
cd ./ocsp
echo "Execute ./renewcerts.sh..."
./renewcerts.sh
cd ../
else
echo "Error could not find ocsp directory"
exit 1
fi
############################################################
###### calling assemble-chains.sh ##################
############################################################
echo "Calling assemble-chains.sh"
echo ""
cd ./test-pathlen
./assemble-chains.sh
cd ../
############################################################
########## store DER files as buffers ######################
############################################################
@ -350,6 +449,19 @@ then
echo "changed directory to wolfssl root directory."
echo ""
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read ED25519_DIR
if [ -d "${ED25519_DIR}" ]; then
pushd ./certs/ed25519
./gen-ed25519.sh ${ED25519_DIR}
popd
else
echo "Unable to find directory ${ED25519_DIR}"
exit 1
fi
############################################################
########## update ntru if already installed ################
############################################################
@ -367,11 +479,21 @@ elif [ ! -z "$1" ]; then
if [ "$1" == "--override-ntru" ]; then
echo "overriding ntru, update all certs except ntru."
run_renewcerts
#valid argument create ed25519 certificates
elif [ "$1" == "--ed25519" ] || [ "$2" == "--ed25519" ]; then
echo ""
echo "Enter directory to ed25519 certificate generation example."
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
read ED25519_DIR
pushd ./certs/ed25519
./gen-ed25519.sh ${ED25519_DIR}
popd
#valid argument print out other valid arguments
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
echo ""
echo "\"no argument\" will attempt to update all certificates"
echo "--override-ntru updates all certificates except ntru"
echo "--ed25519 updates all ed25519 certificates"
echo "-h or -help display this menu"
echo ""
echo ""
@ -441,3 +563,4 @@ else
fi #END now defined
fi #END already defined
exit 0

50
certs/renewcerts/wolfssl.cnf
View File

@ -125,6 +125,40 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true
# CA with pathlen 0
[ pathlen_0 ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true,pathlen:0
keyUsage=keyCertSign, cRLSign
# CA with pathlen 1
[ pathlen_1 ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true,pathlen:1
keyUsage=keyCertSign, cRLSign
# CA with pathlen 127
[ pathlen_127 ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true,pathlen:127
keyUsage=keyCertSign, cRLSign
# CA with pathlen 128
[ pathlen_128 ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true,pathlen:128
keyUsage=keyCertSign, cRLSign
# test pathlen server cert
[ test_pathlen ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:false
# Extensions to add to a certificate request
[ v3_req ]
basicConstraints = CA:FALSE
@ -170,6 +204,22 @@ authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical, CA:TRUE
keyUsage=critical, nonRepudiation, keyEncipherment
# ca-ecc-cert extensions
[ ca_ecc_cert ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints=critical, CA:TRUE
keyUsage=critical, digitalSignature, keyCertSign, cRLSign
# server-ecc extensions
[ server_ecc ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints=critical, CA:FALSE
keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage=serverAuth
nsCertType=server
#tsa default
[ tsa ]
default_tsa = tsa_config1

186
certs/test-pathlen/assemble-chains.sh
View File

@ -1,8 +1,192 @@
#!/bin/bash
#
# assemble-chains.sh
# Assemble all the certificate CA path test cert chains.
# Create certs and assemble all the certificate CA path test cert chains.
###########################################################
########## update server-0-ca.pem ################
###########################################################
echo "Updating server-0-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-ca-req.pem
openssl x509 -req -in server-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 100 -sha1 > server-0-ca.pem
rm server-0-ca-req.pem
openssl x509 -in server-0-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-0-ca.pem
###########################################################
########## update server-0-cert.pem ################
###########################################################
echo "Updating server-0-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-cert-req.pem
openssl x509 -req -in server-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 101 -sha1 > server-0-cert.pem
rm server-0-cert-req.pem
openssl x509 -in server-0-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-0-cert.pem
###########################################################
########## update server-1-ca.pem ################
###########################################################
echo "Updating server-1-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-ca-req.pem
openssl x509 -req -in server-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 102 -sha1 > server-1-ca.pem
rm server-1-ca-req.pem
openssl x509 -in server-1-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-1-ca.pem
###########################################################
########## update server-1-cert.pem ################
###########################################################
echo "Updating server-1-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-cert-req.pem
openssl x509 -req -in server-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 105 -sha1 > server-1-cert.pem
rm server-1-cert-req.pem
openssl x509 -in server-1-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-1-cert.pem
###########################################################
########## update server-0-1-ca.pem ################
###########################################################
echo "Updating server-0-1-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-ca-req.pem
openssl x509 -req -in server-0-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 110 -sha1 > server-0-1-ca.pem
rm server-0-1-ca-req.pem
openssl x509 -in server-0-1-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-0-1-ca.pem
###########################################################
########## update server-0-1-cert.pem ################
###########################################################
echo "Updating server-0-1-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-cert-req.pem
openssl x509 -req -in server-0-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-1-ca.pem -CAkey ../server-key.pem -set_serial 111 -sha1 > server-0-1-cert.pem
rm server-0-1-cert-req.pem
openssl x509 -in server-0-1-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-0-1-cert.pem
###########################################################
########## update server-1-0-ca.pem ################
###########################################################
echo "Updating server-1-0-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-ca-req.pem
openssl x509 -req -in server-1-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 103 -sha1 > server-1-0-ca.pem
rm server-1-0-ca-req.pem
openssl x509 -in server-1-0-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-1-0-ca.pem
###########################################################
########## update server-1-0-cert.pem ################
###########################################################
echo "Updating server-1-0-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-cert-req.pem
openssl x509 -req -in server-1-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-0-ca.pem -CAkey ../server-key.pem -set_serial 104 -sha1 > server-1-0-cert.pem
rm server-1-0-cert-req.pem
openssl x509 -in server-1-0-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-1-0-cert.pem
###########################################################
########## update server-127-ca.pem ################
###########################################################
echo "Updating server-127-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-ca-req.pem
openssl x509 -req -in server-127-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_127 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-127-ca.pem
rm server-127-ca-req.pem
openssl x509 -in server-127-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-127-ca.pem
###########################################################
########## update server-127-cert.pem ################
###########################################################
echo "Updating server-127-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-cert-req.pem
openssl x509 -req -in server-127-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-127-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-127-cert.pem
rm server-127-cert-req.pem
openssl x509 -in server-127-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-127-cert.pem
###########################################################
########## update server-128-ca.pem ################
###########################################################
echo "Updating server-128-ca.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-ca-req.pem
openssl x509 -req -in server-128-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_128 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-128-ca.pem
rm server-128-ca-req.pem
openssl x509 -in server-128-ca.pem -text > ca_tmp.pem
mv ca_tmp.pem server-128-ca.pem
###########################################################
########## update server-128-cert.pem ################
###########################################################
echo "Updating server-128-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-cert-req.pem
openssl x509 -req -in server-128-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-128-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-128-cert.pem
rm server-128-cert-req.pem
openssl x509 -in server-128-cert.pem -text > cert_tmp.pem
mv cert_tmp.pem server-128-cert.pem
###########################################################
########## Assemble Chains ################
###########################################################
# Success: PathLen of 0
## server-0-ca.pem: signed by ca-cert.pem
## server-0-cert.pem: signed by server-0-ca.pem

20
certs/test/gen-badaltnamenull.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/sh
echo "step 1 create key"
openssl genrsa -out server-badaltnamenull.key 2048
echo "step 2 create csr"
echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf
echo "step 3 check csr"
openssl req -text -noout -in server-badaltnamenull.csr
echo "step 4 create cert"
openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \
-out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf
echo "step 5 make human reviewable"
openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem
mv tmp.pem server-badaltnamenull.pem
openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der

42
certs/test/gen-badsig.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
generate() {
# read in certificate and alter the last part of the signature
num_lines=$(wc -l < $cert)
i=1
rm -f $pem_out
touch $pem_out
while IFS= read -r line
do
if [[ $((i+1)) -eq ${num_lines} ]]; then
# last line before END tag. Alter the sig here
idx=`expr ${#line} - 4`
chr=${line:idx:1}
if [ "$chr" == "x" ] || [ "$chr" == "X" ]; then
echo "${line:0:${idx}}a${line:$((idx+1)):$((idx+4))}" >> $pem_out
else
echo "${line:0:${idx}}x${line:$((idx+1)):$((idx+4))}" >> $pem_out
fi
else
echo "$line" >> $pem_out
fi
let i++
done < "$cert"
# output to DER format also
openssl x509 -in $pem_out -out $der_out -outform DER
}
# create server RSA certificate with bad signature
cert="../server-cert.pem"
pem_out=server-cert-rsa-badsig.pem
der_out=server-cert-rsa-badsig.der
generate
# create server ECC certificate with bad signature
cert="../server-ecc.pem"
pem_out=server-cert-ecc-badsig.pem
der_out=server-cert-ecc-badsig.der
generate

9
certs/test/include.am
View File

@ -17,3 +17,12 @@ EXTRA_DIST += \
certs/test/server-cert-rsa-badsig.pem \
certs/test/server-cert-ecc-badsig.der \
certs/test/server-cert-ecc-badsig.pem
EXTRA_DIST += \
certs/test/gen-badaltnamenull.sh \
certs/test/server-badaltnamenull.conf \
certs/test/server-badaltnamenull.csr \
certs/test/server-badaltnamenull.key \
certs/test/server-badaltnamenull.pem \
certs/test/server-badaltnamenull.der

17
certs/test/server-badaltnamenull.conf Normal file
View File

@ -0,0 +1,17 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Montana
localityName = Bozeman
organizationName = Engineering
commonName = www.wolfssl.com
commonName_max = 64
commonName_default = localhost
[ req_ext ]
#subjectAltName = localhost\0h
subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68

17
certs/test/server-badaltnamenull.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls
b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D
UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY
58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz
0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS
ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg
CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y
a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv
Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa
cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw
ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1
wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH
A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp
YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg
-----END CERTIFICATE REQUEST-----

BIN
certs/test/server-badaltnamenull.der Normal file
View File

Binary file not shown.

27
certs/test/server-badaltnamenull.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ
1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+
piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn
e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM
zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH
y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo
4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq
sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3
DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ
LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs
cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy
X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf
865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o
yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC
a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU
Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc
oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy
K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP
KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO
XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7
MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA
RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV
3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2
xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+
CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM=
-----END RSA PRIVATE KEY-----

72
certs/test/server-badaltnamenull.pem Normal file
View File

@ -0,0 +1,72 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15650401360786530715 (0xd931651e45f8a19b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
Validity
Not Before: May 3 16:02:13 2018 GMT
Not After : Jan 27 16:02:13 2021 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c:
98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d:
4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e:
5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74:
04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58:
83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f:
6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3:
06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4:
0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d:
1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5:
f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b:
0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71:
8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80:
d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae:
a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28:
ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48:
55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9:
4f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha1WithRSAEncryption
ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69:
b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23:
a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e:
7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc:
ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28:
45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c:
f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29:
0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2:
67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25:
e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7:
72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5:
6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7:
57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49:
da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0:
f7:8e:7c:df
-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2
MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw
EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE
R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3
Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E
O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg
wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7
SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z
dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd
i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK
bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f
rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+
98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX
4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf
-----END CERTIFICATE-----

205
configure.ac
View File

@ -5,14 +5,16 @@
# This file is part of wolfSSL. (formerly known as CyaSSL)
#
#
AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.])
AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
# The following sets CFLAGS to empty if unset on command line. We do not want
# the default "-g -O2" that AC_PROG_CC sets automatically.
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets
# automatically.
: ${CFLAGS=""}
: ${CXXFLAGS=""}
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
@ -157,6 +159,7 @@ then
enable_tls13=yes
enable_openssh=yes
enable_opensslextra=yes
enable_opensslall=yes
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
@ -218,9 +221,13 @@ then
enable_x963kdf=yes
enable_scrypt=yes
enable_indef=yes
enable_enckeys=yes
AM_CFLAGS="-DHAVE_AES_DECRYPT $AM_CFLAGS"
AM_CFLAGS="-DHAVE_AES_ECB $AM_CFLAGS"
# Enable AES Decrypt, AES ECB, Alt Names, DER Load, Keep Certs, CRL IO with Timeout
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192"
fi
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])
@ -261,6 +268,9 @@ AC_ARG_ENABLE([singlethreaded],
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
# versions of clang don't need the -Q flag when using pthreads.
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
LIBS="$LIBS $PTHREAD_LIBS"
],[
@ -307,6 +317,30 @@ then
fi
# TLS v1.3 Draft 23
AC_ARG_ENABLE([tls13-draft23],
[AS_HELP_STRING([--enable-tls13-draft23],[Enable wolfSSL TLS v1.3 Draft 23 (default: disabled)])],
[ ENABLED_TLS13_DRAFT23=$enableval ],
[ ENABLED_TLS13_DRAFT23=no ]
)
if test "$ENABLED_TLS13_DRAFT23" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
fi
# TLS v1.3 Draft 26
AC_ARG_ENABLE([tls13-draft26],
[AS_HELP_STRING([--enable-tls13-draft26],[Enable wolfSSL TLS v1.3 Draft 26 (default: disabled)])],
[ ENABLED_TLS13_DRAFT26=$enableval ],
[ ENABLED_TLS13_DRAFT26=no ]
)
if test "$ENABLED_TLS13_DRAFT26" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
fi
# TLS v1.3
AC_ARG_ENABLE([tls13],
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])],
@ -314,7 +348,7 @@ AC_ARG_ENABLE([tls13],
[ ENABLED_TLS13=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes"
if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes"
then
ENABLED_TLS13="yes"
fi
@ -419,6 +453,22 @@ fi
AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
# List of open source project defines using our openssl compatibility layer:
# openssh (--enable-openssh)
# nginix (--enable-nginx) WOLFSSL_NGINX
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
# ssl fortress (--enable-fortress) FORTRESS
# ssl bump (--enable-bump)
# signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY
# stunnel (--enable-stunnel) HAVE_STUNNEL
# HAVE_POCO_LIB
# WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
@ -494,13 +544,25 @@ then
fi
# OPENSSL Compatibility ALL
AC_ARG_ENABLE([opensslall],
[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
[ ENABLED_OPENSSLALL=$enableval ],
[ ENABLED_OPENSSLALL=no ]
)
if test "$ENABLED_OPENSSLALL" = "yes"
then
AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS"
fi
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
then
ENABLED_OPENSSLEXTRA="yes"
fi
@ -525,7 +587,7 @@ fi
# High Strength Build
AC_ARG_ENABLE([maxstrength],
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strengh build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
@ -567,7 +629,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
@ -1747,6 +1809,18 @@ then
fi
# Base16
AC_ARG_ENABLE([base16],
[AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
[ ENABLED_BASE16=$enableval ],
[ ENABLED_BASE16=no ]
)
if test "$ENABLED_BASE16" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
fi
# DES3
AC_ARG_ENABLE([des3],
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
@ -1857,7 +1931,8 @@ fi
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
#AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
#moved to FIPS section
# AES-XTS
@ -1883,6 +1958,17 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# Web Client Build (HTTP Client)
AC_ARG_ENABLE([webclient],
[AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
[ ENABLED_WEBCLIENT=$enableval ],
[ ENABLED_WEBCLIENT=no ]
)
if test "$ENABLED_WEBCLIENT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
fi
# HC128
@ -1957,17 +2043,32 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN"
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT"
ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
[ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
[ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
[ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
])
else
if test "x$ENABLED_FORTRESS" = "xyes"
then
@ -1977,6 +2078,7 @@ fi
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS_V2], [test "x$FIPS_VERSION" = "xv2"])
AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
# SELFTEST
AC_ARG_ENABLE([selftest],
@ -1997,7 +2099,7 @@ AM_CONDITIONAL([BUILD_SELFTEST], [test "x$ENABLED_SELFTEST" = "xyes"])
SHA224_DEFAULT=no
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
then
if test "x$ENABLED_FIPS" = "xno"
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
then
SHA224_DEFAULT=yes
fi
@ -2022,7 +2124,7 @@ AM_CONDITIONAL([BUILD_SHA224], [test "x$ENABLED_SHA224" = "xyes"])
SHA3_DEFAULT=no
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
then
if test "x$ENABLED_FIPS" = "xno"
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
then
SHA3_DEFAULT=yes
fi
@ -2176,7 +2278,7 @@ AC_ARG_ENABLE([ocsp],
[ ENABLED_OCSP=no ],
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_OCSP=yes
fi
@ -3031,6 +3133,24 @@ fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# Encrypted keys
AC_ARG_ENABLE([enckeys],
[AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
[ ENABLED_ENCKEYS=$enableval ],
[ ENABLED_ENCKEYS=no ]
)
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
ENABLED_ENCKEYS=yes
fi
if test "$ENABLED_ENCKEYS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
fi
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
@ -3041,9 +3161,9 @@ AC_ARG_ENABLE([pwdbased],
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes"
then
# opensslextra and webserver needs pwdbased
# opensslextra, webserver and enckeys needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
@ -3264,8 +3384,8 @@ AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt -lcrypto $LIB_ADD"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
@ -3274,21 +3394,17 @@ AC_ARG_WITH([cavium-v],
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/obj/cavium_common.o $trycaviumdir/api/obj/cavium_sym_crypto.o $trycaviumdir/api/obj/cavium_asym_crypto.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_CHECK_FILES([$trycaviumdir/lib/libnitrox.a], [AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"], [ENABLED_CAVIUM_V=no])
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
if test "$ENABLED_CAVIUM_V" = "no"; then
AC_MSG_ERROR([Could not find Nitrox library])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
enable_opensslextra=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
@ -3299,6 +3415,7 @@ AC_ARG_WITH([cavium-v],
)
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM_V], [test "x$ENABLED_CAVIUM_V" = "xyes"])
# Intel Quick Assist
@ -3817,6 +3934,14 @@ then
fi
# Default optimization CFLAGS enable
AC_ARG_ENABLE([optflags],
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
[ ENABLED_OPTFLAGS=$enableval ],
[ ENABLED_OPTFLAGS=yes ]
)
# check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
@ -3873,8 +3998,9 @@ AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling pkcs7.])])
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
@ -3957,7 +4083,7 @@ then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
if test "x$ENABLED_X963KDF" = "xno"
if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" = "yes"
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
@ -4030,6 +4156,7 @@ then
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
if test "$ax_enable_debug" = "no"
then
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
if test "$ENABLED_FASTMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
@ -4040,6 +4167,7 @@ then
else
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
fi
])
fi
fi
@ -4080,7 +4208,7 @@ if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS"
@ -4311,6 +4439,9 @@ echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * TLS v1.0: $ENABLED_TLSV10"
echo " * TLS v1.3: $ENABLED_TLS13"
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22"
echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23"
echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26"
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"

4
cyassl/ctaocrypt/asn.h
View File

@ -38,10 +38,8 @@
#include <wolfssl/wolfcrypt/asn.h>
#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
#ifndef NO_FILESYSTEM
#define CyaSSL_PemCertToDer wolfSSL_PemCertToDer
#endif
#define CyaSSL_PemCertToDer wc_PemCertToDer
#endif
#endif /* CTAO_CRYPT_ASN_H */

5
cyassl/ssl.h
View File

@ -498,8 +498,8 @@
*/
#define CyaSSL_accept_ex wolfSSL_accept_ex
#define CyaSSL_SetIORecv wolfSSL_SetIORecv
#define CyaSSL_SetIOSend wolfSSL_SetIOSend
#define CyaSSL_SetIORecv wolfSSL_CTX_SetIORecv
#define CyaSSL_SetIOSend wolfSSL_CTX_SetIOSend
#define CyaSSL_connect_ex wolfSSL_connect_ex
#define CyaSSL_CTX_SetCACb wolfSSL_CTX_SetCACb
#define CyaSSL_SetIOReadCtx wolfSSL_SetIOReadCtx
@ -657,7 +657,6 @@
/* OpenSSL Compatibility Layer */
#define CyaSSL_PemCertToDer wolfSSL_PemCertToDer
#define CyaSSL_get_sessionID wolfSSL_get_sessionID
#define CyaSSL_get_peer_count wolfSSL_get_peer_count
#define CyaSSL_get_chain_cert wolfSSL_get_chain_cert

28
doc/dox_comments/header_files/aes.h
View File

@ -809,3 +809,31 @@ WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
\sa wc_AesXtsSetKey
*/
WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
/*!
\ingroup AES
\brief Initialize Aes structure. Sets heap hint to be used and ID for use
with async hardware
\return 0 Success
\param aes aes structure in to initialize
\param heap heap hint to use for malloc / free if needed
\param devId ID to use with async hardware
_Example_
\code
Aes enc;
void* hint = NULL;
int devId = INVALID_DEVID; //if not using async INVALID_DEVID is default
//heap hint could be set here if used
wc_AesInit(&aes, hint, devId);
\endcode
\sa wc_AesSetKey
\sa wc_AesSetIV
*/
WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId);

34
doc/dox_comments/header_files/asn.h
View File

@ -1,34 +0,0 @@
/*!
\ingroup ASN
\brief This function converts a pem certificate to a der certificate,
and places the resulting certificate in the derBuf buffer provided.
\return Success On success returns the size of the derBuf generated
\return BUFFER_E Returned if the size of derBuf is too small to hold
the certificate generated
\return MEMORY_E Returned if the call to XMALLOC fails
\param fileName path to the file containing a pem certificate to
convert to a der certificate
\param derBuf pointer to a char buffer in which to store the
converted certificate
\param derSz size of the char buffer in which to store the
converted certificate
_Example_
\code
char * file = “./certs/client-cert.pem”;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
derSz = wolfsSSL_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
//PemCertToDer error
}
\endcode
\sa none
*/
WOLFSSL_API
int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);

