Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:WCv4.0-RC1
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
...
compare: Cyclic0007:v3.14.4
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

29 Commits
WCv4.0-RC1 ... v3.14.4

Author SHA1 Message Date
toddouska
1196a3b64d Merge pull request #1455 from dgarske/nitroxv 
Nitrox V fixes and additions
 2018-04-04 10:27:53 -07:00
David Garske
0c898f513d Nitrox V fixes and additions: 
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
 2018-04-03 09:14:20 -07:00
Eric Blankenhorn
adb817e8d2 Feature update for tls_bench test that will allow passing in arguments (#1466) 
* Feature update for tls_bench test that will allow passing in command line arguments that enable test features.
* Fix type conversion errors.
* Fixed use of uninitialized data. Declare DH arrays as const.
 2018-04-02 14:00:34 -07:00
JacobBarthelmeh
b33feb9dbf Merge pull request #1470 from kojo1/EVP 
EVP_CipherUpdate return value for inlen == 0
 2018-04-02 14:03:48 -06:00
Takashi Kojo
c60d9ff983 if(ret != 1) error 2018-04-01 13:27:08 +09:00
Takashi Kojo
1c0b84d47d openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1; 2018-04-01 12:13:18 +09:00
Chris Conlon
87c1658ab8 Merge pull request #1464 from jrblixt/unitTest_api_addPkcs7-nightlyBuildFix2 
Nightly build fix for PKCS#7 errors.
 2018-03-29 15:26:11 -06:00
toddouska
86a5330b31 Merge pull request #1462 from ejohnstown/cxxflags 
Configure Update
 2018-03-28 16:41:15 -07:00
John Safranek
e59bb43878 Configure Update 
Revise default compiler optimization flags enable name to something more descriptive.
 2018-03-28 13:19:46 -07:00
toddouska
3a8a7b8a55 Merge pull request #1458 from dgarske/cleanupthreaded 
wolfCrypt ECC FP cleanup for thread local storage cases
 2018-03-28 12:25:20 -07:00
John Safranek
e6a19bb1e8 Configure Update 
Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
 2018-03-27 16:41:39 -07:00
jrblixt
1cd6075b9d Nightly build fix. 2018-03-27 16:54:14 -06:00
David Garske
c9d840ed8d Fix for the HAVE_THEAD_LS case with FP_ECC where starting a new thead and doing ECC operations and not calling wc_ecc_fp_free. Added missing wolfCrypt_Init to API docs. 2018-03-27 14:29:39 -07:00
toddouska
f62d372bbe Merge pull request #1461 from cconlon/netbsd-update 
update NetBSD fips-check version to include selftest ECDSA fix
 2018-03-27 13:28:49 -07:00
toddouska
9de2bdce24 Merge pull request #1460 from dgarske/winecc 
Enable ECC, AES-GCM and SHA-512/384 by default in VS
 2018-03-27 13:28:23 -07:00
toddouska
504b13530e Merge pull request #1459 from cconlon/selftest_fixes 
Fix for wolfCrypt test and CAVP selftest build
 2018-03-27 13:27:28 -07:00
John Safranek
477d2413cd Configure Update 
1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS.
2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
 2018-03-27 10:23:44 -07:00
toddouska
9f231e0020 Merge pull request #1453 from dgarske/ecc508a_linux 
Support for building with `WOLFSSL_ATECC508A` on other targets
 2018-03-27 09:57:39 -07:00
David Garske
42e6ea8685 Added ECC_TIMING_RESISTANT to eliminate harden warnings. 2018-03-26 15:54:29 -07:00
David Garske
8fbc765dba Enable ECC, AES-GCM and SHA-512/384 by default in Windows Visual Studio projects. 2018-03-26 15:09:51 -07:00
Chris Conlon
9edaac8e1c update NetBSD fips-check version to include selftest ECDSA fix 2018-03-26 14:37:39 -06:00
Chris Conlon
021560035b fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS 2018-03-26 09:43:37 -06:00
Chris Conlon
d2aa7d0a37 exclude ecc_import_unsigned test when building for CAVP selftest 2018-03-23 16:31:17 -06:00
Chris Conlon
c08f5b86cf Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018 
Unit test functions for PKCS#7.
 2018-03-23 10:00:33 -06:00
jrblixt
316a2b9fb4 Review changes: Chris. 2018-03-22 15:35:25 -06:00
David Garske
0cff2f8b10 Replace use of PUB_KEY_SIZE (from CryptoAuthLib) with new ECC_MAX_CRYPTO_HW_PUBKEY_SIZE. 2018-03-22 09:45:27 -07:00
David Garske
8c4bfd825a Support for building the ATECC508A without WOLFSSL_ATMEL defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with WOLFSSL_ATECC508A defined on other targets such as Linux. 2018-03-22 09:39:21 -07:00
jrblixt
2788183e79 Known config. tests fix. 2018-03-20 14:35:26 -06:00
jrblixt
1aba6e9b44 Prepare for PR. 2018-03-16 17:07:28 -06:00
23 changed files with 1553 additions and 441 deletions
Expand all files Collapse all files