195
doc/dox_comments/header_files/asn_public.h
View File

@ -20,6 +20,7 @@
\sa wc_MakeCertReq
*/
WOLFSSL_API int wc_InitCert(Cert*);
/*!
\ingroup ASN
@ -51,7 +52,7 @@ WOLFSSL_API int wc_InitCert(Cert*);
\code
Cert myCert;
wc_InitCert(&myCert);
RNG rng;
WC_RNG rng;
//initialize rng;
RsaKey key;
//initialize key;
@ -65,6 +66,7 @@ WOLFSSL_API int wc_InitCert(Cert*);
*/
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
ecc_key*, WC_RNG*);
/*!
\ingroup ASN
@ -109,8 +111,9 @@ WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
\sa wc_InitCert
\sa wc_MakeCert
*/
WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
RsaKey*, ecc_key*);
/*!
\ingroup ASN
@ -149,7 +152,7 @@ WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
// initialize myCert, derCert
RsaKey key;
// initialize key;
RNG rng;
WC_RNG rng;
// initialize rng
word32 certSz;
@ -163,6 +166,7 @@ WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
*/
WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
/*!
\ingroup ASN
@ -195,7 +199,7 @@ WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
// initialize myCert, derCert
RsaKey key;
// initialize key;
RNG rng;
WC_RNG rng;
// initialize rng
word32 certSz;
@ -208,6 +212,7 @@ WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
*/
WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
WC_RNG*);
/*!
\ingroup ASN
@ -270,6 +275,7 @@ WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
\sa wc_SetIssuerBuffer
*/
WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
/*!
\ingroup ASN
@ -328,6 +334,7 @@ WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
\sa wc_SetIssuer
*/
WOLFSSL_API int wc_SetSubject(Cert*, const char*);
/*!
\ingroup ASN
@ -387,7 +394,8 @@ WOLFSSL_API int wc_SetSubject(Cert*, const char*);
\sa wc_InitCert
\sa wc_SetIssuer
*/
WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
/*!
\ingroup ASN
@ -453,6 +461,7 @@ WOLFSSL_API int wc_SetSubject(Cert*, const char*);
\sa wc_SetIssuer
*/
WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
/*!
\ingroup ASN
@ -517,6 +526,7 @@ WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
\sa wc_SetSubject
*/
WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
/*!
\ingroup ASN
@ -584,6 +594,7 @@ WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
\sa wc_SetAltNames
*/
WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
/*!
\ingroup ASN
@ -648,6 +659,7 @@ WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
\sa wc_InitCert
*/
WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
/*!
\ingroup ASN
@ -711,6 +723,7 @@ WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
\sa wc_SetAuthKeyId
*/
WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
/*!
\ingroup ASN
@ -739,6 +752,7 @@ WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
\sa wc_SetAuthKeyIdFromCert
*/
WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
/*!
\ingroup ASN
@ -771,6 +785,7 @@ WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
*/
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
ecc_key *eckey);
/*!
\ingroup ASN
@ -801,6 +816,7 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
\sa wc_SetSubjectKeyIdFromPublicKey
*/
WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
/*!
\ingroup ASN
@ -833,7 +849,8 @@ WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
*/
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
word16 ntruKeySz);
/*!
/*!
\ingroup RSA
\brief This function allows you to set the key usage using a comma
@ -864,8 +881,9 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
\sa wc_InitCert
\sa wc_MakeRsaKey
*/
*/
WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
/*!
\ingroup ASN
@ -899,7 +917,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\code
Cert myCert;
// initialize myCert
RNG rng;
WC_RNG rng;
//initialize rng;
byte ntruPublicKey[NTRU_KEY_SIZE];
//initialize ntruPublicKey;
@ -913,11 +931,12 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_InitCert
\sa wc_MakeCert
*/
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
/*!
\ingroup Keys
\ingroup ASN
\brief Loads a PEM key from a file and converts to a DER encoded buffer.
@ -936,18 +955,19 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
char* some_file = "filename";
unsigned char der[];
if(wolfSSL_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
{
//Handle Error
}
\endcode
\sa wolfSSL_PubKeyPemToDer
\sa wc_PubKeyPemToDer
*/
WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
/*!
\ingroup Keys
\ingroup ASN
\brief Convert a PEM encoded public key to DER. Returns the number of
bytes written to the buffer or a negative value for an error.
@ -966,17 +986,53 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
byte some_pem[] = { Initialize with PEM key }
unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER
if(wolfSSL_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
sizeof(out_buffer)) < 0)
{
// Handle error
}
\endcode
\sa wolfSSL_PemPubKeyToDer
\sa wc_PemPubKeyToDer
*/
WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
/*!
\ingroup ASN
\brief This function converts a pem certificate to a der certificate,
and places the resulting certificate in the derBuf buffer provided.
\return Success On success returns the size of the derBuf generated
\return BUFFER_E Returned if the size of derBuf is too small to hold
the certificate generated
\return MEMORY_E Returned if the call to XMALLOC fails
\param fileName path to the file containing a pem certificate to
convert to a der certificate
\param derBuf pointer to a char buffer in which to store the
converted certificate
\param derSz size of the char buffer in which to store the
converted certificate
_Example_
\code
char * file = “./certs/client-cert.pem”;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
//PemCertToDer error
}
\endcode
\sa none
*/
WOLFSSL_API
int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
/*!
\ingroup ASN
@ -1015,10 +1071,11 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
pemSz = wc_DerToPem(der, derSz,pemFormatted,FOURK_BUF, CERT_TYPE);
\endcode
\sa wolfSSL_PemCertToDer
\sa wc_PemCertToDer
*/
WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
word32 outputSz, int type);
/*!
\ingroup ASN
@ -1059,10 +1116,81 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
pemSz = wc_DerToPemEx(der, derSz,pemFormatted,FOURK_BUF, ,CERT_TYPE);
\endcode
\sa wolfSSL_PemCertToDer
\sa wc_PemCertToDer
*/
WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
word32 outputSz, byte *cipherIno, int type);
/*!
\ingroup CertsKeys
\brief Converts a key in PEM format to DER format.
\return int the function returns the number of bytes written to
the buffer on successful execution.
\return int negative int returned indicating an error.
\param pem a pointer to the PEM encoded certificate.
\param pemSz the size of the PEM buffer (pem)
\param buff a pointer to the copy of the buffer member of the
DerBuffer struct.
\param buffSz size of the buffer space allocated in the DerBuffer struct.
\param pass password passed into the function.
_Example_
\code
byte* loadBuf;
long fileSz = 0;
byte* bufSz;
static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
const char* keyFile,
int typeKey, const char* pasword);
bufSz = wc_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
(int)fileSz, password);
if(saveBufSz > 0){
// Bytes were written to the buffer.
}
\endcode
\sa wc_PemToDer
*/
WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
/*!
\ingroup CertsKeys
\brief This function converts a PEM formatted certificate to DER
format. Calls OpenSSL function PemToDer.
\return buffer returns the bytes written to the buffer.
\param pem pointer PEM formatted certificate.
\param pemSz size of the certificate.
\param buff buffer to be copied to DER format.
\param buffSz size of the buffer.
\param type Certificate file type found in asn_public.h enum CertType.
_Example_
\code
const unsigned char* pem;
int pemSz;
unsigned char buff[BUFSIZE];
int buffSz = sizeof(buff)/sizeof(char);
int type;
...
if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
// There were bytes written to buffer
}
\endcode
\sa wc_PemToDer
*/
WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
/*!
\ingroup ASN
@ -1112,7 +1240,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
// read key into tmp buffer
wc_ecc_init(&key); // initialize key
ret = wc_Ecc_PrivateKeyDecode(tmp, &idx, &key, (word32)inSz);
ret = wc_EccPrivateKeyDecode(tmp, &idx, &key, (word32)inSz);
if(ret < 0) {
// error decoding ecc key
}
@ -1120,8 +1248,9 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_RSA_PrivateKeyDecode
*/
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
ecc_key*, word32);
/*!
\ingroup ASN
@ -1164,7 +1293,8 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_RsaKeyToDer
*/
WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
/*!
\ingroup ASN
@ -1197,8 +1327,9 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_ecc_import_x963
*/
WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
ecc_key*, word32);
/*!
\ingroup ASN
@ -1222,7 +1353,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\code
ecc_key key;
wc_ecc_init(&key);
WC_RNG rng;
WC_WC_RNG rng;
wc_InitRng(&rng);
wc_ecc_make_key(&rng, 24, &key);
int derSz = // Some appropriate size for der;
@ -1237,8 +1368,9 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
\sa wc_EccKeyToDer
\sa wc_EccPrivateKeyDecode
*/
WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
word32 inLen, int with_AlgCurve);
/*!
\ingroup ASN
@ -1274,6 +1406,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
*/
WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
word32 digSz, int hashOID);
/*!
\ingroup ASN

2
doc/dox_comments/header_files/blake2.h
View File

@ -81,7 +81,7 @@ WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
wc_InitBlake2b(&b2b, 64);
... // call wc_Blake2bUpdate to add data to hash
ret = 2c_Blake2bFinal(&b2b, hash, 64);
ret = wc_Blake2bFinal(&b2b, hash, 64);
if( ret != 0) {
// error generating blake2b hash
}

2
doc/dox_comments/header_files/camellia.h
View File

@ -85,7 +85,7 @@ WOLFSSL_API int wc_CamelliaSetIV(Camellia* cam, const byte* iv);
byte plain[] = { // initialize with message to encrypt };
byte cipher[16];
wc_CamelliaEncrypt(&ca, cipher, plain);
wc_CamelliaEncryptDirect(&ca, cipher, plain);
\endcode
\sa wc_CamelliaDecryptDirect

18
doc/dox_comments/header_files/coding.h
View File

@ -74,8 +74,8 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
\sa Base64_EncodeEsc
\sa Base64_Decode
*/
WOLFSSL_API
int Base64_Encode(const byte* in, word32 inLen, byte* out,
WOLFSSL_API
int Base64_Encode(const byte* in, word32 inLen, byte* out,
word32* outLen);
/*!
\ingroup Base_Encoding
@ -116,7 +116,7 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
\sa Base64_Encode
\sa Base64_Decode
*/
int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
word32* outLen);
/*!
\ingroup Base_Encoding
@ -154,8 +154,8 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
\sa Base64_Encode
\sa Base64_Decode
*/
WOLFSSL_API
int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
WOLFSSL_API
int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
word32* outLen);
/*!
\ingroup Base_Encoding
@ -192,8 +192,8 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
\sa Base64_Decode
\sa Base16_Encode
*/
WOLFSSL_API
int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
WOLFSSL_API
int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
/*!
\ingroup Base_Encoding
@ -224,5 +224,5 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
\sa Base64_Decode
\sa Base16_Decode
*/
WOLFSSL_API
int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen);
WOLFSSL_API
int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen);

2
doc/dox_comments/header_files/curve25519.h
View File

@ -23,7 +23,7 @@
\code
curve25519_key key;
wc_curve25519_init(&key); // initialize key
RNG rng;
WC_RNG rng;
wc_InitRng(&rng); // initialize random number generator
if( wc_curve25519_make_key(&rng, 32, &key) != 0) {

2
doc/dox_comments/header_files/dh.h
View File

@ -80,7 +80,7 @@ WOLFSSL_API void wc_FreeDhKey(DhKey* key);
wc_InitDhKey(&key); // initialize key
// Set DH parameters using wc_DhSetKey or wc_DhKeyDecode
RNG rng;
WC_RNG rng;
wc_InitRng(&rng); // initialize rng
ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
\endcode

8
doc/dox_comments/header_files/dsa.h
View File

@ -81,7 +81,7 @@ WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
DsaKey key;
// initialize DSA key, load private Key
int ret;
RNG rng;
WC_RNG rng;
wc_InitRng(&rng);
byte hash[] = { // initialize with hash digest };
byte signature[40]; // signature will be 40 bytes (320 bits)
@ -255,7 +255,7 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
_Example_
\code
DsaKey key;
WC_RNG rng;
WC_WC_RNG rng;
int derSz;
int bufferSize = // Sufficient buffer size;
byte der[bufferSize];
@ -286,7 +286,7 @@ WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
_Example_
\code
WC_RNG rng;
WC_WC_RNG rng;
DsaKey dsa;
wc_InitRng(&rng);
wc_InitDsa(&dsa);
@ -318,7 +318,7 @@ WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
_Example_
\code
DsaKey key;
WC_RNG rng;
WC_WC_RNG rng;
wc_InitDsaKey(&key);
wc_InitRng(&rng);
if(wc_MakeDsaParameters(&rng, 1024, &genKey) != 0)

101
doc/dox_comments/header_files/ecc.h
View File

@ -41,7 +41,7 @@
\code
ecc_key key;
wc_ecc_init(&key);
RNG rng;
WC_WC_RNG rng;
wc_InitRng(&rng);
wc_ecc_make_key(&rng, 32, &key); // initialize 32 byte ecc key
\endcode
@ -51,6 +51,7 @@
*/
WOLFSSL_API
int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
/*!
\ingroup ECC
@ -65,7 +66,7 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
_Example_
\code
ecc_key key;
RNG rng;
WC_WC_RNG rng;
int check_result;
wc_ecc_init(&key);
wc_InitRng(&rng);
@ -85,7 +86,8 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
\sa wc_ecc_point_is_at_infinity
*/
WOLFSSL_API
int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
int wc_ecc_check_key(ecc_key* key);
/*!
\ingroup ECC
@ -139,7 +141,7 @@ int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
_Example_
\code
ecc_key priv, pub;
RNG rng;
WC_WC_RNG rng;
byte secret[1024]; // can hold 1024 byte shared secret key
word32 secretSz = sizeof(secret);
int ret;
@ -161,6 +163,7 @@ int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
WOLFSSL_API
int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
word32* outlen);
/*!
\ingroup ECC
@ -192,7 +195,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
point = wc_ecc_new_point();
result = wc_ecc_shared_secret_ssh(&key, point,
result = wc_ecc_shared_secret_ex(&key, point,
&shared_secret, &secret_size);
if (result != MP_OKAY)
@ -206,6 +209,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
WOLFSSL_API
int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
byte* out, word32 *outlen);
/*!
\ingroup ECC
@ -254,7 +258,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
_Example_
\code
ecc_key key;
RNG rng;
WC_WC_RNG rng;
int ret, sigSz;
byte sig[512]; // will hold generated signature
@ -274,6 +278,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
WOLFSSL_API
int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
WC_RNG* rng, ecc_key* key);
/*!
\ingroup ECC
@ -319,7 +324,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
_Example_
\code
ecc_key key;
WC_RNG rng;
WC_WC_WC_RNG rng;
int ret, sigSz;
mp_int r; // destination for r component of signature.
mp_int s; // destination for s component of signature.
@ -342,6 +347,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
WOLFSSL_API
int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
ecc_key* key, mp_int *r, mp_int *s);
/*!
\ingroup ECC
@ -409,6 +415,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
WOLFSSL_API
int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* stat, ecc_key* key);
/*!
\ingroup ECC
@ -447,6 +454,7 @@ Note: Do not use the return value to test for valid. Only use stat.
WOLFSSL_API
int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* stat, ecc_key* key);
/*!
\ingroup ECC
@ -469,6 +477,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
*/
WOLFSSL_API
int wc_ecc_init(ecc_key* key);
/*!
\ingroup ECC
@ -489,6 +498,7 @@ int wc_ecc_init(ecc_key* key);
*/
WOLFSSL_API
int wc_ecc_free(ecc_key* key);
/*!
\ingroup ECC
@ -513,6 +523,7 @@ int wc_ecc_free(ecc_key* key);
*/
WOLFSSL_API
void wc_ecc_fp_free(void);
/*!
\ingroup ECC
@ -526,7 +537,7 @@ void wc_ecc_fp_free(void);
_Example_
\code
ecc_key key;
RNG rng;
WC_WC_RNG rng;
int is_valid;
wc_ecc_init(&key);
wc_InitRng(&rng);
@ -546,6 +557,7 @@ void wc_ecc_fp_free(void);
*/
WOLFSSL_API
int wc_ecc_is_valid_idx(int n);
/*!
\ingroup ECC
@ -573,6 +585,7 @@ int wc_ecc_is_valid_idx(int n);
*/
WOLFSSL_API
ecc_point* wc_ecc_new_point(void);
/*!
\ingroup ECC
@ -600,6 +613,7 @@ ecc_point* wc_ecc_new_point(void);
*/
WOLFSSL_API
void wc_ecc_del_point(ecc_point* p);
/*!
\ingroup ECC
@ -632,6 +646,7 @@ void wc_ecc_del_point(ecc_point* p);
*/
WOLFSSL_API
int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
/*!
\ingroup ECC
@ -674,6 +689,7 @@ int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
*/
WOLFSSL_API
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
/*!
\ingroup ECC
@ -714,6 +730,7 @@ int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
*/
WOLFSSL_API
int wc_ecc_point_is_at_infinity(ecc_point *p);
/*!
\ingroup ECC
@ -748,6 +765,7 @@ int wc_ecc_point_is_at_infinity(ecc_point *p);
WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* a, mp_int* modulus, int map);
/*!
\ingroup ECC
@ -812,6 +830,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
*/
WOLFSSL_API
int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
/*!
\ingroup ECC
@ -882,6 +901,7 @@ int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
*/
WOLFSSL_API
int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
/*!
\ingroup ECC
@ -944,6 +964,7 @@ int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
*/
WOLFSSL_API
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
/*!
\ingroup ECC
@ -1013,6 +1034,7 @@ NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at compile
WOLFSSL_API
int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key);
/*!
\ingroup ECC
@ -1077,6 +1099,7 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
*/
WOLFSSL_API
int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
/*!
\ingroup ECC
@ -1142,6 +1165,7 @@ int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
WOLFSSL_API
int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
const char* d, const char* curveName);
/*!
\ingroup ECC
@ -1203,6 +1227,7 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
*/
WOLFSSL_API
int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
/*!
\ingroup ECC
@ -1235,6 +1260,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
byte* out, word32* outLen);
/*!
\ingroup ECC
@ -1266,6 +1292,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
WOLFSSL_API
int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
ecc_point* point);
/*!
\ingroup ECC
@ -1292,12 +1319,40 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
*/
WOLFSSL_API
int wc_ecc_size(ecc_key* key);
/*!
\ingroup ECC
\brief This function returns the worst case size for an ECC signature,
given by: keySz * 2 + SIG_HEADER_SZ + 4 The actual signature size can
be computed with wc_ecc_sign_hash.
given by: (keySz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ.
The actual signature size can be computed with wc_ecc_sign_hash.
\return returns the maximum signature
size, in octets
\param key size
_Example_
\code
int sigSz = wc_ecc_sig_size_calc(32);
if ( sigSz == 0) {
// error determining sig size
}
\endcode
\sa wc_ecc_sign_hash
\sa wc_ecc_sig_size
*/
WOLFSSL_API
int wc_ecc_sig_size_calc(int sz);
/*!
\ingroup ECC
\brief This function returns the worst case size for an ECC signature,
given by: (keySz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ.
The actual signature size can be computed with wc_ecc_sign_hash.
\return Success Given a valid key, returns the maximum signature
size, in octets
@ -1314,17 +1369,20 @@ int wc_ecc_size(ecc_key* key);
sigSz = wc_ecc_sig_size(&key);
if ( sigSz == 0) {
// error determining sig size
// error determining sig size
}
\endcode
\sa wc_ecc_sign_hash
\sa wc_ecc_sig_size_calc
*/
WOLFSSL_API
int wc_ecc_sig_size(ecc_key* key);
/*!
\ingroup ECC
\brief This function allocates and initializes space for a new ECC
context object to allow secure message exchange with ECC.
@ -1340,11 +1398,11 @@ int wc_ecc_sig_size(ecc_key* key);
_Example_
\code
ecEncCtx* ctx;
RNG rng;
WC_WC_RNG rng;
wc_InitRng(&rng);
ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
if(ctx == NULL) {
// error generating new ecEncCtx object
// error generating new ecEncCtx object
}
\endcode
@ -1353,6 +1411,7 @@ int wc_ecc_sig_size(ecc_key* key);
*/
WOLFSSL_API
ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
/*!
\ingroup ECC
@ -1366,7 +1425,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
_Example_
\code
ecEncCtx* ctx;
RNG rng;
WC_WC_RNG rng;
wc_InitRng(&rng);
ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
// do secure communication
@ -1378,6 +1437,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
*/
WOLFSSL_API
void wc_ecc_ctx_free(ecEncCtx*);
/*!
\ingroup ECC
@ -1395,7 +1455,7 @@ void wc_ecc_ctx_free(ecEncCtx*);
_Example_
\code
ecEncCtx* ctx;
RNG rng;
WC_WC_RNG rng;
wc_InitRng(&rng);
ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
// do secure communication
@ -1408,6 +1468,7 @@ void wc_ecc_ctx_free(ecEncCtx*);
*/
WOLFSSL_API
int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
/*!
\ingroup ECC
@ -1426,7 +1487,7 @@ int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free
_Example_
\code
ecEncCtx* ctx;
RNG rng;
WC_WC_RNG rng;
const byte* salt;
wc_InitRng(&rng);
ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
@ -1441,6 +1502,7 @@ int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free
*/
WOLFSSL_API
const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
/*!
\ingroup ECC
@ -1461,7 +1523,7 @@ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
_Example_
\code
ecEncCtx* cliCtx, srvCtx;
RNG rng;
WC_WC_RNG rng;
const byte* cliSalt, srvSalt;
int ret;
@ -1478,6 +1540,7 @@ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
*/
WOLFSSL_API
int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
/*!
\ingroup ECC
@ -1508,6 +1571,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
*/
WOLFSSL_API
int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
/*!
\ingroup ECC
@ -1568,6 +1632,7 @@ int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
WOLFSSL_API
int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
/*!
\ingroup ECC

10
doc/dox_comments/header_files/ed25519.h
View File

@ -18,7 +18,7 @@
\code
ed25519_key key;
wc_ed25519_init(&key);
RNG rng;
WC_RNG rng;
wc_InitRng(&rng);
wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte ed25519 key
\endcode
@ -51,7 +51,7 @@ int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
_Example_
\code
ed25519_key key;
RNG rng;
WC_RNG rng;
int ret, sigSz;
byte sig[64]; // will hold generated signature
@ -332,7 +332,7 @@ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
ed25519_key key;
wc_ed25519_init(&key);
RNG rng;
WC_RNG rng;
wc_InitRng(&rng);
wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte ed25519 key
@ -432,7 +432,7 @@ int wc_ed25519_size(ed25519_key* key);
ed25519_key key;
wc_ed25519_init(&key);
RNG rng;
WC_RNG rng;
wc_InitRng(&rng);
wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte ed25519 key
@ -457,7 +457,7 @@ int wc_ed25519_priv_size(ed25519_key* key);
\code
ed25519_key key;
wc_ed25519_init(&key);
RNG rng;
WC_RNG rng;
wc_InitRng(&rng);
wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte ed25519 key

2
doc/dox_comments/header_files/evp.h
View File

@ -36,7 +36,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
_Example_
\code
WOLFSSL_EVP_CIPHER* cipher;
cipher = wolfSSL_EVP_des_ecb();
cipher = wolfSSL_EVP_des_cbc();
\endcode

14
doc/dox_comments/header_files/memory.h
View File

@ -24,7 +24,7 @@
\sa XFREE
\sa XREALLOC
*/
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line);
/*!
\ingroup Memory
@ -54,7 +54,7 @@
\sa XFREE
\sa XREALLOC
*/
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line);
/*!
\ingroup Memory
@ -83,7 +83,7 @@
\sa XFREE
\sa XREALLOC
*/
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
/*!
\ingroup Memory
@ -113,7 +113,7 @@
\sa wolfSSL_Realloc
\sa wolfSSL_SetAllocators
*/
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
/*!
\ingroup Memory
@ -147,7 +147,7 @@
\sa wolfSSL_Malloc
\sa wolfSSL_SetAllocators
*/
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
/*!
\ingroup Memory
@ -171,7 +171,7 @@
\sa wolfSSL_Realloc
\sa wolfSSL_SetAllocators
*/
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
/*!
\ingroup Memory
@ -289,4 +289,4 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
\sa wolfSSL_Malloc
\sa wolfSSL_Free
*/
WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);

6
doc/dox_comments/header_files/pkcs7.h
View File

@ -111,7 +111,7 @@ WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
pkcs7.contentSz = dataSz;
... etc.
ret = wc_PKCS7_EnocodeData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
ret = wc_PKCS7_EncodeData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
if ( ret != 0 ) {
// error encoding into output buffer
}
@ -182,7 +182,7 @@ WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
pkcs7.contentSz = dataSz;
... etc.
ret = wc_PKCS7_EnocodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
ret = wc_PKCS7_EncodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
if ( ret != 0 ) {
// error encoding into output buffer
}
@ -258,7 +258,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
pkcs7.contentSz = dataSz;
... etc.
ret = wc_PKCS7_EnocodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
ret = wc_PKCS7_EncodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff));
if ( ret != 0 ) {
// error encoding into output buffer
}