11
IDE/WIN/user_settings.h
View File

@@ -36,6 +36,17 @@
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#define HAVE_AESGCM
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS
#define HAVE_ECC
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#else
/* The servers and clients */
#define OPENSSL_EXTRA

39
configure.ac
View File

@@ -10,9 +10,11 @@ AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl]
AC_CONFIG_AUX_DIR([build-aux])
# The following sets CFLAGS to empty if unset on command line. We do not want
# the default "-g -O2" that AC_PROG_CC sets automatically.
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets
# automatically.
: ${CFLAGS=""}
: ${CXXFLAGS=""}
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
@@ -3288,8 +3290,8 @@ AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt -lcrypto $LIB_ADD"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
@@ -3298,21 +3300,17 @@ AC_ARG_WITH([cavium-v],
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/obj/cavium_common.o $trycaviumdir/api/obj/cavium_sym_crypto.o $trycaviumdir/api/obj/cavium_asym_crypto.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_CHECK_FILES([$trycaviumdir/lib/libnitrox.a], [AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"], [ENABLED_CAVIUM_V=no])
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
if test "$ENABLED_CAVIUM_V" = "no"; then
AC_MSG_ERROR([Could not find Nitrox library])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
enable_opensslextra=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
@@ -3323,6 +3321,7 @@ AC_ARG_WITH([cavium-v],
)
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM_V], [test "x$ENABLED_CAVIUM_V" = "xyes"])
# Intel Quick Assist
@@ -3841,6 +3840,14 @@ then
fi
# Default optimization CFLAGS enable
AC_ARG_ENABLE([optflags],
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
[ ENABLED_OPTFLAGS=$enableval ],
[ ENABLED_OPTFLAGS=yes ]
)
# check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
@@ -4054,6 +4061,7 @@ then
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
if test "$ax_enable_debug" = "no"
then
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
if test "$ENABLED_FASTMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
@@ -4064,6 +4072,7 @@ then
else
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
fi
])
fi
fi
@@ -4104,7 +4113,7 @@ if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS"

22
doc/dox_comments/header_files/wc_port.h
View File

@@ -1,3 +1,25 @@
/*!
\ingroup wolfCrypt
\brief Used to initialize resources used by wolfCrypt.
\return 0 upon success.
\return <0 upon failure of init resources.
\param none No parameters.
_Example_
\code
...
if (wolfCrypt_Init() != 0) {
WOLFSSL_MSG("Error with wolfCrypt_Init call");
}
\endcode
\sa wolfCrypt_Cleanup
*/
WOLFSSL_API int wolfCrypt_Init(void);
/*!
\ingroup wolfCrypt