6
doc/dox_comments/header_files/random.h
View File

@ -24,7 +24,7 @@
\sa wc_FreeNetRandom
*/
WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
/*!
\ingroup Random
@ -46,7 +46,7 @@
\sa wc_InitNetRandom
*/
WOLFSSL_API int wc_FreeNetRandom(void);
WOLFSSL_API int wc_FreeNetRandom(void);
/*!
\ingroup Random
@ -254,7 +254,7 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*);
\sa wc_RNG_GenerateByte
\sa wc_FreeRng
*/
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
byte* output, word32 outputSz);

32
doc/dox_comments/header_files/rsa.h
View File

@ -18,7 +18,7 @@
\code
RsaKey enc;
int ret;
ret = wc_RsaInitKey(&enc, NULL); // not using heap hint. No custom memory
ret = wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
if ( ret != 0 ) {
// error initializing RSA key
}
@ -28,6 +28,7 @@
\sa wc_FreeRsaKey
*/
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
/*!
\ingroup RSA
@ -49,6 +50,7 @@ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
\sa wc_InitRsaKey
*/
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
/*!
\ingroup RSA
@ -122,6 +124,7 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
*/
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
/*!
\ingroup RSA
@ -145,6 +148,7 @@ WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
*/
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
/*!
\ingroup RSA
@ -178,6 +182,7 @@ WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
*/
WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
/*!
\ingroup RSA
@ -210,6 +215,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
*/
WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
/*!
\ingroup RSA
@ -227,7 +233,7 @@ WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
_Example_
\code
RsaKey key;
RNG rng;
WC_WC_RNG rng;
int ret = 0;
long e = 65537; // standard value to use for exponent
wc_InitRsaKey(&key, NULL); // not using heap hint. No custom memory
@ -247,6 +253,7 @@ WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
*/
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
RsaKey* key);
/*!
\ingroup RSA
@ -278,6 +285,7 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
*/
WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
/*!
\ingroup RSA
@ -298,6 +306,7 @@ WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
\sa XMEMSET
*/
WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
/*!
\ingroup RSA
@ -341,6 +350,7 @@ WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
*/
WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
/*!
\ingroup RSA
@ -389,6 +399,7 @@ WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
*/
WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
/*!
\ingroup RSA
@ -433,6 +444,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
*/
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key);
/*!
\ingroup RSA
@ -454,7 +466,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
// Allocate memory for der
int derSz = // Amount of memory allocated for der;
RsaKey key;
RNG rng;
WC_WC_RNG rng;
long e = 65537; // standard value to use for exponent
ret = wc_MakeRsaKey(&key, 2048, e, &rng); // generate 2048 bit long
private key
@ -472,6 +484,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
\sa wc_InitRng
*/
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
/*!
\ingroup RSA
@ -496,7 +509,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
_Example_
\code
WC_RNG rng;
WC_WC_WC_RNG rng;
RsaKey key;
byte in[] = “I use Turing Machines to ask questions”
byte out[256];
@ -516,6 +529,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
/*!
\ingroup RSA
@ -542,7 +556,7 @@ WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
_Example_
\code
WC_RNG rng;
WC_WC_WC_RNG rng;
RsaKey key;
byte in[] = “I use Turing Machines to ask questions”
byte out[256];
@ -568,6 +582,7 @@ WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
byte* out, word32 outLen, RsaKey* key, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
/*!
\ingroup RSA
@ -598,7 +613,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
_Example_
\code
WC_RNG rng;
WC_WC_WC_RNG rng;
RsaKey key;
byte in[] = “I use Turing Machines to ask questions”
byte out[256];
@ -625,6 +640,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
byte** out, RsaKey* key, int type, enum wc_HashType hash,
int mgf, byte* label, word32 lableSz);
/*!
\ingroup RSA
@ -669,6 +685,7 @@ WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
*/
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
word32*);
/*!
\ingroup RSA
@ -703,6 +720,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
\sa wc_RsaInitKey
*/
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
/*!
\ingroup RSA
@ -757,7 +775,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
_Example_
\code
RsaKey priv;
RNG rng;
WC_WC_RNG rng;
int ret = 0;
long e = 65537; // standard value to use for exponent

4
doc/dox_comments/header_files/sha256.h
View File

@ -227,8 +227,8 @@ WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32);
WOLFSSL_MSG("wc_InitSha224 failed");
}
else {
wc_Sha256Update(&sha224, data, len);
wc_Sha256Final(&sha224, hash);
wc_Sha224Update(&sha224, data, len);
wc_Sha224Final(&sha224, hash);
}
\endcode

2
doc/dox_comments/header_files/signature.h
View File

@ -106,7 +106,7 @@ WOLFSSL_API int wc_SignatureVerify(
_Example_
\code
int ret;
RNG rng;
WC_RNG rng;
ecc_key eccKey;
wc_InitRng(&rng);

145
doc/dox_comments/header_files/ssl.h
View File

@ -1366,38 +1366,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
\sa wolfSSL_use_certificate_chain_buffer
*/
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
/*!
\ingroup openSSL
\brief Loads the PEM certificate from fileName and converts it into DER
format, placing the result into derBuffer which is of size derSz.
\return Success If successful the call will return the number of bytes
written to derBuffer.
\return SSL_BAD_FILE will be returned if the file doesnt exist, cant be
read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return SSL_NO_PEM_HEADER will be returned if the PEM certificate header
cant be found.
\return BUFFER_E will be returned if a chain buffer is bigger than the
receiving buffer.
\param filename pointer to the name of the PEM-formatted certificate for
conversion.
\param derBuffer the buffer for which the converted PEM certificate will
be placed in DER format.
\param derSz size of derBuffer.
_Example_
\code
int derSz;
byte derBuf[...];
derSz = wolfSSL_PemCertToDer(“./cert.pem”, derBuf, sizeof(derBuf));
\endcode
\sa SSL_get_peer_certificate
*/
WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int);
/*!
\ingroup Setup
@ -1489,8 +1458,8 @@ WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
}
\endcode
\sa wolfSSL_SetIOSend
\sa wolfSSL_SetIORecv
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_CTX_SetIORecv
\sa wolfSSL_SetIOReadCtx
\sa wolfSSL_SetIOWriteCtx
*/
@ -2210,7 +2179,7 @@ WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
\sa wolfSSL_get_session
*/
WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*);
/*!
\ingroup IO
@ -2248,7 +2217,7 @@ WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session
\sa wolfSSL_set_session
*/
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
/*!
\ingroup IO
@ -2275,7 +2244,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl);
\sa wolfSSL_get_session
\sa wolfSSL_set_session
*/
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm);
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
/*!
\ingroup TLS
@ -2310,7 +2279,7 @@ WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX *ctx, long tm);
\sa GetSessionClient
*/
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char*,
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*,
int, int);
/*!
\ingroup IO
@ -3589,7 +3558,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
downgrade to SSLv3 if needed. In this case, the client will be able to
connect to a server running SSLv3 - TLSv1.2.
\return pointer upon succes a pointer to a WOLFSSL_METHOD.
\return pointer upon success a pointer to a WOLFSSL_METHOD.
\return Failure If memory allocation fails when calling XMALLOC,
the failure value of the underlying malloc() implementation will be
returned (typically NULL with errno will be set to ENOMEM).
@ -7193,103 +7162,7 @@ WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
\sa wolfSSL_CTX_new
*/
WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
/*!
\ingroup CertsKeys
\brief Converts a key in PEM format to DER format.
\return int the function returns the number of bytes written to
the buffer on successful execution.
\return int negative int returned indicating an error.
\param pem a pointer to the PEM encoded certificate.
\param pemSz the size of the PEM buffer (pem)
\param buff a pointer to the copy of the buffer member of the
DerBuffer struct.
\param buffSz size of the buffer space allocated in the DerBuffer struct.
\param pass password passed into the function.
_Example_
\code
byte* loadBuf;
long fileSz = 0;
byte* bufSz;
static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
const char* keyFile,
int typeKey, const char* pasword);
bufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
(int)fileSz, password);
if(saveBufSz > 0){
// Bytes were written to the buffer.
}
\endcode
\sa PemToDer
\sa wolfssl_decrypt_buffer_key
*/
WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
unsigned char*, int, const char*);
/*!
\ingroup CertsKeys
\brief This function converts a PEM formatted certificate to DER
format. Calls OpenSSL function PemToDer.
\return buffer returns the bytes written to the buffer.
\param pem pointer PEM formatted certificate.
\param pemSz size of the certificate.
\param buff buffer to be copied to DER format.
\param buffSz size of the buffer.
\param type Certificate file type found in asn_public.h enum CertType.
_Example_
\code
const unsigned char* pem;
int pemSz;
unsigned char buff[BUFSIZE];
int buffSz = sizeof(buff)/sizeof(char);
int type;
...
if(wolfSSL_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
// There were bytes written to buffer
}
\endcode
\sa PemToDer
*/
WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
unsigned char*, int, int);
/*!
\ingroup CertsKeys
\brief Converts the PEM format to DER format.
\return int an int type representing the bytes written to buffer.
\param <0 returned for an error.
\param BAD_FUNC_ARG returned if the DER length is incorrect or if the
pem buff, or buffSz arguments are NULL.
_Example_
\code
unsigned char* pem = “pem file”;
int pemSz = sizeof(pem)/sizeof(char);
unsigned char* buff;
int buffSz;
...
if(wolfSSL_PubKeyPemToDer(pem, pemSz, buff, buffSz)!= SSL_SUCCESS){
// Conversion was not successful
}
\endcode
\sa wolfSSL_PubKeyPemToDer
\sa wolfSSL_PemPubKeyToDer
\sa PemToDer
*/
WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
unsigned char*, int);
/*!
\brief Allows caller to set the Atomic User Record Processing
Mac/Encrypt Callback. The callback should return 0 for success
@ -11338,7 +11211,7 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
_Example_
\code
WOLFSSL_CTX* ctx;
Pem_password_cb cb;
pem_password_cb cb;
// setup ctx
cb = wolfSSL_CTX_get_default_passwd_cb(ctx);
//use cb

22
doc/dox_comments/header_files/wc_port.h
View File

@ -1,3 +1,25 @@
/*!
\ingroup wolfCrypt
\brief Used to initialize resources used by wolfCrypt.
\return 0 upon success.
\return <0 upon failure of init resources.
\param none No parameters.
_Example_
\code
...
if (wolfCrypt_Init() != 0) {
WOLFSSL_MSG("Error with wolfCrypt_Init call");
}
\endcode
\sa wolfCrypt_Cleanup
*/
WOLFSSL_API int wolfCrypt_Init(void);
/*!
\ingroup wolfCrypt

34
doc/dox_comments/header_files/wolfio.h
View File

@ -232,18 +232,18 @@
// Receive callback prototype
int MyEmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
// Register the custom receive callback with wolfSSL
wolfSSL_SetIORecv(ctx, MyEmbedReceive);
wolfSSL_CTX_SetIORecv(ctx, MyEmbedReceive);
int MyEmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
// custom EmbedReceive function
}
\endcode
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_SetIOReadCtx
\sa wolfSSL_SetIOWriteCtx
*/
WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
/*!
\brief This function registers a context for the SSL sessions receive
callback function. By default, wolfSSL sets the file descriptor passed to
@ -269,8 +269,8 @@ WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
...
\endcode
\sa wolfSSL_SetIORecv
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIORecv
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_SetIOWriteCtx
*/
WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
@ -295,12 +295,12 @@ WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
WOLFSSL* ssl = 0;
...
// Manually setting the socket fd as the send CTX, for example
wolfSSL_SetIOSendCtx(ssl, &sockfd);
wolfSSL_SetIOWriteCtx(ssl, &sockfd);
...
\endcode
\sa wolfSSL_SetIORecv
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIORecv
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_SetIOReadCtx
*/
WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
@ -330,7 +330,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
\sa wolfSSL_SetIOReadFlags
\sa wolfSSL_SetIOWriteCtx
\sa wolfSSL_SetIOReadCtx
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIOSend
*/
WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
/*!
@ -358,14 +358,14 @@ WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
\sa wolfSSL_GetIOReadCtx
\sa wolfSSL_SetIOWriteCtx
\sa wolfSSL_SetIOReadCtx
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIOSend
*/
WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
/*!
\brief This function sets the flags for the receive callback to use for
the given SSL session. The receive callback could be either the default
wolfSSL EmbedReceive callback, or a custom callback specified by the user
(see wolfSSL_SetIORecv). The default flag value is set internally by
(see wolfSSL_CTX_SetIORecv). The default flag value is set internally by
wolfSSL to the value of 0. The default wolfSSL receive callback uses the
recv() function to receive data from the socket. From the recv() man page:
“The flags argument to a recv() function is formed by or'ing one or more
@ -397,8 +397,8 @@ WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
...
\endcode
\sa wolfSSL_SetIORecv
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIORecv
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_SetIOReadCtx
*/
WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
@ -406,7 +406,7 @@ WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
\brief This function sets the flags for the send callback to use for the
given SSL session. The send callback could be either the default wolfSSL
EmbedSend callback, or a custom callback specified by the user (see
wolfSSL_SetIOSend). The default flag value is set internally by wolfSSL
wolfSSL_CTX_SetIOSend). The default flag value is set internally by wolfSSL
to the value of 0. The default wolfSSL send callback uses the send()
function to send data from the socket. From the send() man page: “The
flags parameter may include one or more of the following:
@ -427,12 +427,12 @@ WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
WOLFSSL* ssl = 0;
...
// Manually setting send flags to 0
wolfSSL_SetIOSendFlags(ssl, 0);
wolfSSL_SetIOWriteFlags(ssl, 0);
...
\endcode
\sa wolfSSL_SetIORecv
\sa wolfSSL_SetIOSend
\sa wolfSSL_CTX_SetIORecv
\sa wolfSSL_CTX_SetIOSend
\sa wolfSSL_SetIOReadCtx
*/
WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);

13
doc/formats/html/mainpage.dox
View File

@ -3,8 +3,17 @@
*/
/*!
\mainpage This Documentation Covers %wolfSSL, %wolfCrypt, and %CertManager API
\section website Useful Links
\section apiRef API Reference
<!-- <a href="">Encryption API reference</a><br> -->
<!-- <a href="">SSL/TLS API reference</a><br> -->
<a href="http://wolfssl.com/doxygen/modules.html">Complete API Reference</a><br>
<a href="http://wolfssl.com/doxygen/annotated.html">wolfSSL Data Structures</a><br>
<a href="http://wolfssl.com/doxygen/pages.html">Useful guides/documentation</a><br>
<br>
\subsection website Useful Links
https://wolfssl.com/wolfSSL/Home.html - Main website<br>
https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html - %wolfSSL Manual<br>
https://www.wolfssl.com/docs/wolfssl-manual/ch18/ - wolfCrypt Manual<br>

454
examples/benchmark/tls_bench.c
View File

@ -28,7 +28,7 @@ gcc -lwolfssl -lpthread -o tls_bench tls_bench.c
Or
#include <examples/benchmark/tls_bench.h>
bench_tls();
bench_tls(args);
*/
@ -41,6 +41,8 @@ bench_tls();
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#include <examples/benchmark/tls_bench.h>
/* force certificate test buffers to be included via headers */
@ -57,15 +59,16 @@ bench_tls();
#include <unistd.h>
#include <sys/time.h>
/* configuration parameters */
#define THREAD_COUNT 2
#define RUNTIME_SEC 2
#define MEM_BUFFER_SZ (1024*5)
#define MIN_DHKEY_BITS 1024
/* Defaults for configuration parameters */
#define THREAD_PAIRS 1 /* Thread pairs of server/client */
#define MEM_BUFFER_SZ (1024*16) /* Must be large enough to handle max packet size */
#define MIN_DHKEY_BITS 1024
#define RUNTIME_SEC 1
#define TEST_SIZE_BYTES (1024 * 1024)
#define TEST_PACKET_SIZE 1024
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
/* default output is tab delimited format. Uncomment these to show more */
//#define SHOW_PEER_INFO
//#define SHOW_VERBOSE_OUTPUT
static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */
static const char* kTestStr =
"Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
@ -147,7 +150,7 @@ static const char* kTestStr =
#ifndef NO_DH
/* dh1024 p */
static unsigned char p[] =
static const unsigned char p[] =
{
0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
@ -163,7 +166,7 @@ static unsigned char p[] =
};
/* dh1024 g */
static unsigned char g[] =
static const unsigned char g[] =
{
0x02,
};
@ -194,6 +197,12 @@ typedef struct {
typedef struct {
const char* cipher;
/* The total number of bytes to transfer per connection */
int numBytes;
/* The data payload size in the packet. Will be padded if packet size > buffer size. */
int packetSize;
/* client messages to server in memory */
memBuf_t to_server;
@ -209,38 +218,9 @@ typedef struct {
int shutdown;
} info_t;
#ifdef SHOW_PEER_INFO
static void showPeer(WOLFSSL* ssl)
{
WOLFSSL_CIPHER* cipher;
#ifdef HAVE_ECC
const char *name;
#endif
#ifndef NO_DH
int bits;
#endif
printf("SSL version is %s\n", wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl);
printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
#ifdef HAVE_ECC
if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
printf("SSL curve name is %s\n", name);
#endif
#ifndef NO_DH
if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
printf("SSL DH size is %d bits\n", bits);
#endif
if (wolfSSL_session_reused(ssl))
printf("SSL reused session\n");
#ifdef WOLFSSL_ALT_CERT_CHAINS
if (wolfSSL_is_peer_alt_cert_chain(ssl))
printf("Alternate cert chain used\n");
#endif
}
#endif
/* Global vars for argument parsing */
int myoptind = 0;
char* myoptarg = NULL;
/* server send callback */
static int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
@ -353,12 +333,6 @@ static int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
}
static WC_NORETURN void err_sys(const char* msg)
{
printf("wolfSSL error: %s\n", msg);
exit(1);
}
static double gettime_secs(int reset)
{
struct timeval tv;
@ -371,14 +345,13 @@ static double gettime_secs(int reset)
static void* client_thread(void* args)
{
info_t* info = (info_t*)args;
unsigned char buf[MEM_BUFFER_SZ];
unsigned char* buf;
unsigned char *writeBuf;
double start;
int ret, len;
int ret, bufSize;
WOLFSSL_CTX* cli_ctx;
WOLFSSL* cli_ssl;
#ifdef SHOW_PEER_INFO
int haveShownPeerInfo = 0;
#endif
/* set up client */
cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
@ -397,8 +370,8 @@ static void* client_thread(void* args)
if (ret != WOLFSSL_SUCCESS) err_sys("error loading CA");
#endif
wolfSSL_SetIOSend(cli_ctx, ClientSend);
wolfSSL_SetIORecv(cli_ctx, ClientRecv);
wolfSSL_CTX_SetIOSend(cli_ctx, ClientSend);
wolfSSL_CTX_SetIORecv(cli_ctx, ClientRecv);
/* set cipher suite */
ret = wolfSSL_CTX_set_cipher_list(cli_ctx, info->cipher);
@ -408,9 +381,19 @@ static void* client_thread(void* args)
wolfSSL_CTX_SetMinDhKey_Sz(cli_ctx, MIN_DHKEY_BITS);
#endif
/* Allocate and initialize a packet sized buffer */
writeBuf = (unsigned char*)malloc(info->packetSize);
if (writeBuf != NULL) {
strncpy((char*)writeBuf, kTestStr, info->packetSize);
*(writeBuf + info->packetSize) = '\0';
}
else {
err_sys("failed to allocate memory");
}
while (!info->shutdown) {
cli_ssl = wolfSSL_new(cli_ctx);
if (cli_ctx == NULL) err_sys("error creating client object");
if (cli_ssl == NULL) err_sys("error creating client object");
wolfSSL_SetIOReadCtx(cli_ssl, info);
wolfSSL_SetIOWriteCtx(cli_ssl, info);
@ -426,34 +409,50 @@ static void* client_thread(void* args)
}
info->client_stats.connTime += start;
#ifdef SHOW_PEER_INFO
if (!haveShownPeerInfo) {
if ((argShowPeerInfo) && (!haveShownPeerInfo)) {
haveShownPeerInfo = 1;
showPeer(cli_ssl);
}
#endif
/* write test message to server */
len = (int)strlen(kTestStr)+1; /* include null term */
start = gettime_secs(1);
ret = wolfSSL_write(cli_ssl, kTestStr, len);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
/* Allocate buf after handshake is complete */
bufSize = wolfSSL_GetMaxOutputSize(cli_ssl);
if (bufSize > 0) {
buf = (unsigned char*)malloc(bufSize);
}
else {
buf = NULL;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, sizeof(buf)-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
if (buf != NULL) {
/* write test message to server */
while (info->client_stats.rxTotal < info->numBytes) {
start = gettime_secs(1);
ret = wolfSSL_write(cli_ssl, writeBuf, info->packetSize);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, bufSize-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
}
/* validate echo */
if (strncmp((char*)writeBuf, (char*)buf, info->packetSize) != 0) {
err_sys("echo check failed!\n");
}
}
free(buf);
}
else {
err_sys("failed to allocate memory");
}
/* validate echo */
if (strncmp(kTestStr, (char*)buf, strlen(kTestStr)) != 0) {
err_sys("echo check failed!\n");
}
info->client_stats.connCount++;
@ -462,6 +461,7 @@ static void* client_thread(void* args)
/* clean up */
wolfSSL_CTX_free(cli_ctx);
free(writeBuf);
pthread_cond_signal(&info->to_server.cond);
info->to_client.done = 1;
@ -473,9 +473,9 @@ static void* client_thread(void* args)
static void* server_thread(void* args)
{
info_t* info = (info_t*)args;
unsigned char buf[MEM_BUFFER_SZ];
unsigned char *buf;
double start;
int ret, len = 0;
int ret, len = 0, bufSize;
WOLFSSL_CTX* srv_ctx;
WOLFSSL* srv_ssl;
@ -507,8 +507,8 @@ static void* server_thread(void* args)
if (ret != WOLFSSL_SUCCESS) err_sys("error loading server cert");
#endif
wolfSSL_SetIOSend(srv_ctx, ServerSend);
wolfSSL_SetIORecv(srv_ctx, ServerRecv);
wolfSSL_CTX_SetIOSend(srv_ctx, ServerSend);
wolfSSL_CTX_SetIORecv(srv_ctx, ServerRecv);
/* set cipher suite */
ret = wolfSSL_CTX_set_cipher_list(srv_ctx, info->cipher);
@ -521,7 +521,7 @@ static void* server_thread(void* args)
while (!info->shutdown) {
srv_ssl = wolfSSL_new(srv_ctx);
if (srv_ctx == NULL) err_sys("error creating server object");
if (srv_ssl == NULL) err_sys("error creating server object");
wolfSSL_SetIOReadCtx(srv_ssl, info);
wolfSSL_SetIOWriteCtx(srv_ssl, info);
@ -538,22 +538,39 @@ static void* server_thread(void* args)
info->server_stats.connTime += start;
/* read msg post handshake from client */
memset(buf, 0, sizeof(buf));
start = gettime_secs(1);
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
info->server_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.rxTotal += ret;
len = ret;
/* Allocate buf after handshake is complete */
bufSize = wolfSSL_GetMaxOutputSize(srv_ssl);
if (bufSize > 0) {
buf = (unsigned char*)malloc(bufSize);
}
else {
buf = NULL;
}
/* write message back to client */
start = gettime_secs(1);
ret = wolfSSL_write(srv_ssl, buf, len);
info->server_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.txTotal += ret;
if (buf != NULL) {
while (info->server_stats.txTotal < info->numBytes) {
/* read msg post handshake from client */
memset(buf, 0, bufSize);
start = gettime_secs(1);
ret = wolfSSL_read(srv_ssl, buf, bufSize-1);
info->server_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.rxTotal += ret;
len = ret;
}
/* write message back to client */
start = gettime_secs(1);
ret = wolfSSL_write(srv_ssl, buf, len);
info->server_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.txTotal += ret;
}
}
free(buf);
}
else {
err_sys("failed to allocate memory");
}
info->server_stats.connCount++;
@ -605,48 +622,148 @@ static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, i
wcStat->connTime * 1000,
wcStat->connTime * 1000 / wcStat->connCount);
}
static void Usage(void)
{
printf("tls_bench " LIBWOLFSSL_VERSION_STRING
" NOTE: All files relative to wolfSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-b <num> The total <num> bytes transferred per test connection, default %d\n", TEST_SIZE_BYTES);
#ifdef DEBUG_WOLFSSL
printf("-d Enable debug messages\n");
#endif
printf("-e List Every cipher suite available\n");
printf("-i Show peer info\n");
printf("-l <str> Cipher suite list (: delimited)\n");
printf("-t <num> Time <num> (seconds) to run each test, default %d\n", RUNTIME_SEC);
printf("-p <num> The packet size <num> in bytes [1-16kB], default %d\n", TEST_PACKET_SIZE);
printf("-v Show verbose output\n");
printf("-T <num> Thread pairs of server/client, default %d\n", THREAD_PAIRS);
}
static void ShowCiphers(void)
{
char ciphers[4096];
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
if (ret == WOLFSSL_SUCCESS)
printf("%s\n", ciphers);
}
#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif
int bench_tls(void)
int bench_tls(void* args)
{
info_t theadInfo[THREAD_COUNT];
info_t* info;
info_t *theadInfo, *info;
int i, doShutdown;
char *cipher, *next_cipher, ciphers[4096];
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
int ch;
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Vars configured by command line arguments */
int argRuntimeSec = RUNTIME_SEC;
char *argCipherList = NULL;
int argTestSizeBytes = TEST_SIZE_BYTES;
int argTestPacketSize = TEST_PACKET_SIZE;
int argThreadPairs = THREAD_PAIRS;
int argShowVerbose = SHOW_VERBOSE;
((func_args*)args)->return_code = -1; /* error state */
/* Initialize wolfSSL */
wolfSSL_Init();
/* Run for each cipher */
wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
/* Parse command line arguments */
while ((ch = mygetopt(argc, argv, "?" "b:deil:p:t:vT:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
#ifndef SHOW_VERBOSE_OUTPUT
printf("Side\tCipher\tTotal Bytes\tNum Conns\tRx ms\tTx ms\tRx MB/s\tTx MB/s\tConnect Total ms\tConnect Avg ms\n");
case 'b' :
argTestSizeBytes = atoi(myoptarg);
break;
#ifdef DEBUG_WOLFSSL
case 'd' :
wolfSSL_Debugging_ON();
break;
#endif
case 'e' :
ShowCiphers();
exit(EXIT_SUCCESS);
case 'i' :
argShowPeerInfo = 1;
break;
case 'l' :
argCipherList = myoptarg;
break;
case 'p' :
argTestPacketSize = atoi(myoptarg);
break;
case 't' :
argRuntimeSec = atoi(myoptarg);
break;
case 'v' :
argShowVerbose = 1;
break;
case 'T' :
argThreadPairs = atoi(myoptarg);
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
/* reset for test cases */
myoptind = 0;
if (argCipherList != NULL) {
/* Use the list from CL argument */
cipher = argCipherList;
}
else {
/* Run for each cipher */
wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
cipher = ciphers;
}
/* Allocate test info array */
theadInfo = (info_t*)malloc(sizeof(info_t) * argThreadPairs);
if (theadInfo != NULL) {
memset(theadInfo, 0, sizeof(info_t) * argThreadPairs);
}
/* parse by : */
cipher = ciphers;
while (cipher != NULL && cipher[0] != '\0') {
while ((cipher != NULL) && (cipher[0] != '\0') && (theadInfo != NULL)) {
next_cipher = strchr(cipher, ':');
if (next_cipher != NULL) {
cipher[next_cipher - cipher] = '\0';
}
#ifdef SHOW_VERBOSE_OUTPUT
printf("Cipher: %s\n", cipher);
#endif
if (argShowVerbose) {
printf("Cipher: %s\n", cipher);
}
memset(&theadInfo, 0, sizeof(theadInfo));
for (i=0; i<THREAD_COUNT; i++) {
info = &theadInfo[i];
for (i=0; i<argThreadPairs; i++) {
info = (info_t*)memset(&theadInfo[i], 0, sizeof(info_t));
info->cipher = cipher;
info->numBytes = argTestSizeBytes;
info->packetSize = argTestPacketSize;
pthread_mutex_init(&info->to_server.mutex, NULL);
pthread_mutex_init(&info->to_client.mutex, NULL);
@ -662,10 +779,10 @@ int bench_tls(void)
}
/* run for x time */
sleep(RUNTIME_SEC);
sleep(argRuntimeSec);
/* mark threads to quit */
for (i = 0; i < THREAD_COUNT; ++i) {
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
info->shutdown = 1;
}
@ -674,83 +791,92 @@ int bench_tls(void)
do {
doShutdown = 1;
for (i = 0; i < THREAD_COUNT; ++i) {
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
if (!info->to_client.done || !info->to_server.done) {
doShutdown = 0;
sleep(1); /* Allow other threads to run */
}
}
} while (!doShutdown);
#ifdef SHOW_VERBOSE_OUTPUT
printf("Shutdown complete\n");
if (argShowVerbose) {
printf("Shutdown complete\n");
/* print results */
for (i = 0; i < THREAD_COUNT; ++i) {
info = &theadInfo[i];
printf("\nThread %d\n", i);
print_stats(&info->server_stats, "Server", info->cipher, 1);
print_stats(&info->client_stats, "Server", info->cipher, 1);
}
#endif
/* print combined results for more than one thread */
{
stats_t cli_comb;
stats_t srv_comb;
memset(&cli_comb, 0, sizeof(cli_comb));
memset(&srv_comb, 0, sizeof(srv_comb));
for (i = 0; i < THREAD_COUNT; ++i) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
cli_comb.connCount += info->client_stats.connCount;
srv_comb.connCount += info->server_stats.connCount;
cli_comb.connTime += info->client_stats.connTime;
srv_comb.connTime += info->server_stats.connTime;
cli_comb.rxTotal += info->client_stats.rxTotal;
srv_comb.rxTotal += info->server_stats.rxTotal;
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
printf("\nThread %d\n", i);
print_stats(&info->server_stats, "Server", info->cipher, 1);
print_stats(&info->client_stats, "Server", info->cipher, 1);
}
}
#ifdef SHOW_VERBOSE_OUTPUT
printf("Totals for %d Threads\n", THREAD_COUNT);
#endif
/* print combined results for more than one thread */
stats_t cli_comb;
stats_t srv_comb;
memset(&cli_comb, 0, sizeof(cli_comb));
memset(&srv_comb, 0, sizeof(srv_comb));
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
cli_comb.connCount += info->client_stats.connCount;
srv_comb.connCount += info->server_stats.connCount;
cli_comb.connTime += info->client_stats.connTime;
srv_comb.connTime += info->server_stats.connTime;
cli_comb.rxTotal += info->client_stats.rxTotal;
srv_comb.rxTotal += info->server_stats.rxTotal;
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
}
if (argShowVerbose) {
printf("Totals for %d Threads\n", argThreadPairs);
}
else {
printf("Side\tCipher\tTotal Bytes\tNum Conns\tRx ms\tTx ms\tRx MB/s\tTx MB/s\tConnect Total ms\tConnect Avg ms\n");
print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0);
print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0);
}
/* target next cipher */
cipher = (next_cipher) ? next_cipher+1 : NULL;
cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL;
}
/* Cleanup and return */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
/* Cleanup the wolfSSL environment */
wolfSSL_Cleanup();
return 0; /* Return reporting a success */
/* Free theadInfo array */
free(theadInfo);
/* Return reporting a success */
return (((func_args*)args)->return_code = 0);
}
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
(void)argc;
(void)argv;
func_args args;
bench_tls();
args.argc = argc;
args.argv = argv;
return 0;
bench_tls(&args);
return(args.return_code);
}
#endif

2
examples/benchmark/tls_bench.h
View File

@ -24,7 +24,7 @@
#define WOLFSSL_TLS_BENCH_H
int bench_tls(void);
int bench_tls(void* args);
#endif /* WOLFSSL_TLS_BENCH_H */

317
examples/client/client.c
View File

@ -40,6 +40,7 @@
#include <wolfssl/test.h>
#include <examples/client/client.h>
#include <wolfssl/error-ssl.h>
#ifndef NO_WOLFSSL_CLIENT
@ -99,31 +100,41 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
error = wolfSSL_get_error(ssl, 0);
sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE ||
error == WC_PENDING_E)) {
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
#ifdef WOLFSSL_NONBLOCK_OCSP
|| error == OCSP_WANT_READ
#endif
)) {
int currTimeout = 1;
if (error == WOLFSSL_ERROR_WANT_READ)
printf("... client would read block\n");
else if (error == WOLFSSL_ERROR_WANT_WRITE)
printf("... client would write block\n");
#ifdef WOLFSSL_ASYNC_CRYPT
else if (error == WC_PENDING_E) {
if (error == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
if (error != WC_PENDING_E) {
{
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) {
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
@ -178,14 +189,58 @@ static void ShowVersions(void)
printf("\n");
}
#ifdef WOLFSSL_TLS13
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
{
int groups[3];
int count = 0;
(void)useX25519;
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
#ifdef HAVE_CURVE25519
if (useX25519) {
groups[count++] = WOLFSSL_ECC_X25519;
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != WOLFSSL_SUCCESS)
err_sys("unable to use curve x25519");
}
else
#endif
{
#ifdef HAVE_ECC
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
groups[count++] = WOLFSSL_ECC_SECP256R1;
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
#endif
#endif
}
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
groups[count++] = WOLFSSL_FFDHE_2048;
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != WOLFSSL_SUCCESS)
err_sys("unable to use DH 2048-bit parameters");
#endif
}
if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS)
err_sys("unable to set groups");
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
}
#endif
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
int helloRetry)
int helloRetry, int onlyKeyShare, int version)
{
/* time passed in number of connects give average */
int times = benchmark;
int times = benchmark, skip = times * 0.1;
int loops = resumeSession ? 2 : 1;
int i = 0, err, ret;
#ifndef NO_SESSION_CACHE
@ -193,12 +248,14 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
#endif
#ifdef WOLFSSL_TLS13
byte* reply[80];
static const char msg[] = "hello wolfssl!";
static const char msg[] = "GET /index.html HTTP/1.0\r\n\r\n";
#endif
(void)resumeSession;
(void)useX25519;
(void)helloRetry;
(void)onlyKeyShare;
(void)version;
while (loops--) {
#ifndef NO_SESSION_CACHE
@ -208,36 +265,30 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
for (i = 0; i < times; i++) {
SOCKET_T sockfd;
WOLFSSL* ssl = wolfSSL_new(ctx);
WOLFSSL* ssl;
if (i == skip)
start = current_time(1);
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
#ifdef WOLFSSL_TLS13
if (helloRetry)
wolfSSL_NoKeyShares(ssl);
#endif
#ifndef NO_SESSION_CACHE
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
#ifdef WOLFSSL_TLS13
else if (version >= 4) {
if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519);
else
wolfSSL_NoKeyShares(ssl);
}
#endif
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
#ifndef NO_SESSION_CACHE
if (benchResume)
wolfSSL_set_session(ssl, benchSession);
#endif
#ifdef WOLFSSL_TLS13
#ifdef HAVE_CURVE25519
#ifndef NO_SESSION_CACHE
if (benchResume) {
}
else
#endif
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x25519");
}
}
#endif
#endif
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
err_sys("error in setting fd");
}
@ -260,7 +311,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
}
#ifdef WOLFSSL_TLS13
if (resumeSession) {
if (version >= 4 && resumeSession && !benchResume) {
if (wolfSSL_write(ssl, msg, sizeof(msg)-1) <= 0)
err_sys("SSL_write failed");
@ -269,6 +320,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
}
#endif
wolfSSL_shutdown(ssl);
#ifndef NO_SESSION_CACHE
if (i == (times-1) && resumeSession) {
@ -279,7 +331,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
CloseSocket(sockfd);
}
avg = current_time(0) - start;
avg /= times;
avg /= (times - skip);
avg *= 1000; /* milliseconds */
#ifndef NO_SESSION_CACHE
if (benchResume)
@ -287,6 +339,8 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
else
#endif
printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
WOLFSSL_TIME(times);
}
return EXIT_SUCCESS;
@ -294,7 +348,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int throughput, int useX25519)
int dtlsUDP, int dtlsSCTP, int block, int throughput, int useX25519)
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
@ -344,8 +398,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
conn_time = current_time(0) - start;
/* Allocate TX/RX buffers */
tx_buffer = (char*)XMALLOC(TEST_BUFFER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rx_buffer = (char*)XMALLOC(TEST_BUFFER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
rx_buffer = (char*)XMALLOC(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tx_buffer && rx_buffer) {
WC_RNG rng;
@ -359,7 +413,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int xfer_bytes;
/* Generate random data to send */
ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, TEST_BUFFER_SIZE);
ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, block);
wc_FreeRng(&rng);
if(ret != 0) {
err_sys("wc_RNG_GenerateBlock failed");
@ -371,7 +425,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int len, rx_pos, select_ret;
/* Determine packet size */
len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
len = min(block, throughput - xfer_bytes);
/* Perform TX */
start = current_time(1);
@ -635,7 +689,11 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead)
err_sys("SSL_read failed");
}
}
} while (err == WC_PENDING_E || (mustRead && err == WOLFSSL_ERROR_WANT_READ));
} while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
#ifdef WOLFSSL_ASYNC_CRYPT
|| err == WC_PENDING_E
#endif
);
if (ret > 0) {
reply[ret] = 0;
printf("%s\n", reply);
@ -738,7 +796,7 @@ static void Usage(void)
#ifdef HAVE_WNR
printf("-q <file> Whitewood config file, default %s\n", wnrConfig);
#endif
printf("-H <arg> Internal tests [defCipherList, badCert]\n");
printf("-H <arg> Internal tests [defCipherList, exitWithRet]\n");
#ifdef WOLFSSL_TLS13
printf("-J Use HelloRetryRequest to choose group for KE\n");
printf("-K Key Exchange for PSK not using (EC)DHE\n");
@ -799,6 +857,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int useAnon = 0;
int sendGET = 0;
int benchmark = 0;
int block = TEST_BUFFER_SIZE;
int throughput = 0;
int doDTLS = 0;
int dtlsUDP = 0;
@ -818,14 +877,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
#ifdef HAVE_PK_CALLBACKS
int pkCallbacks = 0;
PkCbInfo pkCbInfo;
#endif
int overrideDateErrors = 0;
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
char* alpnList = NULL;
unsigned char alpn_opt = 0;
char* cipherList = NULL;
int useDefCipherList = 0;
int useBadCert = 0;
const char* verifyCert = caCertFile;
const char* ourCert = cliCertFile;
const char* ourKey = cliKeyFile;
@ -855,8 +916,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
byte disableExtMasterSecret = 0;
#endif
int helloRetry = 0;
#ifdef WOLFSSL_TLS13
int onlyKeyShare = 0;
#ifdef WOLFSSL_TLS13
int noPskDheKe = 0;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
int postHandAuth = 0;
@ -875,6 +936,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
char* ocspUrl = NULL;
#endif
int useX25519 = 0;
int exitWithRet = 0;
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
@ -911,7 +973,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)session;
(void)sslResume;
(void)atomicUser;
(void)pkCallbacks;
(void)scr;
(void)forceScr;
(void)ourKey;
@ -926,7 +987,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)updateKeysIVs;
(void)useX25519;
(void)helloRetry;
(void)useBadCert;
(void)onlyKeyShare;
StackTrap();
@ -1051,9 +1112,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
else if (XSTRNCMP(myoptarg, "badCert", 7) == 0) {
printf("Using bad certificate for testing\n");
useBadCert = 1;
else if (XSTRNCMP(myoptarg, "exitWithRet", 7) == 0) {
printf("Skip exit() for testing\n");
exitWithRet = 1;
}
else {
Usage();
@ -1093,7 +1154,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
case 'B' :
throughput = atoi(myoptarg);
if (throughput <= 0) {
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
if (throughput <= 0 || block <= 0) {
Usage();
exit(MY_EX_USAGE);
}
@ -1140,7 +1207,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
if (maxFragment < WOLFSSL_MFL_2_9 ||
maxFragment > WOLFSSL_MFL_2_13) {
maxFragment > WOLFSSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
@ -1547,8 +1614,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (useAnon) {
#ifdef HAVE_ANON
if (cipherList == NULL || (cipherList && useDefCipherList)) {
const char* defaultCipherList;
wolfSSL_CTX_allow_anon_cipher(ctx);
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA")
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("client can't set cipher list 4");
@ -1565,7 +1635,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
@ -1604,60 +1674,66 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_SetCACb(ctx, CaCb);
#endif
#if !defined(NO_CERTS)
#ifdef HAVE_EXT_CACHE
wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
#endif
#ifndef NO_CERTS
if (useClientCert){
#if !defined(NO_FILESYSTEM)
#ifndef NO_FILESYSTEM
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
}
#else
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#endif
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#ifdef TEST_PK_PRIVKEY
if (!pkCallbacks)
#endif
#endif
#ifndef NO_FILESYSTEM
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
}
#else
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
#else
load_buffer(ctx, ourKey, WOLFSSL_KEY);
#endif /* !defined(NO_FILESYSTEM) */
}
/* for testing only - use client cert as CA to force no signer error */
if (useBadCert) {
#if !defined(NO_RSA)
verifyCert = "./certs/client-cert.pem";
#elif defined(HAVE_ECC)
verifyCert = "./certs/client-ecc-cert.pem";
#endif
}
if (!usePsk && !useAnon && !useVerifyCb) {
#if !defined(NO_FILESYSTEM)
#if !defined(NO_FILESYSTEM)
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("can't load ca file, Please run from wolfSSL home dir");
}
#else
#else
load_buffer(ctx, verifyCert, WOLFSSL_CA);
#endif /* !defined(NO_FILESYSTEM) */
#ifdef HAVE_ECC
#endif /* !NO_FILESYSTEM */
#ifdef HAVE_ECC
/* load ecc verify too, echoserver uses it by default w/ ecc */
#if !defined(NO_FILESYSTEM)
#ifndef NO_FILESYSTEM
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
}
#else
#else
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
#endif /* !defined(NO_FILESYSTEM) */
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
#endif /* !NO_FILESYSTEM */
#endif /* HAVE_ECC */
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) {
@ -1665,7 +1741,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("can't load trusted peer cert file");
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
}
if (useVerifyCb)
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
@ -1673,7 +1749,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
else if (!usePsk && !useAnon && overrideDateErrors == 1)
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myDateCb);
#endif /* !defined(NO_CERTS) */
#endif /* !NO_CERTS */
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
@ -1728,14 +1804,27 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp256r1");
}
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support secp384r1");
}
}
#endif /* HAVE_CURVE25519 && HAVE_SUPPORTED_CURVES */
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_CTX_allow_post_handshake_auth(ctx);
#endif
if (benchmark) {
((func_args*)args)->return_code =
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
benchmark, resumeSession, useX25519,
helloRetry);
helloRetry, onlyKeyShare, version);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
@ -1743,7 +1832,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if(throughput) {
((func_args*)args)->return_code =
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
throughput, useX25519);
block, throughput, useX25519);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
@ -1763,15 +1852,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth)
wolfSSL_CTX_allow_post_handshake_auth(ctx);
#endif
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
@ -1791,6 +1871,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
}
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
wolfSSL_CTX_free(ctx);
@ -1815,7 +1900,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_CURVE25519
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
!= WOLFSSL_SUCCESS) {
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x25519");
}
}
@ -1823,13 +1908,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_ECC
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
#endif
@ -1984,7 +2069,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
SetupPkCallbackContexts(ssl, &pkCbInfo);
#endif
if (matchName && doPeerCheck)
wolfSSL_check_domain_name(ssl, domain);
@ -2015,13 +2100,22 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
printf("wolfSSL_connect error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
/* cleanup */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
err_sys("wolfSSL_connect failed");
CloseSocket(sockfd);
if (!exitWithRet)
err_sys("wolfSSL_connect failed");
/* see note at top of README */
/* if you're getting an error here */
((func_args*)args)->return_code = err;
goto exit;
}
showPeer(ssl);
@ -2232,33 +2326,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void*)"resumed session");
#endif
#ifdef WOLFSSL_TLS13
#ifdef HAVE_CURVE25519
if (useX25519) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != WOLFSSL_SUCCESS) {
err_sys("unable to use curve x25519");
}
}
#endif
#ifdef HAVE_ECC
if (wolfSSL_UseKeyShare(sslResume,
WOLFSSL_ECC_SECP256R1) != WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(sslResume,
WOLFSSL_ECC_SECP384R1) != WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
#endif
#endif
#ifdef HAVE_FFDHE_2048
if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != WOLFSSL_SUCCESS) {
err_sys("unable to use DH 2048-bit parameters");
}
#endif
#endif
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
wolfSSL_set_using_nonblock(sslResume, 1);
@ -2337,7 +2404,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#else
timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
timeout.tv_usec = 0;
ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
#endif
if (ret != WOLFSSL_SUCCESS) {
printf("wolfSSL_connect resume error %d, %s\n", err,
@ -2510,6 +2577,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
((func_args*)args)->return_code = 0;
exit:
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif

2
examples/echoclient/echoclient.c
View File

@ -159,7 +159,7 @@ void echoclient_test(void* args)
#endif
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#ifdef WOLFSSL_ENCRYPTED_KEYS
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

2
examples/echoserver/echoserver.c
View File

@ -148,7 +148,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_OFF); */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#ifdef WOLFSSL_ENCRYPTED_KEYS
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