406
examples/benchmark/tls_bench.c
View File

@@ -28,7 +28,7 @@ gcc -lwolfssl -lpthread -o tls_bench tls_bench.c
Or
#include <examples/benchmark/tls_bench.h>
bench_tls();
bench_tls(args);
*/
@@ -41,6 +41,8 @@ bench_tls();
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#include <examples/benchmark/tls_bench.h>
/* force certificate test buffers to be included via headers */
@@ -57,15 +59,16 @@ bench_tls();
#include <unistd.h>
#include <sys/time.h>
/* configuration parameters */
#define THREAD_COUNT 2
#define RUNTIME_SEC 2
#define MEM_BUFFER_SZ (1024*5)
#define MIN_DHKEY_BITS 1024
/* Defaults for configuration parameters */
#define THREAD_PAIRS 1 /* Thread pairs of server/client */
#define MEM_BUFFER_SZ (1024*16) /* Must be large enough to handle max packet size */
#define MIN_DHKEY_BITS 1024
#define RUNTIME_SEC 1
#define TEST_SIZE_BYTES (1024 * 1024)
#define TEST_PACKET_SIZE 1024
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
/* default output is tab delimited format. Uncomment these to show more */
//#define SHOW_PEER_INFO
//#define SHOW_VERBOSE_OUTPUT
static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */
static const char* kTestStr =
"Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
@@ -147,7 +150,7 @@ static const char* kTestStr =
#ifndef NO_DH
/* dh1024 p */
static unsigned char p[] =
static const unsigned char p[] =
{
0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
@@ -163,7 +166,7 @@ static unsigned char p[] =
};
/* dh1024 g */
static unsigned char g[] =
static const unsigned char g[] =
{
0x02,
};
@@ -194,6 +197,12 @@ typedef struct {
typedef struct {
const char* cipher;
/* The total number of bytes to transfer per connection */
int numBytes;
/* The data payload size in the packet. Will be padded if packet size > buffer size. */
int packetSize;
/* client messages to server in memory */
memBuf_t to_server;
@@ -209,38 +218,9 @@ typedef struct {
int shutdown;
} info_t;
#ifdef SHOW_PEER_INFO
static void showPeer(WOLFSSL* ssl)
{
WOLFSSL_CIPHER* cipher;
#ifdef HAVE_ECC
const char *name;
#endif
#ifndef NO_DH
int bits;
#endif
printf("SSL version is %s\n", wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl);
printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
#ifdef HAVE_ECC
if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
printf("SSL curve name is %s\n", name);
#endif
#ifndef NO_DH
if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
printf("SSL DH size is %d bits\n", bits);
#endif
if (wolfSSL_session_reused(ssl))
printf("SSL reused session\n");
#ifdef WOLFSSL_ALT_CERT_CHAINS
if (wolfSSL_is_peer_alt_cert_chain(ssl))
printf("Alternate cert chain used\n");
#endif
}
#endif
/* Global vars for argument parsing */
int myoptind = 0;
char* myoptarg = NULL;
/* server send callback */
static int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
@@ -353,12 +333,6 @@ static int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
}
static WC_NORETURN void err_sys(const char* msg)
{
printf("wolfSSL error: %s\n", msg);
exit(1);
}
static double gettime_secs(int reset)
{
struct timeval tv;
@@ -372,13 +346,12 @@ static void* client_thread(void* args)
{
info_t* info = (info_t*)args;
unsigned char buf[MEM_BUFFER_SZ];
unsigned char *writeBuf;
double start;
int ret, len;
int ret;
WOLFSSL_CTX* cli_ctx;
WOLFSSL* cli_ssl;
#ifdef SHOW_PEER_INFO
int haveShownPeerInfo = 0;
#endif
/* set up client */
cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
@@ -408,6 +381,16 @@ static void* client_thread(void* args)
wolfSSL_CTX_SetMinDhKey_Sz(cli_ctx, MIN_DHKEY_BITS);
#endif
/* Allocate and initialize a packet sized buffer */
writeBuf = (unsigned char*)malloc(info->packetSize);
if (writeBuf != NULL) {
strncpy((char*)writeBuf, kTestStr, info->packetSize);
*(writeBuf + info->packetSize) = '\0';
}
else {
err_sys("failed to allocate memory");
}
while (!info->shutdown) {
cli_ssl = wolfSSL_new(cli_ctx);
if (cli_ctx == NULL) err_sys("error creating client object");
@@ -426,33 +409,32 @@ static void* client_thread(void* args)
}
info->client_stats.connTime += start;
#ifdef SHOW_PEER_INFO
if (!haveShownPeerInfo) {
if ((argShowPeerInfo) && (!haveShownPeerInfo)) {
haveShownPeerInfo = 1;
showPeer(cli_ssl);
}
#endif
/* write test message to server */
len = (int)strlen(kTestStr)+1; /* include null term */
start = gettime_secs(1);
ret = wolfSSL_write(cli_ssl, kTestStr, len);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
}
while (info->client_stats.rxTotal < info->numBytes) {
start = gettime_secs(1);
ret = wolfSSL_write(cli_ssl, writeBuf, info->packetSize);