333
examples/server/server.c
View File

@ -23,11 +23,11 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ssl.h> /* name change portability layer */
#include <wolfssl/ssl.h> /* name change portability layer */
#include <cyassl/ctaocrypt/settings.h>
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h> /* ecc_fp_free */
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
#endif
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
@ -39,10 +39,10 @@
#include "wolfssl_MDK_ARM.h"
#endif
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
#ifdef CYASSL_DTLS
#include <cyassl/error-ssl.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/test.h>
#ifdef WOLFSSL_DTLS
#include <wolfssl/error-ssl.h>
#endif
#include "examples/server/server.h"
@ -75,7 +75,7 @@ static const char webServerMsg[] =
int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */
#ifdef CYASSL_CALLBACKS
#ifdef WOLFSSL_CALLBACKS
Timeval srvTo;
static int srvHandShakeCB(HandShakeInfo* info)
{
@ -117,18 +117,21 @@ static void err_sys_ex(int out, const char* msg)
static int NonBlockingSSL_Accept(SSL* ssl)
{
#ifndef CYASSL_CALLBACKS
#ifndef WOLFSSL_CALLBACKS
int ret = SSL_accept(ssl);
#else
int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
int ret = SSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
#endif
int error = SSL_get_error(ssl, 0);
SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl);
int select_ret = 0;
while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ ||
error == WOLFSSL_ERROR_WANT_WRITE ||
error == WC_PENDING_E)) {
while (ret != WOLFSSL_SUCCESS &&
(error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
)) {
int currTimeout = 1;
if (error == WOLFSSL_ERROR_WANT_READ) {
@ -137,36 +140,40 @@ static int NonBlockingSSL_Accept(SSL* ssl)
else if (error == WOLFSSL_ERROR_WANT_WRITE) {
/* printf("... server would write block\n"); */
}
#ifdef WOLFSSL_ASYNC_CRYPT
else if (error == WC_PENDING_E) {
if (error == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
else
#endif
if (error != WC_PENDING_E) {
#ifdef CYASSL_DTLS
currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
{
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) {
if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY)
#ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_PENDING_E
#endif
) {
#ifndef CYASSL_CALLBACKS
ret = SSL_accept(ssl);
#else
ret = CyaSSL_accept_ex(ssl,
ret = SSL_accept_ex(ssl,
srvHandShakeCB, srvTimeoutCB, srvTo);
#endif
error = SSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
error = WOLFSSL_ERROR_WANT_READ;
}
#ifdef CYASSL_DTLS
else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
CyaSSL_dtls_got_timeout(ssl) >= 0) {
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
wolfSSL_dtls_got_timeout(ssl) >= 0) {
error = WOLFSSL_ERROR_WANT_READ;
}
#endif
@ -179,14 +186,15 @@ static int NonBlockingSSL_Accept(SSL* ssl)
}
/* Echo number of bytes specified by -e arg */
int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
int throughput)
{
int ret = 0, err;
double start = 0, rx_time = 0, tx_time = 0;
int xfer_bytes = 0, select_ret, len, rx_pos;
char* buffer;
buffer = (char*)malloc(TEST_BUFFER_SIZE);
buffer = (char*)malloc(block);
if (!buffer) {
err_sys_ex(runWithErrors, "Server buffer malloc failed");
}
@ -197,7 +205,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
if (select_ret == TEST_RECV_READY) {
len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
len = min(block, throughput - xfer_bytes);
rx_pos = 0;
if (throughput) {
@ -217,7 +225,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
else
#endif
if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_ZERO_RETURN) {
err != WOLFSSL_ERROR_ZERO_RETURN) {
printf("SSL_read echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_read failed");
}
@ -276,7 +284,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
{
int ret, err;
char buffer[CYASSL_MAX_ERROR_SZ];
char buffer[WOLFSSL_MAX_ERROR_SZ];
/* Read data */
do {
@ -292,7 +300,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
}
else
#endif
#ifdef CYASSL_DTLS
#ifdef WOLFSSL_DTLS
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
printf("Dropped client's message due to a bad MAC\n");
}
@ -314,7 +322,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
{
int ret, err;
char buffer[CYASSL_MAX_ERROR_SZ];
char buffer[WOLFSSL_MAX_ERROR_SZ];
do {
err = 0; /* reset error */
@ -339,10 +347,10 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
static void Usage(void)
{
printf("server " LIBCYASSL_VERSION_STRING
printf("server " LIBWOLFSSL_VERSION_STRING
" NOTE: All files relative to wolfSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, not 0, default %d\n", yasslPort);
printf("-p <num> Port to listen on, not 0, default %d\n", wolfSSLPort);
#ifndef WOLFSSL_TLS13
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION);
@ -405,17 +413,29 @@ static void Usage(void)
#endif
printf("-g Return basic HTML web page\n");
printf("-C <num> The number of connections to accept, default: 1\n");
printf("-H <arg> Internal tests [defCipherList, badCert]\n");
printf("-H <arg> Internal tests [defCipherList, exitWithRet]\n");
#ifdef WOLFSSL_TLS13
printf("-K Key Exchange for PSK not using (EC)DHE\n");
printf("-U Update keys and IVs before sending\n");
printf("-K Key Exchange for PSK not using (EC)DHE\n");
#ifndef NO_DH
printf("-y Pre-generate Key Share using FFDHE_2048 only\n");
#endif
#ifdef HAVE_ECC
printf("-Y Pre-generate Key Share using P-256 only \n");
#endif
#ifdef HAVE_CURVE25519
printf("-t Pre-generate Key share using Curve25519 only\n");
#endif
#ifdef HAVE_SESSION_TICKET
printf("-T Do not generate session ticket\n");
#endif
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
printf("-Q Request certificate from client post-handshake\n");
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
printf("-J Server sends Cookie Extension containing state\n");
#endif
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef WOLFSSL_EARLY_DATA
printf("-0 Early data read from client (0-RTT handshake)\n");
#endif
@ -424,7 +444,7 @@ static void Usage(void)
#endif
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
{
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
@ -456,12 +476,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int useNtruKey = 0;
int nonBlocking = 0;
int fewerPackets = 0;
#ifdef HAVE_PK_CALLBACKS
int pkCallbacks = 0;
PkCbInfo pkCbInfo;
#endif
int wc_shutdown = 0;
int resume = 0;
int resumeCount = 0;
int loops = 1;
int cnt = 0;
int echoData = 0;
int block = TEST_BUFFER_SIZE;
int throughput = 0;
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS;
@ -475,7 +500,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
unsigned char alpn_opt = 0;
char* cipherList = NULL;
int useDefCipherList = 0;
int useBadCert = 0;
const char* verifyCert = cliCertFile;
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
@ -504,7 +528,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
#endif
char buffer[CYASSL_MAX_ERROR_SZ];
char buffer[WOLFSSL_MAX_ERROR_SZ];
#ifdef WOLFSSL_TLS13
int noPskDheKe = 0;
#endif
@ -534,6 +558,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
WOLFSSL_MEM_STATS mem_stats;
#endif
#endif
#ifdef WOLFSSL_TLS13
int onlyKeyShare = 0;
int noTicket = 0;
#endif
int useX25519 = 0;
int exitWithRet = 0;
((func_args*)args)->return_code = -1; /* error state */
@ -542,7 +572,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourCert = (char*)eccCertFile;
ourKey = (char*)eccKeyFile;
#endif
(void)pkCallbacks;
(void)needDH;
(void)ourKey;
(void)ourCert;
@ -559,19 +589,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void)readySignal;
(void)updateKeysIVs;
(void)mcastID;
(void)useBadCert;
(void)useX25519;
#ifdef CYASSL_TIRTOS
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
/* Not Used: h, m, t, y, z, F, M, T, V, W, X, Y */
/* Not Used: h, m, z, F, M, T, V, W, X */
while ((ch = mygetopt(argc, argv, "?"
"abc:defgijk:l:nop:q:rsuv:wx"
"A:B:C:D:E:GH:IJKL:NO:PQR:S:UYZ:"
"abc:defgijk:l:nop:q:rstuv:wxy"
"A:B:C:D:E:GH:IJKL:NO:PQR:S:TUYZ:"
"03:")) != -1) {
switch (ch) {
case '?' :
@ -663,9 +693,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
printf("Using default cipher list for testing\n");
useDefCipherList = 1;
}
else if (XSTRNCMP(myoptarg, "badCert", 7) == 0) {
printf("Using bad certificate for testing\n");
useBadCert = 1;
else if (XSTRNCMP(myoptarg, "exitWithRet", 7) == 0) {
printf("Skip exit() for testing\n");
exitWithRet = 1;
}
else {
Usage();
@ -771,7 +801,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'B':
throughput = atoi(myoptarg);
if (throughput <= 0) {
for (; *myoptarg != '\0'; myoptarg++) {
if (*myoptarg == ',') {
block = atoi(myoptarg + 1);
break;
}
}
if (throughput <= 0 || block <= 0) {
Usage();
exit(MY_EX_USAGE);
}
@ -793,12 +829,39 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useWebServerMsg = 1;
break;
case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH)
onlyKeyShare = 1;
#endif
break;
case 'Y' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
break;
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
#endif
break;
case 'K' :
#ifdef WOLFSSL_TLS13
noPskDheKe = 1;
#endif
break;
case 'T' :
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
noTicket = 1;
#endif
break;
case 'U' :
#ifdef WOLFSSL_TLS13
updateKeysIVs = 1;
@ -903,7 +966,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
break;
#endif /* NO_TLS */
#ifdef CYASSL_DTLS
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
case -1:
method = wolfDTLSv1_server_method_ex;
@ -962,7 +1025,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys_ex(runWithErrors, "server can't set cipher list 1");
}
#ifdef CYASSL_LEANPSK
#ifdef WOLFSSL_LEANPSK
if (!usePsk) {
usePsk = 1;
}
@ -975,27 +1038,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
wolfSSL_CTX_set_group_messages(ctx);
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#ifdef WOLFSSL_ENCRYPTED_KEYS
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if !defined(NO_CERTS)
/* for testing only - use bad cert as server cert for sig confirm err */
if (useBadCert) {
#if !defined(NO_RSA)
ourCert = "./certs/test/server-cert-rsa-badsig.pem";
#elif defined(HAVE_ECC)
ourCert = "./certs/test/server-cert-ecc-badsig.pem";
#endif
}
if ((!usePsk || usePskPlus) && !useAnon) {
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
@ -1027,13 +1081,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
if (SSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "can't load ntru key file, "
"Please run from wolfSSL home dir");
}
#endif
#if !defined(NO_CERTS)
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#ifdef TEST_PK_PRIVKEY
if (!pkCallbacks)
#endif
#endif
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
@ -1077,9 +1137,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (useAnon) {
#ifdef HAVE_ANON
CyaSSL_CTX_allow_anon_cipher(ctx);
wolfSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL || (cipherList && useDefCipherList)) {
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != WOLFSSL_SUCCESS)
const char* defaultCipherList;
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
!= WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "server can't set cipher list 4");
}
#endif
@ -1105,7 +1169,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif
#if defined(CYASSL_SNIFFER)
#if defined(WOLFSSL_SNIFFER)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLFSSL_SUCCESS)
@ -1115,7 +1179,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "UseSNI failed");
#endif
@ -1136,8 +1200,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_TLS13
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
if (noPskDheKe)
wolfSSL_CTX_no_dhe_psk(ctx);
if (noTicket)
wolfSSL_CTX_no_ticket_TLSv13(ctx);
#endif
while (1) {
@ -1173,6 +1239,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
}
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx);
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys_ex(runWithErrors, "unable to get SSL");
@ -1216,25 +1287,25 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifdef HAVE_CRL
#ifdef HAVE_CRL_MONITOR
crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON;
crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
#endif
if (CyaSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
if (wolfSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to enable CRL");
if (CyaSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
!= WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to load CRL");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to set CRL callback url");
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE
| CYASSL_OCSP_URL_OVERRIDE);
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else
CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
}
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
@ -1248,11 +1319,64 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
SetupPkCallbackContexts(ssl, &pkCbInfo);
#endif
#ifdef WOLFSSL_TLS13
if (version >= 4) {
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
if (onlyKeyShare == 2) {
if (useX25519 == 1) {
#ifdef HAVE_CURVE25519
int groups[1] = { WOLFSSL_ECC_X25519 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x25519");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: x25519");
}
#endif
}
else
{
#ifdef HAVE_ECC
#if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
int groups[1] = { WOLFSSL_ECC_SECP256R1 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp256r1");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: secp256r1");
}
#endif
#endif
}
}
else if (onlyKeyShare == 1) {
#ifdef HAVE_FFDHE_2048
int groups[1] = { WOLFSSL_FFDHE_2048 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use DH 2048-bit parameters");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: DH 2048-bit");
}
#endif
}
WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
}
#endif
/* do accept */
readySignal = ((func_args*)args)->signal;
if (readySignal) {
@ -1294,20 +1418,20 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
|| needDH == 1) {
#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
CyaSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM);
wolfSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif
}
#ifndef CYASSL_CALLBACKS
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
wolfSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&clientfd);
}
#endif
#ifndef CYASSL_CALLBACKS
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
ret = NonBlockingSSL_Accept(ssl);
}
@ -1356,7 +1480,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err = SSL_get_error(ssl, 0);
printf("SSL_accept error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_accept failed");
/* cleanup */
SSL_free(ssl);
SSL_CTX_free(ctx);
CloseSocket(clientfd);
CloseSocket(sockfd);
if (!exitWithRet)
err_sys_ex(runWithErrors, "SSL_accept failed");
((func_args*)args)->return_code = err;
goto exit;
}
showPeer(ssl);
@ -1448,11 +1582,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
if (echoData == 0 && throughput == 0) {
ServerRead(ssl, input, sizeof(input)-1);
err = SSL_get_error(ssl, 0);
}
if (err != WOLFSSL_ERROR_ZERO_RETURN && echoData == 0 &&
throughput == 0) {
const char* write_msg;
int write_msg_sz;
ServerRead(ssl, input, sizeof(input)-1);
#ifdef WOLFSSL_TLS13
if (updateKeysIVs)
wolfSSL_update_keys(ssl);
@ -1481,12 +1619,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
}
else {
ServerEchoData(ssl, clientfd, echoData, throughput);
ServerEchoData(ssl, clientfd, echoData, block, throughput);
}
#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
os_dly_wait(500) ;
#elif defined (CYASSL_TIRTOS)
#elif defined (WOLFSSL_TIRTOS)
Task_yield();
#endif
@ -1520,11 +1658,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
resumeCount = 0;
cnt++;
if (loops > 0 && --loops == 0) {
break; /* out of while loop, done with normal and resume option */
}
} /* while(1) */
WOLFSSL_TIME(cnt);
(void)cnt;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL_CTX_DisableOCSPStapling(ctx);
@ -1535,13 +1677,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
((func_args*)args)->return_code = 0;
exit:
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifdef CYASSL_TIRTOS
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
@ -1563,7 +1706,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void) useNtruKey;
(void) ourDhParam;
(void) ourCert;
#ifndef CYASSL_TIRTOS
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
@ -1588,9 +1731,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
InitTcpReady(&ready);
#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
CyaSSL_Debugging_ON();
wolfSSL_Debugging_ON();
#endif
CyaSSL_Init();
wolfSSL_Init();
ChangeToWolfRoot();
#ifndef NO_WOLFSSL_SERVER
@ -1603,7 +1746,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
printf("Server not compiled in!\n");
#endif
CyaSSL_Cleanup();
wolfSSL_Cleanup();
FreeTcpReady(&ready);
#ifdef HAVE_WNR

5
examples/server/server.h
View File

@ -26,9 +26,10 @@
THREAD_RETURN WOLFSSL_THREAD server_test(void* args);
/* Echo bytes using buffer of TEST_BUFFER_SIZE until [echoData] bytes are complete. */
/* Echo bytes using buffer of blockSize until [echoData] bytes are complete. */
/* If [bechmarkThroughput] set the statistcs will be output at the end */
int ServerEchoData(WOLFSSL* ssl, int clientfd, int echoData, int benchmarkThroughput);
int ServerEchoData(WOLFSSL* ssl, int clientfd, int echoData, int blockSize,
int benchmarkThroughput);
#endif /* WOLFSSL_SERVER_H */

206
fips-check.sh
View File

@ -11,67 +11,100 @@
#
# $ ./fips-check [version] [keep]
#
# - version: linux (default), ios, android, windows, freertos, linux-ecc
# - version: linux (default), ios, android, windows, freertos, linux-ecc, netbsd-selftest, linuxv2
#
# - keep: (default off) XXX-fips-test temp dir around for inspection
#
function Usage() {
echo "Usage: $0 [platform] [keep]"
echo "Where \"platform\" is one of linux (default), ios, android, windows, freertos, openrtos-3.9.2, linux-ecc, netbsd-selftest"
echo "Where \"keep\" means keep (default off) XXX-fips-test temp dir around for inspection"
printf '\n%s\n' "Usage: $0 [platform] [keep]"
printf '%s\n\n' "Where \"platform\" is one of:"
printf '\t%s\n' "linux (default)"
printf '\t%s\n' "ios"
printf '\t%s\n' "android"
printf '\t%s\n' "windows"
printf '\t%s\n' "freertos"
printf '\t%s\n' "openrtos-3.9.2"
printf '\t%s\n' "linux-ecc"
printf '\t%s\n' "netbsd-selftest"
printf '\t%s\n' "sgx"
printf '\t%s\n' "netos-7.6"
printf '\t%s\n' "linuxv2"
printf '\n%s\n\n' "Where \"keep\" means keep (default off) XXX-fips-test temp dir around for inspection"
printf '%s\n' "EXAMPLE:"
printf '%s\n' "---------------------------------"
printf '%s\n' "./fips-check.sh windows keep"
printf '%s\n\n' "---------------------------------"
}
LINUX_FIPS_VERSION=v3.2.6
LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
LINUX_CTAO_VERSION=v3.2.6
LINUX_CTAO_REPO=git@github.com:cyassl/cyassl.git
LINUX_CRYPT_VERSION=v3.2.6
LINUX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
LINUX_ECC_FIPS_VERSION=v3.10.3
LINUX_ECC_FIPS_REPO=git@github.com:wolfSSL/fips.git
LINUX_ECC_CTAO_VERSION=v3.2.6
LINUX_ECC_CTAO_REPO=git@github.com:cyassl/cyassl.git
LINUX_ECC_CRYPT_VERSION=v3.2.6
LINUX_ECC_CRYPT_REPO=git@github.com:cyassl/cyassl.git
LINUXV2_FIPS_VERSION=fipsv2
LINUXV2_FIPS_REPO=git@github.com:ejohnstown/fips.git
LINUXV2_CRYPT_VERSION=fipsv2
IOS_FIPS_VERSION=v3.4.8a
IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
IOS_CTAO_VERSION=v3.4.8.fips
IOS_CTAO_REPO=git@github.com:cyassl/cyassl.git
IOS_CRYPT_VERSION=v3.4.8.fips
IOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
ANDROID_FIPS_VERSION=v3.5.0
ANDROID_FIPS_REPO=git@github.com:wolfSSL/fips.git
ANDROID_CTAO_VERSION=v3.5.0
ANDROID_CTAO_REPO=git@github.com:cyassl/cyassl.git
ANDROID_CRYPT_VERSION=v3.5.0
ANDROID_CRYPT_REPO=git@github.com:cyassl/cyassl.git
WINDOWS_FIPS_VERSION=v3.6.6
WINDOWS_FIPS_REPO=git@github.com:wolfSSL/fips.git
WINDOWS_CTAO_VERSION=v3.6.6
WINDOWS_CTAO_REPO=git@github.com:cyassl/cyassl.git
WINDOWS_CRYPT_VERSION=v3.6.6
WINDOWS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
FREERTOS_FIPS_VERSION=v3.6.1-FreeRTOS
FREERTOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
FREERTOS_CTAO_VERSION=v3.6.1
FREERTOS_CTAO_REPO=git@github.com:cyassl/cyassl.git
FREERTOS_CRYPT_VERSION=v3.6.1
FREERTOS_CRYPT_REPO=git@github.com:cyassl/cyassl.git
OPENRTOS_3_9_2_FIPS_VERSION=v3.9.2-OpenRTOS
OPENRTOS_3_9_2_FIPS_REPO=git@github.com:wolfSSL/fips.git
OPENRTOS_3_9_2_CTAO_VERSION=v3.6.1
OPENRTOS_3_9_2_CTAO_REPO=git@github.com:cyassl/cyassl.git
OPENRTOS_3_9_2_CRYPT_VERSION=v3.6.1
OPENRTOS_3_9_2_CRYPT_REPO=git@github.com:cyassl/cyassl.git
#NOTE: Does not include the SGX examples yet, update version once fipsv2 is
# finished and merge conflicts can be resolved. This will be tagged as
# v3.12.4.sgx-examples
#SGX_FIPS_VERSION=v3.12.4.sgx-examples
SGX_FIPS_VERSION=v3.6.6
SGX_FIPS_REPO=git@github.com:wolfSSL/fips.git
SGX_CRYPT_VERSION=v3.12.4
SGX_CRYPT_REPO=git@github.com:cyassl/cyassl.git
NETOS_7_6_FIPS_VERSION=v3.12.6
NETOS_7_6_FIPS_REPO=git@github.com:wolfSSL/fips.git
NETOS_7_6_CRYPT_VERSION=v3.12.4
NETOS_7_6_CRYPT_REPO=git@github.com:cyassl/cyassl.git
# non-FIPS, CAVP only but pull in selftest
# will reset above variables below in platform switch
NETBSD_FIPS_VERSION=v3.14.2a
NETBSD_FIPS_REPO=git@github.com:wolfssl/fips.git
NETBSD_CRYPT_VERSION=v3.14.2
NETBSD_CRYPT_REPO=git@github.com:wolfssl/wolfssl.git
FIPS_SRCS=( fips.c fips_test.c )
WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
TEST_DIR=XXX-fips-test
WC_INC_PATH=cyassl/ctaocrypt
WC_SRC_PATH=ctaocrypt/src
CRYPT_INC_PATH=cyassl/ctaocrypt
CRYPT_SRC_PATH=ctaocrypt/src
FIPS_OPTION=v1
CAVP_SELFTEST_ONLY="no"
# non-FIPS, CAVP only but pull in selftest
# will reset above variables below in platform switch
NETBSD_FIPS_VERSION=v3.14.2
NETBSD_FIPS_REPO=git@github.com:wolfssl/fips.git
NETBSD_CTAO_VERSION=v3.14.2
NETBSD_CTAO_REPO=git@github.com:wolfssl/wolfssl.git
if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
if [ "x$2" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi
@ -80,57 +113,80 @@ case $PLATFORM in
ios)
FIPS_VERSION=$IOS_FIPS_VERSION
FIPS_REPO=$IOS_FIPS_REPO
CTAO_VERSION=$IOS_CTAO_VERSION
CTAO_REPO=$IOS_CTAO_REPO
CRYPT_VERSION=$IOS_CRYPT_VERSION
CRYPT_REPO=$IOS_CRYPT_REPO
;;
android)
FIPS_VERSION=$ANDROID_FIPS_VERSION
FIPS_REPO=$ANDROID_FIPS_REPO
CTAO_VERSION=$ANDROID_CTAO_VERSION
CTAO_REPO=$ANDROID_CTAO_REPO
CRYPT_VERSION=$ANDROID_CRYPT_VERSION
CRYPT_REPO=$ANDROID_CRYPT_REPO
;;
windows)
FIPS_VERSION=$WINDOWS_FIPS_VERSION
FIPS_REPO=$WINDOWS_FIPS_REPO
CTAO_VERSION=$WINDOWS_CTAO_VERSION
CTAO_REPO=$WINDOWS_CTAO_REPO
CRYPT_VERSION=$WINDOWS_CRYPT_VERSION
CRYPT_REPO=$WINDOWS_CRYPT_REPO
;;
freertos)
FIPS_VERSION=$FREERTOS_FIPS_VERSION
FIPS_REPO=$FREERTOS_FIPS_REPO
CTAO_VERSION=$FREERTOS_CTAO_VERSION
CTAO_REPO=$FREERTOS_CTAO_REPO
CRYPT_VERSION=$FREERTOS_CRYPT_VERSION
CRYPT_REPO=$FREERTOS_CRYPT_REPO
;;
openrtos-3.9.2)
FIPS_VERSION=$OPENRTOS_3_9_2_FIPS_VERSION
FIPS_REPO=$OPENRTOS_3_9_2_FIPS_REPO
CTAO_VERSION=$OPENRTOS_3_9_2_CTAO_VERSION
CTAO_REPO=$OPENRTOS_3_9_2_CTAO_REPO
CRYPT_VERSION=$OPENRTOS_3_9_2_CRYPT_VERSION
CRYPT_REPO=$OPENRTOS_3_9_2_CRYPT_REPO
FIPS_CONFLICTS=( aes hmac random sha256 )
;;
linux)
FIPS_VERSION=$LINUX_FIPS_VERSION
FIPS_REPO=$LINUX_FIPS_REPO
CTAO_VERSION=$LINUX_CTAO_VERSION
CTAO_REPO=$LINUX_CTAO_REPO
CRYPT_VERSION=$LINUX_CRYPT_VERSION
CRYPT_REPO=$LINUX_CRYPT_REPO
;;
linux-ecc)
FIPS_VERSION=$LINUX_ECC_FIPS_VERSION
FIPS_REPO=$LINUX_ECC_FIPS_REPO
CTAO_VERSION=$LINUX_ECC_CTAO_VERSION
CTAO_REPO=$LINUX_ECC_CTAO_REPO
CRYPT_VERSION=$LINUX_ECC_CRYPT_VERSION
CRYPT_REPO=$LINUX_ECC_CRYPT_REPO
;;
linuxv2)
FIPS_VERSION=$LINUXV2_FIPS_VERSION
FIPS_REPO=$LINUXV2_FIPS_REPO
CRYPT_VERSION=$LINUXV2_CRYPT_VERSION
CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src
WC_MODS+=( cmac dh )
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h )
FIPS_OPTION=v2
;;
netbsd-selftest)
FIPS_VERSION=$NETBSD_FIPS_VERSION
FIPS_REPO=$NETBSD_FIPS_REPO
CTAO_VERSION=$NETBSD_CTAO_VERSION
CTAO_REPO=$NETBSD_CTAO_REPO
CRYPT_VERSION=$NETBSD_CRYPT_VERSION
CRYPT_REPO=$NETBSD_CRYPT_REPO
FIPS_SRCS=( selftest.c )
WC_MODS=( dh ecc rsa dsa aes sha sha256 sha512 hmac random )
WC_INC_PATH=wolfssl/wolfcrypt
WC_SRC_PATH=wolfcrypt/src
CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src
CAVP_SELFTEST_ONLY="yes"
;;
sgx)
FIPS_VERSION=$SGX_FIPS_VERSION
FIPS_REPO=$SGX_FIPS_REPO
CRYPT_VERSION=$SGX_CRYPT_VERSION
CRYPT_REPO=$SGX_CRYPT_REPO
;;
netos-7.6)
FIPS_VERSION=$NETOS_7_6_FIPS_VERSION
FIPS_REPO=$NETOS_7_6_FIPS_REPO
CRYPT_VERSION=$NETOS_7_6_CRYPT_VERSION
CRYPT_REPO=$NETOS_7_6_CRYPT_REPO
;;
*)
Usage
exit 1
@ -141,24 +197,37 @@ git clone . $TEST_DIR
pushd $TEST_DIR
# make a clone of the last FIPS release tag
git clone -b $CTAO_VERSION $CTAO_REPO old-tree
[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
for MOD in ${WC_MODS[@]}
do
cp old-tree/$WC_SRC_PATH/${MOD}.c $WC_SRC_PATH
cp old-tree/$WC_INC_PATH/${MOD}.h $WC_INC_PATH
done
# The following is temporary. We are using random.c from a separate release
if [ "x$CAVP_SELFTEST_ONLY" == "xno" ];
if [ "x$FIPS_OPTION" == "xv1" ];
then
pushd old-tree
git checkout v3.6.0
popd
cp old-tree/$WC_SRC_PATH/random.c $WC_SRC_PATH
cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
# make a clone of the last FIPS release tag
git clone -b $CRYPT_VERSION $CRYPT_REPO old-tree
[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
for MOD in ${WC_MODS[@]}
do
cp old-tree/$CRYPT_SRC_PATH/${MOD}.c $CRYPT_SRC_PATH
cp old-tree/$CRYPT_INC_PATH/${MOD}.h $CRYPT_INC_PATH
done
# The following is temporary. We are using random.c from a separate release
# This is forcefully overwriting any other checkout of the cyassl sources.
# Removing this as default behavior for SGX and netos projects.
if [ "x$CAVP_SELFTEST_ONLY" == "xno" ] && [ "x$PLATFORM" != "xsgx" ] && \
[ "x$PLATFORM" != "xnetos-7.6" ];
then
pushd old-tree
git checkout v3.6.0
popd
cp old-tree/$CRYPT_SRC_PATH/random.c $CRYPT_SRC_PATH
cp old-tree/$CRYPT_INC_PATH/random.h $CRYPT_INC_PATH
fi
else
git branch --track $CRYPT_VERSION origin/$CRYPT_VERSION
# Checkout the fips versions of the wolfCrypt files from the repo.
for MOD in ${WC_MODS[@]}
do
git checkout $CRYPT_VERSION -- $CRYPT_SRC_PATH/$MOD.c $CRYPT_INC_PATH/$MOD.h
done
fi
# clone the FIPS repository
@ -167,7 +236,12 @@ git clone -b $FIPS_VERSION $FIPS_REPO fips
for SRC in ${FIPS_SRCS[@]}
do
cp fips/$SRC $WC_SRC_PATH
cp fips/$SRC $CRYPT_SRC_PATH
done
for INC in ${FIPS_INCS[@]}
do
cp fips/$INC $CRYPT_INC_PATH
done
# run the make test
@ -176,7 +250,7 @@ if [ "x$CAVP_SELFTEST_ONLY" == "xyes" ];
then
./configure --enable-selftest
else
./configure --enable-fips
./configure --enable-fips=$FIPS_OPTION
fi
make
[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1
@ -185,7 +259,7 @@ if [ "x$CAVP_SELFTEST_ONLY" == "xno" ];
then
NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
if [ -n "$NEWHASH" ]; then
sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $WC_SRC_PATH/fips_test.c
sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $CRYPT_SRC_PATH/fips_test.c
make clean
fi
fi

4
m4/ax_add_am_macro.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html
# https://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html
# ===========================================================================
#
# SYNOPSIS
@ -21,7 +21,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 9
#serial 10
AC_DEFUN([AX_ADD_AM_MACRO],[
AC_REQUIRE([AX_AM_MACROS])

7
m4/ax_am_jobserver.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html
# https://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html
# ===========================================================================
#
# SYNOPSIS
@ -33,7 +33,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7.1
#serial 8
AC_DEFUN([AX_AM_JOBSERVER], [
AC_REQUIRE([AX_COUNT_CPUS])
@ -44,7 +44,8 @@ AC_DEFUN([AX_AM_JOBSERVER], [
yes: enable one more than CPU count
],, [enable_jobserver=m4_ifval([$1],[$1],[yes])])
if test "x$enable_jobserver" = "xyes"; then
let enable_jobserver=$CPU_COUNT+1
enable_jobserver=$CPU_COUNT
((enable_jobserver++))
fi
m4_pattern_allow(AM_MAKEFLAGS)
if test "x$enable_jobserver" != "xno"; then

6
m4/ax_am_macros.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_am_macros.html
# https://www.gnu.org/software/autoconf-archive/ax_am_macros.html
# ===========================================================================
#
# SYNOPSIS
@ -24,7 +24,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 9
#serial 11
AC_DEFUN([AX_AM_MACROS],
[
@ -32,7 +32,7 @@ AC_MSG_NOTICE([adding automake macro support])
AMINCLUDE="aminclude.am"
AC_SUBST(AMINCLUDE)
AC_MSG_NOTICE([creating $AMINCLUDE])
AMINCLUDE_TIME=`date`
AMINCLUDE_TIME=`LC_ALL=C date`
AX_PRINT_TO_FILE([$AMINCLUDE],[[
# generated automatically by configure from AX_AUTOMAKE_MACROS
# on $AMINCLUDE_TIME

20
m4/ax_append_compile_flags.m4
View File

@ -1,10 +1,10 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
# ===========================================================================
# ============================================================================
# https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
# ============================================================================
#
# SYNOPSIS
#
# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -20,6 +20,8 @@
# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
# force the compiler to issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: This macro depends on the AX_APPEND_FLAG and
# AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
# AX_APPEND_LINK_FLAGS.
@ -39,7 +41,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -54,12 +56,12 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 3
#serial 6
AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
[AC_REQUIRE([AX_CHECK_COMPILE_FLAG])
AC_REQUIRE([AX_APPEND_FLAG])
[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
for flag in $1; do
AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3])
AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4])
done
])dnl AX_APPEND_COMPILE_FLAGS

34
m4/ax_append_flag.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
# https://www.gnu.org/software/autoconf-archive/ax_append_flag.html
# ===========================================================================
#
# SYNOPSIS
@ -34,7 +34,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -49,21 +49,23 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 2
#serial 7
AC_DEFUN([AX_APPEND_FLAG],
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl
AS_VAR_SET_IF(FLAGS,
[case " AS_VAR_GET(FLAGS) " in
*" $1 "*)
AC_RUN_LOG([: FLAGS already contains $1])
;;
*)
AC_RUN_LOG([: FLAGS="$FLAGS $1"])
AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"])
;;
esac],
[AS_VAR_SET(FLAGS,["$1"])])
[dnl
AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
AS_VAR_SET_IF(FLAGS,[
AS_CASE([" AS_VAR_GET(FLAGS) "],
[*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
[
AS_VAR_APPEND(FLAGS,[" $1"])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
],
[
AS_VAR_SET(FLAGS,[$1])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
AS_VAR_POPDEF([FLAGS])dnl
])dnl AX_APPEND_FLAG

16
m4/ax_append_link_flags.m4
View File

@ -1,10 +1,10 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html
# https://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -19,6 +19,8 @@
# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
# issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG.
# Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS.
#
@ -37,7 +39,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -52,12 +54,12 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 3
#serial 6
AC_DEFUN([AX_APPEND_LINK_FLAGS],
[AC_REQUIRE([AX_CHECK_LINK_FLAG])
AC_REQUIRE([AX_APPEND_FLAG])
[AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
for flag in $1; do
AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3])
AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4])
done
])dnl AX_APPEND_LINK_FLAGS

6
m4/ax_append_to_file.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_append_to_file.html
# https://www.gnu.org/software/autoconf-archive/ax_append_to_file.html
# ===========================================================================
#
# SYNOPSIS
@ -19,9 +19,9 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 8
#serial 9
AC_DEFUN([AX_APPEND_TO_FILE],[
AC_REQUIRE([AX_FILE_ESCAPES])
printf "$2\n" >> "$1"
printf "%s" "$2" >> "$1"
])

16
m4/ax_check_compile_flag.m4
View File

@ -1,10 +1,10 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -19,6 +19,8 @@
# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
# force the compiler to issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
#
@ -38,7 +40,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -53,19 +55,19 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 2
#serial 5
AC_DEFUN([AX_CHECK_COMPILE_FLAG],
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
_AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM()],
AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
[AS_VAR_SET(CACHEVAR,[yes])],
[AS_VAR_SET(CACHEVAR,[no])])
_AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
AS_VAR_IF(CACHEVAR,yes,
[m4_default([$2], :)],
[m4_default([$3], :)])
AS_VAR_POPDEF([CACHEVAR])dnl

56
m4/ax_check_library.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_library.html
# https://www.gnu.org/software/autoconf-archive/ax_check_library.html
# ===========================================================================
#
# SYNOPSIS
@ -32,7 +32,6 @@
#
# LICENSE
#
# Copyright (c) 2012 Brian Aker <brian@tangent.org>
# Copyright (c) 2010 Diego Elio Petteno` <flameeyes@gmail.com>
#
# This program is free software: you can redistribute it and/or modify it
@ -46,7 +45,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -61,35 +60,36 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 7
#serial 5
AC_DEFUN([AX_CHECK_LIBRARY],
[AC_ARG_VAR($1[_CPPFLAGS],[C preprocessor flags for ]$1[ headers])
AC_ARG_VAR($1[_LDFLAGS],[linker flags for ]$1[ libraries])
AC_DEFUN([AX_CHECK_LIBRARY], [
AC_ARG_VAR($1[_CPPFLAGS], [C preprocessor flags for ]$1[ headers])
AC_ARG_VAR($1[_LDFLAGS], [linker flags for ]$1[ libraries])
AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1),
[AX_SAVE_FLAGS
AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1),
[save_CPPFLAGS="$CPPFLAGS"
save_LDFLAGS="$LDFLAGS"
save_LIBS="$LIBS"
AS_IF([test "x$]$1[_CPPFLAGS" != "x"],
[CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"])
AS_IF([test "x$]$1[_CPPFLAGS" != "x"],
[CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"])
AS_IF([test "x$]$1[_LDFLAGS" != "x"],
[LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"])
AS_IF([test "x$]$1[_LDFLAGS" != "x"],
[LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"])
AC_CHECK_HEADER($2, [
AC_CHECK_LIB($3, [main],
[AS_TR_SH([ax_cv_have_]$1)=yes],
[AS_TR_SH([ax_cv_have_]$1)=no])
], [AS_TR_SH([ax_cv_have_]$1)=no])
AC_CHECK_HEADER($2, [
AC_CHECK_LIB($3, [main],
[AS_TR_SH([ax_cv_have_]$1)=yes],
[AS_TR_SH([ax_cv_have_]$1)=no])
], [AS_TR_SH([ax_cv_have_]$1)=no])
AX_RESTORE_FLAGS
])
AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"],
[AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found])
AC_SUBST($1[_CPPFLAGS])
AC_SUBST($1[_LDFLAGS])
AC_SUBST($1[_LIB],[-l]$3)
ifelse([$4], , :, [$4])],
[ifelse([$5], , :, [$5])])
CPPFLAGS="$save_CPPFLAGS"
LDFLAGS="$save_LDFLAGS"
LIBS="$save_LIBS"
])
AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"],
AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found])
[$4],
[$5])
])

17
m4/ax_check_link_flag.m4
View File

@ -1,10 +1,10 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
# https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -19,6 +19,8 @@
# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
# issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_LINK_IFELSE.
#
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
#
@ -38,7 +40,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -53,18 +55,19 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 2
#serial 5
AC_DEFUN([AX_CHECK_LINK_FLAG],
[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
ax_check_save_flags=$LDFLAGS
LDFLAGS="$LDFLAGS $4 $1"
AC_LINK_IFELSE([AC_LANG_PROGRAM()],
AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
[AS_VAR_SET(CACHEVAR,[yes])],
[AS_VAR_SET(CACHEVAR,[no])])
LDFLAGS=$ax_check_save_flags])
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
AS_VAR_IF(CACHEVAR,yes,
[m4_default([$2], :)],
[m4_default([$3], :)])
AS_VAR_POPDEF([CACHEVAR])dnl