info->client_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.txTotal += ret;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, sizeof(buf)-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
}
/* read echo of message */
start = gettime_secs(1);
ret = wolfSSL_read(cli_ssl, buf, sizeof(buf)-1);
info->client_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->client_stats.rxTotal += ret;
}
/* validate echo */
if (strncmp(kTestStr, (char*)buf, strlen(kTestStr)) != 0) {
err_sys("echo check failed!\n");
/* validate echo */
if (strncmp((char*)writeBuf, (char*)buf, info->packetSize) != 0) {
err_sys("echo check failed!\n");
}
}
info->client_stats.connCount++;
@@ -462,6 +444,7 @@ static void* client_thread(void* args)
/* clean up */
wolfSSL_CTX_free(cli_ctx);
free(writeBuf);
pthread_cond_signal(&info->to_server.cond);
info->to_client.done = 1;
@@ -538,22 +521,24 @@ static void* server_thread(void* args)
info->server_stats.connTime += start;
/* read msg post handshake from client */
memset(buf, 0, sizeof(buf));
start = gettime_secs(1);
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
info->server_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.rxTotal += ret;
len = ret;
}
while (info->server_stats.txTotal < info->numBytes) {
/* read msg post handshake from client */
memset(buf, 0, sizeof(buf));
start = gettime_secs(1);
ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
info->server_stats.rxTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.rxTotal += ret;
len = ret;
}
/* write message back to client */
start = gettime_secs(1);
ret = wolfSSL_write(srv_ssl, buf, len);
info->server_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.txTotal += ret;
/* write message back to client */
start = gettime_secs(1);
ret = wolfSSL_write(srv_ssl, buf, len);
info->server_stats.txTime += gettime_secs(0) - start;
if (ret > 0) {
info->server_stats.txTotal += ret;
}
}
info->server_stats.connCount++;
@@ -605,48 +590,148 @@ static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, i
wcStat->connTime * 1000,
wcStat->connTime * 1000 / wcStat->connCount);
}
static void Usage(void)
{
printf("tls_bench " LIBWOLFSSL_VERSION_STRING
" NOTE: All files relative to wolfSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-b <num> The total <num> bytes transferred per test connection, default %d\n", TEST_SIZE_BYTES);
#ifdef DEBUG_WOLFSSL
printf("-d Enable debug messages\n");
#endif
printf("-e List Every cipher suite available\n");
printf("-i Show peer info\n");
printf("-l <str> Cipher suite list (: delimited)\n");
printf("-t <num> Time <num> (seconds) to run each test, default %d\n", RUNTIME_SEC);
printf("-p <num> The packet size <num> in bytes [1-16kB], default %d\n", TEST_PACKET_SIZE);
printf("-v Show verbose output\n");
printf("-T <num> Thread pairs of server/client, default %d\n", THREAD_PAIRS);
}
static void ShowCiphers(void)
{
char ciphers[4096];
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
if (ret == WOLFSSL_SUCCESS)
printf("%s\n", ciphers);
}
#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif
int bench_tls(void)
int bench_tls(void* args)
{
info_t theadInfo[THREAD_COUNT];
info_t* info;
info_t *theadInfo, *info;
int i, doShutdown;
char *cipher, *next_cipher, ciphers[4096];
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
int ch;
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* Vars configured by command line arguments */
int argRuntimeSec = RUNTIME_SEC;
char *argCipherList = NULL;
int argTestSizeBytes = TEST_SIZE_BYTES;
int argTestPacketSize = TEST_PACKET_SIZE;
int argThreadPairs = THREAD_PAIRS;
int argShowVerbose = SHOW_VERBOSE;
((func_args*)args)->return_code = -1; /* error state */
/* Initialize wolfSSL */
wolfSSL_Init();
/* Run for each cipher */
wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
/* Parse command line arguments */
while ((ch = mygetopt(argc, argv, "?" "b:deil:p:t:vT:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
#ifndef SHOW_VERBOSE_OUTPUT
printf("Side\tCipher\tTotal Bytes\tNum Conns\tRx ms\tTx ms\tRx MB/s\tTx MB/s\tConnect Total ms\tConnect Avg ms\n");
case 'b' :
argTestSizeBytes = atoi(myoptarg);
break;
#ifdef DEBUG_WOLFSSL
case 'd' :
wolfSSL_Debugging_ON();
break;
#endif
case 'e' :
ShowCiphers();
exit(EXIT_SUCCESS);
case 'i' :
argShowPeerInfo = 1;
break;
case 'l' :
argCipherList = myoptarg;
break;
case 'p' :
argTestPacketSize = atoi(myoptarg);
break;
case 't' :
argRuntimeSec = atoi(myoptarg);
break;
case 'v' :
argShowVerbose = 1;
break;
case 'T' :
argThreadPairs = atoi(myoptarg);