587
m4/ax_compiler_version.m4
View File

@ -1,100 +1,529 @@
# ===========================================================================
# https://github.com/BrianAker/ddm4/
# https://www.gnu.org/software/autoconf-archive/ax_compiler_version.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_COMPILER_VERSION()
# AX_COMPILER_VERSION
#
# DESCRIPTION
#
# Capture version of C/C++ compiler
# This macro retrieves the compiler version and returns it in the cache
# variable $ax_cv_c_compiler_version for C and $ax_cv_cxx_compiler_version
# for C++.
#
# Version is returned as epoch:major.minor.patchversion
#
# Epoch is used in order to have an increasing version number in case of
# marketing change.
#
# Epoch use: * borland compiler use chronologically 0turboc for turboc
# era,
#
# 1borlanc BORLANDC++ before 5, 2cppbuilder for cppbuilder era,
# 3borlancpp for return of BORLANDC++ (after version 5.5),
# 4cppbuilder for cppbuilder with year version,
# and 5xe for XE era.
#
# An empty string is returned otherwise.
#
# LICENSE
#
# Copyright (C) 2012 Brian Aker
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# * The names of its contributors may not be used to endorse or
# promote products derived from this software without specific prior
# written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Copyright (c) 2014 Bastien ROUCARIES <roucaries.bastien+autoconf@gmail.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 5
AC_DEFUN([_C_COMPILER_VERSION],
[AC_MSG_CHECKING([C Compiler version])
#serial 12
AS_CASE(["$ax_cv_c_compiler_vendor"],
[sun],[ax_c_compiler_version=`$CC -V 2>&1 | sed 1q`],
[intel],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`],
[clang],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`],
[gnu],[ax_c_compiler_version=`$CC --version | sed 1q`],
[mingw],[ax_c_compiler_version=`$CC --version | sed 1q`],
[ax_c_compiler_version="unknown: $ax_cv_c_compiler_vendor"])
AC_MSG_RESULT(["$ax_c_compiler_version"])
AC_SUBST([CC_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"])
AC_SUBST([CC_VERSION],["$ax_c_compiler_version"])
# for intel
AC_DEFUN([_AX_COMPILER_VERSION_INTEL],
[ dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[__INTEL_COMPILER/100],,
AC_MSG_FAILURE([[[$0]] unknown intel compiler version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[(__INTEL_COMPILER%100)/10],,
AC_MSG_FAILURE([[[$0]] unknown intel compiler version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[(__INTEL_COMPILER%10)],,
AC_MSG_FAILURE([[[$0]] unknown intel compiler version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
AC_DEFUN([_CXX_COMPILER_VERSION],
[AC_MSG_CHECKING([C++ Compiler version])
AS_CASE(["$ax_cv_c_compiler_vendor"],
[sun],[ax_cxx_compiler_version=`$CXX -V 2>&1 | sed 1q`],
[intel],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`],
[clang],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`],
[gnu],[ax_cxx_compiler_version=`$CXX --version | sed 1q`],
[mingw],[ax_cxx_compiler_version=`$CXX --version | sed 1q`],
[ax_cxx_compiler_version="unknown: $ax_cv_c_compiler_vendor"])
AC_MSG_RESULT(["$ax_cxx_compiler_version"])
AC_SUBST([CXX_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"])
AC_SUBST([CXX_VERSION],["$ax_cxx_compiler_version"])
# for IBM
AC_DEFUN([_AX_COMPILER_VERSION_IBM],
[ dnl
dnl check between z/OS C/C++ and XL C/C++
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([],
[
#if defined(__COMPILER_VER__)
choke me;
#endif
])],
[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[__xlC__/100],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[__xlC__%100],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__xlC_ver__/0x100],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build,
[__xlC_ver__%0x100],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler build version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build"
],
[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__xlC__%1000],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[(__xlC__/10000)%10],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[(__xlC__/100000)%10],,
AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
])
AC_DEFUN([AX_COMPILER_VERSION],
[AC_REQUIRE([AX_COMPILER_VENDOR])
# for pathscale
AC_DEFUN([_AX_COMPILER_VERSION_PATHSCALE],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
__PATHCC__,,
AC_MSG_FAILURE([[[$0]] unknown pathscale major]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
__PATHCC_MINOR__,,
AC_MSG_FAILURE([[[$0]] unknown pathscale minor]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__PATHCC_PATCHLEVEL__],,
AC_MSG_FAILURE([[[$0]] unknown pathscale patch level]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
AC_MSG_CHECKING([MINGW])
AC_CHECK_DECL([__MINGW32__],
[MINGW=yes
ax_c_compiler_version_vendor=mingw],
[MINGW=no])
AC_MSG_RESULT([$MINGW])
# for clang
AC_DEFUN([_AX_COMPILER_VERSION_CLANG],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
__clang_major__,,
AC_MSG_FAILURE([[[$0]] unknown clang major]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
__clang_minor__,,
AC_MSG_FAILURE([[[$0]] unknown clang minor]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__clang_patchlevel__],,0)
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
AC_REQUIRE([_C_COMPILER_VERSION])
AC_REQUIRE([_CXX_COMPILER_VERSION])
AS_IF([test "x$GCC" = xyes],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if !defined(__GNUC__) || (__GNUC__ < 4) || ((__GNUC__ >= 4) && (__GNUC_MINOR__ < 7))
# error GCC is Too Old!
#endif
]])],
[ac_c_gcc_recent=yes],
[ac_c_gcc_recent=no])
# for crayc
AC_DEFUN([_AX_COMPILER_VERSION_CRAY],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
_RELEASE,,
AC_MSG_FAILURE([[[$0]] unknown crayc release]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
_RELEASE_MINOR,,
AC_MSG_FAILURE([[[$0]] unknown crayc minor]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"
])
# for fujitsu
AC_DEFUN([_AX_COMPILER_VERSION_FUJITSU],[
AC_COMPUTE_INT(ax_cv_[]_AC_LANG_ABBREV[]_compiler_version,
__FCC_VERSION,,
AC_MSG_FAILURE([[[$0]]unknown fujitsu release]))
])
# for GNU
AC_DEFUN([_AX_COMPILER_VERSION_GNU],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
__GNUC__,,
AC_MSG_FAILURE([[[$0]] unknown gcc major]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
__GNUC_MINOR__,,
AC_MSG_FAILURE([[[$0]] unknown gcc minor]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__GNUC_PATCHLEVEL__],,
AC_MSG_FAILURE([[[$0]] unknown gcc patch level]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# For sun
AC_DEFUN([_AX_COMPILER_VERSION_SUN],[
m4_define([_AX_COMPILER_VERSION_SUN_NUMBER],
[
#if defined(__SUNPRO_CC)
__SUNPRO_CC
#else
__SUNPRO_C
#endif
])
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59,
!!(_AX_COMPILER_VERSION_SUN_NUMBER < 0x1000),,
AC_MSG_FAILURE([[[$0]] unknown sun release version]))
AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59" = X1],
[dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
_AX_COMPILER_VERSION_SUN_NUMBER % 0x10,,
AC_MSG_FAILURE([[[$0]] unknown sun patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
(_AX_COMPILER_VERSION_SUN_NUMBER / 0x10) % 0x10,,
AC_MSG_FAILURE([[[$0]] unknown sun minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(_AX_COMPILER_VERSION_SUN_NUMBER / 0x100),,
AC_MSG_FAILURE([[[$0]] unknown sun major version]))
],
[dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
_AX_COMPILER_VERSION_SUN_NUMBER % 0x10,,
AC_MSG_FAILURE([[[$0]] unknown sun patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
(_AX_COMPILER_VERSION_SUN_NUMBER / 0x100) % 0x100,,
AC_MSG_FAILURE([[[$0]] unknown sun minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(_AX_COMPILER_VERSION_SUN_NUMBER / 0x1000),,
AC_MSG_FAILURE([[[$0]] unknown sun major version]))
])
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
AC_DEFUN([_AX_COMPILER_VERSION_HP],[
m4_define([_AX_COMPILER_VERSION_HP_NUMBER],
[
#if defined(__HP_cc)
__HP_cc
#else
__HP_aCC
#endif
])
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121,
!!(_AX_COMPILER_VERSION_HP_NUMBER <= 1),,
AC_MSG_FAILURE([[[$0]] unknown hp release version]))
AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121" = X1],
[dnl By default output last version with this behavior.
dnl it is so old
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="01.21.00"
],
[dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
(_AX_COMPILER_VERSION_HP_NUMBER % 100),,
AC_MSG_FAILURE([[[$0]] unknown hp release version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
((_AX_COMPILER_VERSION_HP_NUMBER / 100)%100),,
AC_MSG_FAILURE([[[$0]] unknown hp minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
((_AX_COMPILER_VERSION_HP_NUMBER / 10000)%100),,
AC_MSG_FAILURE([[[$0]] unknown hp major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
])
AC_DEFUN([_AX_COMPILER_VERSION_DEC],[dnl
m4_define([_AX_COMPILER_VERSION_DEC_NUMBER],
[
#if defined(__DECC_VER)
__DECC_VER
#else
__DECCXX_VER
#endif
])
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
(_AX_COMPILER_VERSION_DEC_NUMBER % 10000),,
AC_MSG_FAILURE([[[$0]] unknown dec release version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
((_AX_COMPILER_VERSION_DEC_NUMBER / 100000UL)%100),,
AC_MSG_FAILURE([[[$0]] unknown dec minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
((_AX_COMPILER_VERSION_DEC_NUMBER / 10000000UL)%100),,
AC_MSG_FAILURE([[[$0]] unknown dec major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# borland
AC_DEFUN([_AX_COMPILER_VERSION_BORLAND],[dnl
m4_define([_AX_COMPILER_VERSION_TURBOC_NUMBER],
[
#if defined(__TURBOC__)
__TURBOC__
#else
choke me
#endif
])
m4_define([_AX_COMPILER_VERSION_BORLANDC_NUMBER],
[
#if defined(__BORLANDC__)
__BORLANDC__
#else
__CODEGEARC__
#endif
])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(,
_AX_COMPILER_VERSION_TURBOC_NUMBER)],
[dnl TURBOC
AC_COMPUTE_INT(
_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw,
_AX_COMPILER_VERSION_TURBOC_NUMBER,,
AC_MSG_FAILURE([[[$0]] unknown turboc version]))
AS_IF(
[test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -lt 661 || test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -gt 1023],
[dnl compute normal version
AC_COMPUTE_INT(
_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
_AX_COMPILER_VERSION_TURBOC_NUMBER % 0x100,,
AC_MSG_FAILURE([[[$0]] unknown turboc minor version]))
AC_COMPUTE_INT(
_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(_AX_COMPILER_VERSION_TURBOC_NUMBER/0x100)%0x100,,
AC_MSG_FAILURE([[[$0]] unknown turboc major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"],
[dnl special version
AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw],
[661],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.00"],
[662],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.01"],
[663],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:2.00"],
[
AC_MSG_WARN([[[$0]] unknown turboc version between 0x295 and 0x400 please report bug])
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=""
])
])
],
# borlandc
[
AC_COMPUTE_INT(
_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw,
_AX_COMPILER_VERSION_BORLANDC_NUMBER,,
AC_MSG_FAILURE([[[$0]] unknown borlandc version]))
AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw],
dnl BORLANDC++ before 5.5
[512] ,[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:2.00"],
[1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"],
[1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"],
[1040],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.1"],
[1106],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:4.0"],
[1280],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.0"],
[1312],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.02"],
dnl C++ Builder era
[1328],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:3.0"],
[1344],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:4.0"],
dnl BORLANDC++ after 5.5
[1360],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.5"],
[1361],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.51"],
[1378],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.6.4"],
dnl C++ Builder with year number
[1392],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2006"],
[1424],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2007"],
[1555],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2009"],
[1569],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2010"],
dnl XE version
[1584],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe"],
[1600],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:2"],
[1616],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:3"],
[1632],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:4"],
[
AC_MSG_WARN([[[$0]] Unknown borlandc compiler version $_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw please report bug])
])
])
])
# COMO
AC_DEFUN([_AX_COMPILER_VERSION_COMEAU],
[ dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[__COMO_VERSION__%100],,
AC_MSG_FAILURE([[[$0]] unknown comeau compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[(__COMO_VERSION__/100)%10],,
AC_MSG_FAILURE([[[$0]] unknown comeau compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"
])
# KAI
AC_DEFUN([_AX_COMPILER_VERSION_KAI],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__KCC_VERSION%100],,
AC_MSG_FAILURE([[[$0]] unknown kay compiler patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[(__KCC_VERSION/100)%10],,
AC_MSG_FAILURE([[[$0]] unknown kay compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[(__KCC_VERSION/1000)%10],,
AC_MSG_FAILURE([[[$0]] unknown kay compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
dnl LCC
dnl LCC does not output version...
# SGI
AC_DEFUN([_AX_COMPILER_VERSION_SGI],[
m4_define([_AX_COMPILER_VERSION_SGI_NUMBER],
[
#if defined(_COMPILER_VERSION)
_COMPILER_VERSION
#else
_SGI_COMPILER_VERSION
#endif
])
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[_AX_COMPILER_VERSION_SGI_NUMBER%10],,
AC_MSG_FAILURE([[[$0]] unknown SGI compiler patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
[(_AX_COMPILER_VERSION_SGI_NUMBER/10)%10],,
AC_MSG_FAILURE([[[$0]] unknown SGI compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
[(_AX_COMPILER_VERSION_SGI_NUMBER/100)%10],,
AC_MSG_FAILURE([[[$0]] unknown SGI compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# microsoft
AC_DEFUN([_AX_COMPILER_VERSION_MICROSOFT],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
_MSC_VER%100,,
AC_MSG_FAILURE([[[$0]] unknown microsoft compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(_MSC_VER/100)%100,,
AC_MSG_FAILURE([[[$0]] unknown microsoft compiler major version]))
dnl could be overridden
_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0
_ax_[]_AC_LANG_ABBREV[]_compiler_version_build=0
# special case for version 6
AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X12"],
[AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
_MSC_FULL_VER%1000,,
_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0)])
# for version 7
AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X13"],
[AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
_MSC_FULL_VER%1000,,
AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version]))
])
# for version > 8
AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 14],
[AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
_MSC_FULL_VER%10000,,
AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version]))
])
AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 15],
[AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build,
_MSC_BUILD,,
AC_MSG_FAILURE([[[$0]] unknown microsoft compiler build version]))
])
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build"
])
# for metrowerks
AC_DEFUN([_AX_COMPILER_VERSION_METROWERKS],[dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
__MWERKS__%0x100,,
AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler patch version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
(__MWERKS__/0x100)%0x10,,
AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(__MWERKS__/0x1000)%0x10,,
AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# for watcom
AC_DEFUN([_AX_COMPILER_VERSION_WATCOM],[dnl
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
__WATCOMC__%100,,
AC_MSG_FAILURE([[[$0]] unknown watcom compiler minor version]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
(__WATCOMC__/100)%100,,
AC_MSG_FAILURE([[[$0]] unknown watcom compiler major version]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"
])
# for PGI
AC_DEFUN([_AX_COMPILER_VERSION_PORTLAND],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
__PGIC__,,
AC_MSG_FAILURE([[[$0]] unknown pgi major]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
__PGIC_MINOR__,,
AC_MSG_FAILURE([[[$0]] unknown pgi minor]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[__PGIC_PATCHLEVEL__],,
AC_MSG_FAILURE([[[$0]] unknown pgi patch level]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# tcc
AC_DEFUN([_AX_COMPILER_VERSION_TCC],[
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=[`tcc -v | $SED 's/^[ ]*tcc[ ]\+version[ ]\+\([0-9.]\+\).*/\1/g'`]
])
# for GNU
AC_DEFUN([_AX_COMPILER_VERSION_SDCC],[
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major,
/* avoid parse error with comments */
#if(defined(__SDCC_VERSION_MAJOR))
__SDCC_VERSION_MAJOR
#else
SDCC/100
#endif
,,
AC_MSG_FAILURE([[[$0]] unknown sdcc major]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor,
/* avoid parse error with comments */
#if(defined(__SDCC_VERSION_MINOR))
__SDCC_VERSION_MINOR
#else
(SDCC%100)/10
#endif
,,
AC_MSG_FAILURE([[[$0]] unknown sdcc minor]))
AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch,
[
/* avoid parse error with comments */
#if(defined(__SDCC_VERSION_PATCH))
__SDCC_VERSION_PATCH
#elsif(defined(_SDCC_VERSION_PATCHLEVEL))
__SDCC_VERSION_PATCHLEVEL
#else
SDCC%10
#endif
],,
AC_MSG_FAILURE([[[$0]] unknown sdcc patch level]))
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch"
])
# main entry point
AC_DEFUN([AX_COMPILER_VERSION],[dnl
AC_REQUIRE([AX_COMPILER_VENDOR])
AC_REQUIRE([AC_PROG_SED])
AC_CACHE_CHECK([for _AC_LANG compiler version],
ax_cv_[]_AC_LANG_ABBREV[]_compiler_version,
[ dnl
AS_CASE([$ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor],
[intel],[_AX_COMPILER_VERSION_INTEL],
[ibm],[_AX_COMPILER_VERSION_IBM],
[pathscale],[_AX_COMPILER_VERSION_PATHSCALE],
[clang],[_AX_COMPILER_VERSION_CLANG],
[cray],[_AX_COMPILER_VERSION_CRAY],
[fujitsu],[_AX_COMPILER_VERSION_FUJITSU],
[gnu],[_AX_COMPILER_VERSION_GNU],
[sun],[_AX_COMPILER_VERSION_SUN],
[hp],[_AX_COMPILER_VERSION_HP],
[dec],[_AX_COMPILER_VERSION_DEC],
[borland],[_AX_COMPILER_VERSION_BORLAND],
[comeau],[_AX_COMPILER_VERSION_COMEAU],
[kai],[_AX_COMPILER_VERSION_KAI],
[sgi],[_AX_COMPILER_VERSION_SGI],
[microsoft],[_AX_COMPILER_VERSION_MICROSOFT],
[metrowerks],[_AX_COMPILER_VERSION_METROWERKS],
[watcom],[_AX_COMPILER_VERSION_WATCOM],
[portland],[_AX_COMPILER_VERSION_PORTLAND],
[tcc],[_AX_COMPILER_VERSION_TCC],
[sdcc],[_AX_COMPILER_VERSION_SDCC],
[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=""])
])
])

106
m4/ax_count_cpus.m4
View File

@ -1,20 +1,24 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_count_cpus.html
# https://www.gnu.org/software/autoconf-archive/ax_count_cpus.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_COUNT_CPUS
# AX_COUNT_CPUS([ACTION-IF-DETECTED],[ACTION-IF-NOT-DETECTED])
#
# DESCRIPTION
#
# Attempt to count the number of processors present on the machine. If the
# detection fails, then a value of 1 is assumed.
# Attempt to count the number of logical processor cores (including
# virtual and HT cores) currently available to use on the machine and
# place detected value in CPU_COUNT variable.
#
# The value is placed in the CPU_COUNT variable.
# On successful detection, ACTION-IF-DETECTED is executed if present. If
# the detection fails, then ACTION-IF-NOT-DETECTED is triggered. The
# default ACTION-IF-NOT-DETECTED is to set CPU_COUNT to 1.
#
# LICENSE
#
# Copyright (c) 2014,2016 Karlson2k (Evgeny Grin) <k2k@narod.ru>
# Copyright (c) 2012 Brian Aker <brian@tangent.org>
# Copyright (c) 2008 Michael Paul Bailey <jinxidoru@byu.net>
# Copyright (c) 2008 Christophe Tournayre <turn3r@users.sourceforge.net>
@ -24,34 +28,74 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 10
#serial 22
AC_DEFUN([AX_COUNT_CPUS],[
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([AC_PROG_EGREP])
AC_DEFUN([AX_COUNT_CPUS],[dnl
AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_REQUIRE([AC_PROG_EGREP])dnl
AC_MSG_CHECKING([the number of available CPUs])
CPU_COUNT="0"
AS_CASE([$host_os],[
*darwin*],[
AS_IF([test -x /usr/sbin/sysctl],[
sysctl_a=`/usr/sbin/sysctl -a 2>/dev/null| grep -c hw.cpu`
AS_IF([test sysctl_a],[
CPU_COUNT=`/usr/sbin/sysctl -n hw.ncpu`
])
])],[
*linux*],[
AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[
AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[
CPU_COUNT=`$EGREP -c '^processor' /proc/cpuinfo`
])
])
])
# Try generic methods
AS_IF([test "x$CPU_COUNT" = "x0"],[
CPU_COUNT="1"
AC_MSG_RESULT( [unable to detect (assuming 1)] )
],[
AC_MSG_RESULT( $CPU_COUNT )
])
])
# 'getconf' is POSIX utility, but '_NPROCESSORS_ONLN' and
# 'NPROCESSORS_ONLN' are platform-specific
command -v getconf >/dev/null 2>&1 && \
CPU_COUNT=`getconf _NPROCESSORS_ONLN 2>/dev/null || getconf NPROCESSORS_ONLN 2>/dev/null` || CPU_COUNT="0"
AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v nproc >/dev/null 2>&1]],[[: # empty]],[dnl
# 'nproc' is part of GNU Coreutils and is widely available
CPU_COUNT=`OMP_NUM_THREADS='' nproc 2>/dev/null` || CPU_COUNT=`nproc 2>/dev/null` || CPU_COUNT="0"
])dnl
AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl
# Try platform-specific preferred methods
AS_CASE([[$host_os]],dnl
[[*linux*]],[[CPU_COUNT=`lscpu -p 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+,' -c` || CPU_COUNT="0"]],dnl
[[*darwin*]],[[CPU_COUNT=`sysctl -n hw.logicalcpu 2>/dev/null` || CPU_COUNT="0"]],dnl
[[freebsd*]],[[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n kern.smp.cpus 2>/dev/null` || CPU_COUNT="0"]],dnl
[[netbsd*]], [[command -v sysctl >/dev/null 2>&1 && CPU_COUNT=`sysctl -n hw.ncpuonline 2>/dev/null` || CPU_COUNT="0"]],dnl
[[solaris*]],[[command -v psrinfo >/dev/null 2>&1 && CPU_COUNT=`psrinfo 2>/dev/null | $EGREP -e '^@<:@0-9@:>@.*on-line' -c 2>/dev/null` || CPU_COUNT="0"]],dnl
[[mingw*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl
[[msys*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]],dnl
[[cygwin*]],[[CPU_COUNT=`ls -qpU1 /proc/registry/HKEY_LOCAL_MACHINE/HARDWARE/DESCRIPTION/System/CentralProcessor/ 2>/dev/null | $EGREP -e '^@<:@0-9@:>@+/' -c` || CPU_COUNT="0"]]dnl
)dnl
])dnl
AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null || ! command -v sysctl >/dev/null 2>&1]],[[: # empty]],[dnl
# Try less preferred generic method
# 'hw.ncpu' exist on many platforms, but not on GNU/Linux
CPU_COUNT=`sysctl -n hw.ncpu 2>/dev/null` || CPU_COUNT="0"
])dnl
AS_IF([[test "$CPU_COUNT" -gt "0" 2>/dev/null]],[[: # empty]],[dnl
# Try platform-specific fallback methods
# They can be less accurate and slower then preferred methods
AS_CASE([[$host_os]],dnl
[[*linux*]],[[CPU_COUNT=`$EGREP -e '^processor' -c /proc/cpuinfo 2>/dev/null` || CPU_COUNT="0"]],dnl
[[*darwin*]],[[CPU_COUNT=`system_profiler SPHardwareDataType 2>/dev/null | $EGREP -i -e 'number of cores:'|cut -d : -f 2 -s|tr -d ' '` || CPU_COUNT="0"]],dnl
[[freebsd*]],[[CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+: '|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl
[[netbsd*]], [[CPU_COUNT=`command -v cpuctl >/dev/null 2>&1 && cpuctl list 2>/dev/null| $EGREP -e '^@<:@0-9@:>@+ .* online ' -c` || \
CPU_COUNT=`dmesg 2>/dev/null| $EGREP -e '^cpu@<:@0-9@:>@+ at'|sort -u|$EGREP -e '^' -c` || CPU_COUNT="0"]],dnl
[[solaris*]],[[command -v kstat >/dev/null 2>&1 && CPU_COUNT=`kstat -m cpu_info -s state -p 2>/dev/null | $EGREP -c -e 'on-line'` || \
CPU_COUNT=`kstat -m cpu_info 2>/dev/null | $EGREP -c -e 'module: cpu_info'` || CPU_COUNT="0"]],dnl
[[mingw*]],[AS_IF([[CPU_COUNT=`reg query 'HKLM\\Hardware\\Description\\System\\CentralProcessor' 2>/dev/null | $EGREP -e '\\\\@<:@0-9@:>@+$' -c`]],dnl
[[: # empty]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]])],dnl
[[msys*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]],dnl
[[cygwin*]],[[test "$NUMBER_OF_PROCESSORS" -gt "0" 2>/dev/null && CPU_COUNT="$NUMBER_OF_PROCESSORS"]]dnl
)dnl
])dnl
AS_IF([[test "x$CPU_COUNT" != "x0" && test "$CPU_COUNT" -gt 0 2>/dev/null]],[dnl
AC_MSG_RESULT([[$CPU_COUNT]])
m4_ifvaln([$1],[$1],)dnl
],[dnl
m4_ifval([$2],[dnl
AS_UNSET([[CPU_COUNT]])
AC_MSG_RESULT([[unable to detect]])
$2
], [dnl
CPU_COUNT="1"
AC_MSG_RESULT([[unable to detect (assuming 1)]])
])dnl
])dnl
])dnl

4
m4/ax_file_escapes.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_file_escapes.html
# https://www.gnu.org/software/autoconf-archive/ax_file_escapes.html
# ===========================================================================
#
# SYNOPSIS
@ -19,7 +19,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7
#serial 8
AC_DEFUN([AX_FILE_ESCAPES],[
AX_DOLLAR="\$"

4
m4/ax_print_to_file.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_print_to_file.html
# https://www.gnu.org/software/autoconf-archive/ax_print_to_file.html
# ===========================================================================
#
# SYNOPSIS
@ -19,7 +19,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7
#serial 8
AC_DEFUN([AX_PRINT_TO_FILE],[
AC_REQUIRE([AX_FILE_ESCAPES])

397
m4/ax_pthread.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_pthread.html
# https://www.gnu.org/software/autoconf-archive/ax_pthread.html
# ===========================================================================
#
# SYNOPSIS
@ -19,10 +19,10 @@
# is necessary on AIX to use the special cc_r compiler alias.)
#
# NOTE: You are assumed to not only compile your program with these flags,
# but also link it with them as well. e.g. you should link with
# but also to link with them as well. For example, you might link with
# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
#
# If you are only building threads programs, you may wish to use these
# If you are only building threaded programs, you may wish to use these
# variables in your default LIBS, CFLAGS, and CC:
#
# LIBS="$PTHREAD_LIBS $LIBS"
@ -30,8 +30,8 @@
# CC="$PTHREAD_CC"
#
# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
# (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to
# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
#
# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
# PTHREAD_PRIO_INHERIT symbol is defined when compiling with
@ -67,7 +67,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -82,35 +82,40 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 20
#serial 24
AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
AC_DEFUN([AX_PTHREAD], [
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([AC_PROG_CC])
AC_REQUIRE([AC_PROG_SED])
AC_LANG_PUSH([C])
ax_pthread_ok=no
# We used to check for pthread.h first, but this fails if pthread.h
# requires special compiler flags (e.g. on True64 or Sequent).
# requires special compiler flags (e.g. on Tru64 or Sequent).
# It gets checked for in the link test anyway.
# First of all, check if the user has set any of the PTHREAD_LIBS,
# etcetera environment variables, and if threads linking works using
# them:
if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
save_CFLAGS="$CFLAGS"
if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then
ax_pthread_save_CC="$CC"
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"])
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
save_LIBS="$LIBS"
LIBS="$PTHREAD_LIBS $LIBS"
AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes)
AC_MSG_RESULT($ax_pthread_ok)
if test x"$ax_pthread_ok" = xno; then
AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS])
AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes])
AC_MSG_RESULT([$ax_pthread_ok])
if test "x$ax_pthread_ok" = "xno"; then
PTHREAD_LIBS=""
PTHREAD_CFLAGS=""
fi
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CC="$ax_pthread_save_CC"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
fi
# We must check for the threads library under a number of different
@ -123,7 +128,7 @@ fi
# which indicates that we try without any flags at all, and "pthread-config"
# which is a program returning the flags for the Pth emulation library.
ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
# The ordering *is* (sometimes) important. Some notes on the
# individual items follow:
@ -132,71 +137,225 @@ ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mt
# none: in case threads are in libc; should be tried before -Kthread and
# other compiler flags to prevent continual compiler warnings
# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
# -pthreads: Solaris/gcc
# -mthreads: Mingw32/gcc, Lynx/gcc
# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64
# (Note: HP C rejects this with "bad form for `-t' option")
# -pthreads: Solaris/gcc (Note: HP C also rejects)
# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
# doesn't hurt to check since this sometimes defines pthreads too;
# also defines -D_REENTRANT)
# ... -mt is also the pthreads flag for HP/aCC
# doesn't hurt to check since this sometimes defines pthreads and
# -D_REENTRANT too), HP C (must be checked before -lpthread, which
# is present but should not be used directly; and before -mthreads,
# because the compiler interprets this as "-mt" + "-hreads")
# -mthreads: Mingw32/gcc, Lynx/gcc
# pthread: Linux, etcetera
# --thread-safe: KAI C++
# pthread-config: use pthread-config program (for GNU Pth library)
case ${host_os} in
case $host_os in
freebsd*)
# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
ax_pthread_flags="-kthread lthread $ax_pthread_flags"
;;
hpux*)
# From the cc(1) man page: "[-mt] Sets various -D flags to enable
# multi-threading and also sets -lpthread."
ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags"
;;
openedition*)
# IBM z/OS requires a feature-test macro to be defined in order to
# enable POSIX threads at all, so give the user a hint if this is
# not set. (We don't define these ourselves, as they can affect
# other portions of the system API in unpredictable ways.)
AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING],
[
# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS)
AX_PTHREAD_ZOS_MISSING
# endif
],
[AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])])
;;
solaris*)
# On Solaris (at least, for some versions), libc contains stubbed
# (non-functional) versions of the pthreads routines, so link-based
# tests will erroneously succeed. (We need to link with -pthreads/-mt/
# -lpthread.) (The stubs are missing pthread_cleanup_push, or rather
# a function called by this macro, so we could check for that, but
# who knows whether they'll stub that too in a future libc.) So,
# we'll just look for -pthreads and -lpthread first:
# tests will erroneously succeed. (N.B.: The stubs are missing
# pthread_cleanup_push, or rather a function called by this macro,
# so we could check for that, but who knows whether they'll stub
# that too in a future libc.) So we'll check first for the
# standard Solaris way of linking pthreads (-mt -lpthread).
ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
;;
darwin*)
AC_REQUIRE([WOLFSSL_DARWIN_USING_CLANG])
AS_IF([test x"$wolfssl_darwin_clang" = x"yes"],
[ax_pthread_flags="$ax_pthread_flags"],
[ax_pthread_flags="-pthread $ax_pthread_flags"])
ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags"
;;
esac
if test x"$ax_pthread_ok" = xno; then
for flag in $ax_pthread_flags; do
# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC)
case $flag in
AS_IF([test "x$GCC" = "xyes"],
[ax_pthread_flags="-pthread -pthreads $ax_pthread_flags"])
# The presence of a feature test macro requesting re-entrant function
# definitions is, on some systems, a strong hint that pthreads support is
# correctly enabled
case $host_os in
darwin* | hpux* | linux* | osf* | solaris*)
ax_pthread_check_macro="_REENTRANT"
;;
aix*)
ax_pthread_check_macro="_THREAD_SAFE"
;;
*)
ax_pthread_check_macro="--"
;;
esac
AS_IF([test "x$ax_pthread_check_macro" = "x--"],
[ax_pthread_check_cond=0],
[ax_pthread_check_cond="!defined($ax_pthread_check_macro)"])
# Are we compiling with Clang?
AC_CACHE_CHECK([whether $CC is Clang],
[ax_cv_PTHREAD_CLANG],
[ax_cv_PTHREAD_CLANG=no
# Note that Autoconf sets GCC=yes for Clang as well as GCC
if test "x$GCC" = "xyes"; then
AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG],
[/* Note: Clang 2.7 lacks __clang_[a-z]+__ */
# if defined(__clang__) && defined(__llvm__)
AX_PTHREAD_CC_IS_CLANG
# endif
],
[ax_cv_PTHREAD_CLANG=yes])
fi
])
ax_pthread_clang="$ax_cv_PTHREAD_CLANG"
ax_pthread_clang_warning=no
# Clang needs special handling, because older versions handle the -pthread
# option in a rather... idiosyncratic way
if test "x$ax_pthread_clang" = "xyes"; then
# Clang takes -pthread; it has never supported any other flag
# (Note 1: This will need to be revisited if a system that Clang
# supports has POSIX threads in a separate library. This tends not
# to be the way of modern systems, but it's conceivable.)
# (Note 2: On some systems, notably Darwin, -pthread is not needed
# to get POSIX threads support; the API is always present and
# active. We could reasonably leave PTHREAD_CFLAGS empty. But
# -pthread does define _REENTRANT, and while the Darwin headers
# ignore this macro, third-party headers might not.)
PTHREAD_CFLAGS="-pthread"
PTHREAD_LIBS=
ax_pthread_ok=yes
# However, older versions of Clang make a point of warning the user
# that, in an invocation where only linking and no compilation is
# taking place, the -pthread option has no effect ("argument unused
# during compilation"). They expect -pthread to be passed in only
# when source code is being compiled.
#
# Problem is, this is at odds with the way Automake and most other
# C build frameworks function, which is that the same flags used in
# compilation (CFLAGS) are also used in linking. Many systems
# supported by AX_PTHREAD require exactly this for POSIX threads
# support, and in fact it is often not straightforward to specify a
# flag that is used only in the compilation phase and not in
# linking. Such a scenario is extremely rare in practice.
#
# Even though use of the -pthread flag in linking would only print
# a warning, this can be a nuisance for well-run software projects
# that build with -Werror. So if the active version of Clang has
# this misfeature, we search for an option to squash it.
AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread],
[ax_cv_PTHREAD_CLANG_NO_WARN_FLAG],
[ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
# Create an alternate version of $ac_link that compiles and
# links in two steps (.c -> .o, .o -> exe) instead of one
# (.c -> exe), because the warning occurs only in the second
# step
ax_pthread_save_ac_link="$ac_link"
ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g'
ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"`
ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)"
ax_pthread_save_CFLAGS="$CFLAGS"
for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do
AS_IF([test "x$ax_pthread_try" = "xunknown"], [break])
CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS"
ac_link="$ax_pthread_save_ac_link"
AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
[ac_link="$ax_pthread_2step_ac_link"
AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
[break])
])
done
ac_link="$ax_pthread_save_ac_link"
CFLAGS="$ax_pthread_save_CFLAGS"
AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no])
ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
])
case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in
no | unknown) ;;
*) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;;
esac
fi # $ax_pthread_clang = yes
if test "x$ax_pthread_ok" = "xno"; then
for ax_pthread_try_flag in $ax_pthread_flags; do
case $ax_pthread_try_flag in
none)
AC_MSG_CHECKING([whether pthreads work without any flags])
;;
-mt,pthread)
AC_MSG_CHECKING([whether pthreads work with -mt -lpthread])
PTHREAD_CFLAGS="-mt"
PTHREAD_LIBS="-lpthread"
;;
-*)
AC_MSG_CHECKING([whether pthreads work with $flag])
PTHREAD_CFLAGS="$flag"
AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag])
PTHREAD_CFLAGS="$ax_pthread_try_flag"
;;
pthread-config)
AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no)
if test x"$ax_pthread_config" = xno; then continue; fi
AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no])
AS_IF([test "x$ax_pthread_config" = "xno"], [continue])
PTHREAD_CFLAGS="`pthread-config --cflags`"
PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
;;
*)
AC_MSG_CHECKING([for the pthreads library -l$flag])
PTHREAD_LIBS="-l$flag"
AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag])
PTHREAD_LIBS="-l$ax_pthread_try_flag"
;;
esac
save_LIBS="$LIBS"
save_CFLAGS="$CFLAGS"
LIBS="$PTHREAD_LIBS $LIBS"
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
LIBS="$PTHREAD_LIBS $LIBS"
# Check for various functions. We must include pthread.h,
# since some functions may be macros. (On the Sequent, we
@ -207,7 +366,11 @@ for flag in $ax_pthread_flags; do
# pthread_cleanup_push because it is one of the few pthread
# functions on Solaris that doesn't have a non-functional libc stub.
# We try pthread_create on general principles.
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
dnl# if $ax_pthread_check_cond
dnl# error "$ax_pthread_check_macro must be defined"
dnl# endif
static void routine(void *a) { a = 0; }
static void *start_routine(void *a) { return a; }],
[pthread_t th; pthread_attr_t attr;
@ -216,16 +379,14 @@ for flag in $ax_pthread_flags; do
pthread_attr_init(&attr);
pthread_cleanup_push(routine, 0);
pthread_cleanup_pop(0) /* ; */])],
[ax_pthread_ok=yes],
[])
[ax_pthread_ok=yes],
[])
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
AC_MSG_RESULT($ax_pthread_ok)
if test "x$ax_pthread_ok" = xyes; then
break;
fi
AC_MSG_RESULT([$ax_pthread_ok])
AS_IF([test "x$ax_pthread_ok" = "xyes"], [break])
PTHREAD_LIBS=""
PTHREAD_CFLAGS=""
@ -233,70 +394,74 @@ done
fi
# Various other checks:
if test "x$ax_pthread_ok" = xyes; then
save_LIBS="$LIBS"
LIBS="$PTHREAD_LIBS $LIBS"
save_CFLAGS="$CFLAGS"
if test "x$ax_pthread_ok" = "xyes"; then
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
LIBS="$PTHREAD_LIBS $LIBS"
# Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
AC_MSG_CHECKING([for joinable pthread attribute])
attr_name=unknown
for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
[int attr = $attr; return attr /* ; */])],
[attr_name=$attr; break],
[])
done
AC_MSG_RESULT($attr_name)
if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
[Define to necessary symbol if this constant
uses a non-standard name on your system.])
fi
AC_CACHE_CHECK([for joinable pthread attribute],
[ax_cv_PTHREAD_JOINABLE_ATTR],
[ax_cv_PTHREAD_JOINABLE_ATTR=unknown
for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
[int attr = $ax_pthread_attr; return attr /* ; */])],
[ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break],
[])
done
])
AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \
test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \
test "x$ax_pthread_joinable_attr_defined" != "xyes"],
[AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE],
[$ax_cv_PTHREAD_JOINABLE_ATTR],
[Define to necessary symbol if this constant
uses a non-standard name on your system.])
ax_pthread_joinable_attr_defined=yes
])
AC_MSG_CHECKING([if more special flags are required for pthreads])
flag=no
case ${host_os} in
aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
osf* | hpux*) flag="-D_REENTRANT";;
solaris*)
if test "$GCC" = "yes"; then
flag="-D_REENTRANT"
else
flag="-mt -D_REENTRANT"
fi
;;
esac
AC_MSG_RESULT(${flag})
if test "x$flag" != xno; then
PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
fi
AC_CACHE_CHECK([whether more special flags are required for pthreads],
[ax_cv_PTHREAD_SPECIAL_FLAGS],
[ax_cv_PTHREAD_SPECIAL_FLAGS=no
case $host_os in
solaris*)
ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
;;
esac
])
AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \
test "x$ax_pthread_special_flags_added" != "xyes"],
[PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS"
ax_pthread_special_flags_added=yes])
AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
ax_cv_PTHREAD_PRIO_INHERIT, [
AC_LINK_IFELSE([
AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])],
[ax_cv_PTHREAD_PRIO_INHERIT=yes],
[ax_cv_PTHREAD_PRIO_INHERIT=no])
[ax_cv_PTHREAD_PRIO_INHERIT],
[AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]],
[[int i = PTHREAD_PRIO_INHERIT;]])],
[ax_cv_PTHREAD_PRIO_INHERIT=yes],
[ax_cv_PTHREAD_PRIO_INHERIT=no])
])
AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.]))
AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \
test "x$ax_pthread_prio_inherit_defined" != "xyes"],
[AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])
ax_pthread_prio_inherit_defined=yes
])
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
# More AIX lossage: compile with *_r variant
if test "x$GCC" != xyes; then
if test "x$GCC" != "xyes"; then
case $host_os in
aix*)
AS_CASE(["x/$CC"],
[x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
[#handle absolute path differently from PATH based program lookup
AS_CASE(["x$CC"],
[x/*],
[AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
[AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
[x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
[#handle absolute path differently from PATH based program lookup
AS_CASE(["x$CC"],
[x/*],
[AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
[AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
;;
esac
fi
@ -304,13 +469,13 @@ fi
test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
AC_SUBST(PTHREAD_LIBS)
AC_SUBST(PTHREAD_CFLAGS)
AC_SUBST(PTHREAD_CC)
AC_SUBST([PTHREAD_LIBS])
AC_SUBST([PTHREAD_CFLAGS])
AC_SUBST([PTHREAD_CC])
# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
if test x"$ax_pthread_ok" = xyes; then
ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
if test "x$ax_pthread_ok" = "xyes"; then
ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1])
:
else
ax_pthread_ok=no

37
m4/ax_require_defined.m4 Normal file
View File

@ -0,0 +1,37 @@
# ===========================================================================
# https://www.gnu.org/software/autoconf-archive/ax_require_defined.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_REQUIRE_DEFINED(MACRO)
#
# DESCRIPTION
#
# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
# been defined and thus are available for use. This avoids random issues
# where a macro isn't expanded. Instead the configure script emits a
# non-fatal:
#
# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
#
# It's like AC_REQUIRE except it doesn't expand the required macro.
#
# Here's an example:
#
# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
#
# LICENSE
#
# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 2
AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
])dnl AX_REQUIRE_DEFINED

4
m4/visibility.m4
View File

@ -1,5 +1,5 @@
# visibility.m4 serial 5 (gettext-0.18.2)
dnl Copyright (C) 2005, 2008, 2010-2014 Free Software Foundation, Inc.
dnl Copyright (C) 2005, 2008, 2010-2018 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
@ -58,7 +58,7 @@ AC_DEFUN([gl_VISIBILITY],
extern __attribute__((__visibility__("default"))) int exportedvar;
extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
extern __attribute__((__visibility__("default"))) int exportedfunc (void);
int hiddenfunc (void) { return 0; }
void dummyfunc (void) {}
]],
[[]])],
[gl_cv_cc_visibility=yes],

37
m4/wolfssl_darwin_clang.m4
View File

@ -1,37 +0,0 @@
# ===========================================================================
#
# SYNOPSIS
#
# WOLFSSL_DARWIN_USING_CLANG
#
# DESCRIPTION
#
# With the advent of Apple Xcode v5.0, the old tool sets are missing from
# the distribution. The provided "gcc" executable wrapper accepts the
# "-pthread" flag, and passes it to the underlying "clang" which chokes
# on it. This script checks the version of the gcc executable to see if
# it reports it is really "clang".
#
# The value is placed in the wolfssl_darwin_clang variable.
#
# LICENSE
#
# Copyright (c) 2013 John Safranek <john@wolfssl.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 1
AC_DEFUN([WOLFSSL_DARWIN_USING_CLANG],
[
if test x"$CC" = xclang; then
wolfssl_darwin_clang=yes
elif test x"$CC" = x || test x"$CC" = xgcc; then
if /usr/bin/gcc -v 2>&1 | grep 'clang' >/dev/null 2>&1; then
wolfssl_darwin_clang=yes
fi
fi
])

8
mcapi/crypto.h
View File

@ -116,10 +116,10 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX*, unsigned char*);
/* HMAC types */
enum {
CRYPT_HMAC_SHA = 1,
CRYPT_HMAC_SHA256 = 2,
CRYPT_HMAC_SHA384 = 5,
CRYPT_HMAC_SHA512 = 4
CRYPT_HMAC_SHA = 4,
CRYPT_HMAC_SHA256 = 6,
CRYPT_HMAC_SHA384 = 7,
CRYPT_HMAC_SHA512 = 8
};

5
scripts/include.am
View File

@ -12,11 +12,6 @@ if BUILD_EXAMPLE_SERVERS
dist_noinst_SCRIPTS+= scripts/resume.test
# only run this test if we have the ability to support cert validation
if BUILD_PKI
dist_noinst_SCRIPTS+= scripts/tls-cert-fail.test
endif
EXTRA_DIST+= scripts/benchmark.test
if BUILD_CRL

2
scripts/ocsp.test
View File

@ -13,7 +13,7 @@ RESULT=$?
[ $RESULT -ne 0 ] && exit 0
# client test against the server
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1

173
scripts/tls-cert-fail.test
View File

@ -1,173 +0,0 @@
#!/bin/sh
#tls-cert-fail.test
asn_no_signer_e="-188"
asn_sig_confirm_e="-155"
exit_code=1
counter=0
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
tls_port=0
#no_pid tells us process was never started if -1
no_pid=-1
#server_pid captured on startup, stores the id of the server process
server_pid=$no_pid
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_tls_ready$$
remove_ready_file() {
if test -e $ready_file; then
echo -e "removing existing ready file"
rm $ready_file
fi
}
# trap this function so if user aborts with ^C or other kill signal we still
# get an exit that will in turn clean up the file system
abort_trap() {
echo "script aborted"
if [ $server_pid != $no_pid ]
then
echo "killing server"
kill -9 $server_pid
fi
exit_code=2 #different exit code in case of user interrupt
echo "got abort signal, exiting with $exit_code"
exit $exit_code
}
trap abort_trap INT TERM
# trap this function so that if we exit on an error the file system will still
# be restored and the other tests may still pass. Never call this function
# instead use "exit <some value>" and this function will run automatically
restore_file_system() {
remove_ready_file
}
trap restore_file_system EXIT
run_tls_no_signer_test() {
echo -e "\nStarting example server for tls no signer fail test...\n"
remove_ready_file
# starts the server on tls_port, -R generates ready file to be used as a
# mutex lock. We capture the processid into the variable server_pid
./examples/server/server -R $ready_file -p $tls_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
exit 1
fi
# get created port 0 ephemeral port
tls_port=`cat $ready_file`
# starts client on tls_port and captures the output from client
capture_out=$(./examples/client/client -p $tls_port -H badCert 2>&1)
client_result=$?
wait $server_pid
server_result=$?
case "$capture_out" in
*$asn_no_signer_e*)
# only exit with zero on detection of the expected error code
echo ""
echo "$capture_out"
echo ""
echo "No signer error as expected! Test pass"
echo ""
exit_code=0
;;
*)
echo ""
echo "Client did not return asn_no_signer_e as expected: $capture_out"
echo ""
exit_code=1
esac
}
run_tls_sig_confirm_test() {
echo -e "\nStarting example server for tls sig confirm fail test...\n"
remove_ready_file
# starts the server on tls_port, -R generates ready file to be used as a
# mutex lock. We capture the processid into the variable server_pid
./examples/server/server -R $ready_file -p $tls_port -H badCert &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
exit 1
fi
# get created port 0 ephemeral port
tls_port=`cat $ready_file`
# starts client on tls_port and captures the output from client
capture_out=$(./examples/client/client -p $tls_port 2>&1)
client_result=$?
wait $server_pid
server_result=$?
case "$capture_out" in
*$asn_sig_confirm_e*)
# only exit with zero on detection of the expected error code
echo ""
echo "$capture_out"
echo ""
echo "Sig confirm error as expected! Test pass"
echo ""
exit_code=0
;;
*)
echo ""
echo "Client did not return asn_sig_confirm_e as expected: $capture_out"
echo ""
exit_code=1
esac
}
######### begin program #########
# run the test
run_tls_no_signer_test
tls_port=0
run_tls_sig_confirm_test
echo "exiting with $exit_code"
exit $exit_code
########## end program ##########

84
scripts/tls13.test
View File

@ -13,18 +13,21 @@ counter=0
# let's use absolute path to a local dir (make distcheck may be in sub dir)
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_psk_ready$$
ready_file=`pwd`/wolfssl_tls13_ready$$
echo "ready file $ready_file"
create_port() {
while [ ! -s $ready_file -a "$counter" -lt 50 ]; do
while [ ! -s $ready_file ]; do
if [ -a "$counter" -gt 50 ]; then
break
fi
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
if [ -e $ready_file ]; then
echo -e "found ready file, starting client..."
# get created port 0 ephemeral port
@ -36,9 +39,9 @@ create_port() {
}
remove_ready_file() {
if test -e $ready_file; then
if [ -e $ready_file ]; then
echo -e "removing existing ready file"
rm $ready_file
rm $ready_file
fi
}
@ -421,6 +424,71 @@ if [ $RESULT -ne 0 ]; then
fi
echo ""
# TLS Downgrade server / TLS Downgrade client.
echo -e "\n\nTLS server and client able to downgrade but don't"
port=0
./examples/server/server -v d -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS not downgrading"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS Downgrade client resumption.
echo -e "\n\nTLS server and client able to downgrade but don't and resume"
port=0
./examples/server/server -v d -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS not downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS 1.2 client and resume.
echo -e "\n\nTLS server downgrade and resume"
port=0
./examples/server/server -v d -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS server downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS 1.2 server / TLS downgrade client and resume.
echo -e "\n\nTLS client downgrade and resume"
port=0
./examples/server/server -v 3 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS client downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS Downgrade client.
# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data.
echo -e "\n\nTLS v1.3 KeyUpdate"
port=0
@ -437,8 +505,8 @@ if [ $RESULT -ne 0 ]; then
fi
echo ""
# TLS 1.3 server / TLS 1.3 client don't use (EC)DHE with PSK.
echo -e "\n\nTLS v1.3 KeyUpdate"
# TLS 1.3 server / TLS 1.3 client - don't use (EC)DHE with PSK.
echo -e "\n\nTLS v1.3 PSK without (EC)DHE"
port=0
./examples/server/server -v 4 -r -R $ready_file -p $port &
server_pid=$!
@ -447,7 +515,7 @@ create_port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 KeyUpdate"
echo -e "\n\nIssue with TLS v1.3 PSK without (EC)DHE"
do_cleanup
exit 1
fi

6
src/bio.c
View File

@ -131,10 +131,10 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
{
int ret;
WOLFSSL_ENTER("wolfSSL_BIO_SSL_write");
WOLFSSL_ENTER("wolfSSL_BIO_SSL_read");
/* already got eof, again is error */
if (bio && front->eof)
if ((front == NULL) || front->eof)
return WOLFSSL_FATAL_ERROR;
ret = wolfSSL_read(bio->ssl, buf, len);
@ -168,7 +168,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
WOLFSSL_ENTER("wolfSSL_BIO_read");
/* start at end of list and work backwards */
while (bio->next != NULL) {
while ((bio != NULL) && (bio->next != NULL)) {
bio = bio->next;
}

12
src/crl.c
View File

@ -247,6 +247,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
ca = GetCA(crl->cm, issuerHash);
#endif /* NO_SKID */
if (ca == NULL) {
XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
WOLFSSL_MSG("Did NOT find CRL issuer CA");
return ASN_CRL_NO_SIGNER_E;
}
@ -440,11 +442,8 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return BAD_FUNC_ARG;
if (type == WOLFSSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */
EncryptedInfo info;
info.ctx = NULL;
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
if (ret == 0) {
myBuffer = der->buffer;
sz = der->length;
@ -454,6 +453,9 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
FreeDer(&der);
return -1;
}
#else
ret = NOT_COMPILED_IN;
#endif
}
#ifdef WOLFSSL_SMALL_STACK

102
src/include.am
View File

@ -23,8 +23,9 @@ ipp_DATA = $(IPPLIBS)
include_HEADERS+=$(IPPHEADERS)
endif # BUILD_FAST_RSA
# fips first file
if BUILD_FIPS
if !BUILD_FIPS_V2
# fips first file
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_first.c
src_libwolfssl_la_SOURCES += \
@ -33,16 +34,8 @@ src_libwolfssl_la_SOURCES += \
ctaocrypt/src/sha256.c
if BUILD_RSA
if BUILD_FIPS_V2
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
else
src_libwolfssl_la_SOURCES += ctaocrypt/src/rsa.c
endif
endif
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += ctaocrypt/src/aes.c
@ -61,11 +54,75 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/sha512.c
endif
src_libwolfssl_la_SOURCES += ctaocrypt/src/fips.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/fipsv2.c
src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
# fips last file
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_last.c
else
# FIPSv2 first file
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/wolfcrypt_first.c
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c
if BUILD_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
endif
if BUILD_AESNI
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
endif
if BUILD_DES3
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
endif
if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
if BUILD_SHA512
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
endif
if BUILD_SHA3
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
endif
if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
endif
if BUILD_CMAC
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
endif
src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
wolfcrypt/src/fips_test.c
# fips last file
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
endif
endif
# For FIPSV2, exclude the wolfCrypt files included above.
# For old FIPS, keep the wolfCrypt versions of the
# CtaoCrypt files included above.
if !BUILD_FIPS_V2
src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c
endif
# CAVP self test
@ -74,19 +131,22 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c
endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/hash.c \
wolfcrypt/src/cpuid.c
if !BUILD_FIPS_V2
if BUILD_RNG
src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
endif
endif
if BUILD_WOLFEVENT
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfevent.c
@ -127,32 +187,44 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sp_int.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
endif
endif
endif
if !BUILD_FIPS_V2
if BUILD_CMAC
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_DES3
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_SHA512
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
endif
endif
if !BUILD_FIPS_V2
if BUILD_SHA3
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
endif
endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \
@ -166,9 +238,11 @@ if BUILD_MEMORY
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
endif
if !BUILD_FIPS_V2
if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
endif
endif
if BUILD_ASN
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
@ -203,8 +277,10 @@ if BUILD_DSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
endif
if !BUILD_FIPS_V2
if BUILD_AESNI
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.S
endif
endif
if BUILD_CAMELLIA
@ -250,7 +326,7 @@ if BUILD_SLOWMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
endif
if !BUILD_FIPS
if !BUILD_FIPS_V2
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif

1293
src/internal.c
View File

File diff suppressed because it is too large Load Diff

19
src/keys.c
View File

@ -1416,6 +1416,25 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingAnon_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :

Some files were not shown because too many files have changed in this diff Show More