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
/* reset for test cases */
myoptind = 0;
if (argCipherList != NULL) {
/* Use the list from CL argument */
cipher = argCipherList;
}
else {
/* Run for each cipher */
wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
cipher = ciphers;
}
/* Allocate test info array */
theadInfo = (info_t*)malloc(sizeof(info_t) * argThreadPairs);
if (theadInfo != NULL) {
memset(theadInfo, 0, sizeof(info_t) * argThreadPairs);
}
/* parse by : */
cipher = ciphers;
while (cipher != NULL && cipher[0] != '\0') {
while ((cipher != NULL) && (cipher[0] != '\0') && (theadInfo != NULL)) {
next_cipher = strchr(cipher, ':');
if (next_cipher != NULL) {
cipher[next_cipher - cipher] = '\0';
}
#ifdef SHOW_VERBOSE_OUTPUT
printf("Cipher: %s\n", cipher);
#endif
if (argShowVerbose) {
printf("Cipher: %s\n", cipher);
}
memset(&theadInfo, 0, sizeof(theadInfo));
for (i=0; i<THREAD_COUNT; i++) {
info = &theadInfo[i];
for (i=0; i<argThreadPairs; i++) {
info = (info_t*)memset(&theadInfo[i], 0, sizeof(info_t));
info->cipher = cipher;
info->numBytes = argTestSizeBytes;
info->packetSize = argTestPacketSize;
pthread_mutex_init(&info->to_server.mutex, NULL);
pthread_mutex_init(&info->to_client.mutex, NULL);
@@ -662,10 +747,10 @@ int bench_tls(void)
}
/* run for x time */
sleep(RUNTIME_SEC);
sleep(argRuntimeSec);
/* mark threads to quit */
for (i = 0; i < THREAD_COUNT; ++i) {
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
info->shutdown = 1;
}
@@ -674,83 +759,92 @@ int bench_tls(void)
do {
doShutdown = 1;
for (i = 0; i < THREAD_COUNT; ++i) {
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
if (!info->to_client.done || !info->to_server.done) {
doShutdown = 0;
sleep(1); /* Allow other threads to run */
}
}
} while (!doShutdown);
#ifdef SHOW_VERBOSE_OUTPUT
printf("Shutdown complete\n");
if (argShowVerbose) {
printf("Shutdown complete\n");
/* print results */
for (i = 0; i < THREAD_COUNT; ++i) {
info = &theadInfo[i];
printf("\nThread %d\n", i);
print_stats(&info->server_stats, "Server", info->cipher, 1);
print_stats(&info->client_stats, "Server", info->cipher, 1);
}
#endif
/* print combined results for more than one thread */
{
stats_t cli_comb;
stats_t srv_comb;
memset(&cli_comb, 0, sizeof(cli_comb));
memset(&srv_comb, 0, sizeof(srv_comb));
for (i = 0; i < THREAD_COUNT; ++i) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
cli_comb.connCount += info->client_stats.connCount;
srv_comb.connCount += info->server_stats.connCount;
cli_comb.connTime += info->client_stats.connTime;
srv_comb.connTime += info->server_stats.connTime;
cli_comb.rxTotal += info->client_stats.rxTotal;
srv_comb.rxTotal += info->server_stats.rxTotal;
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
printf("\nThread %d\n", i);
print_stats(&info->server_stats, "Server", info->cipher, 1);
print_stats(&info->client_stats, "Server", info->cipher, 1);
}
}
#ifdef SHOW_VERBOSE_OUTPUT
printf("Totals for %d Threads\n", THREAD_COUNT);
#endif
/* print combined results for more than one thread */
stats_t cli_comb;
stats_t srv_comb;
memset(&cli_comb, 0, sizeof(cli_comb));
memset(&srv_comb, 0, sizeof(srv_comb));
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
cli_comb.connCount += info->client_stats.connCount;
srv_comb.connCount += info->server_stats.connCount;
cli_comb.connTime += info->client_stats.connTime;
srv_comb.connTime += info->server_stats.connTime;
cli_comb.rxTotal += info->client_stats.rxTotal;
srv_comb.rxTotal += info->server_stats.rxTotal;
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
}
if (argShowVerbose) {
printf("Totals for %d Threads\n", argThreadPairs);
}
else {
printf("Side\tCipher\tTotal Bytes\tNum Conns\tRx ms\tTx ms\tRx MB/s\tTx MB/s\tConnect Total ms\tConnect Avg ms\n");
print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0);
print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0);
}
/* target next cipher */
cipher = (next_cipher) ? next_cipher+1 : NULL;
cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL;
}
/* Cleanup and return */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
/* Cleanup the wolfSSL environment */
wolfSSL_Cleanup();
return 0; /* Return reporting a success */
/* Free theadInfo array */
free(theadInfo);
/* Return reporting a success */
return (((func_args*)args)->return_code = 0);
}
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
(void)argc;
(void)argv;
func_args args;
bench_tls();
args.argc = argc;
args.argv = argv;
return 0;
bench_tls(&args);
return(args.return_code);
}
#endif

2
examples/benchmark/tls_bench.h
View File

@@ -24,7 +24,7 @@
#define WOLFSSL_TLS_BENCH_H
int bench_tls(void);
int bench_tls(void* args);
#endif /* WOLFSSL_TLS_BENCH_H */

2
fips-check.sh
View File

@@ -66,7 +66,7 @@ CAVP_SELFTEST_ONLY="no"
# non-FIPS, CAVP only but pull in selftest
# will reset above variables below in platform switch
NETBSD_FIPS_VERSION=v3.14.2
NETBSD_FIPS_VERSION=v3.14.2a
NETBSD_FIPS_REPO=git@github.com:wolfssl/fips.git
NETBSD_CTAO_VERSION=v3.14.2
NETBSD_CTAO_REPO=git@github.com:wolfssl/wolfssl.git

796
tests/api.c
View File

@@ -30,9 +30,21 @@
#include <wolfssl/wolfcrypt/settings.h>
#ifndef FOURK_BUF
#define FOURK_BUF 4096
#endif
#ifndef TWOK_BUF
#define TWOK_BUF 2048
#endif
#ifndef ONEK_BUF
#define ONEK_BUF 1024
#endif
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif /* WOLFSSL_STAIC_MEMORY */
#ifdef WOLFSSL_ASNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
@@ -155,8 +167,6 @@
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif
static int devId = INVALID_DEVID;
#endif
#ifndef NO_AES
@@ -220,6 +230,14 @@
#include <wolfssl/wolfcrypt/hc128.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/asn.h>
#endif
#if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7)
static int devId = INVALID_DEVID;
#endif
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#ifndef ONEK_BUF
@@ -299,6 +317,32 @@ typedef struct testVector {
} testVector;
#if defined(HAVE_PKCS7)
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
int keyWrapOID;
int keyAgreeOID;
byte* cert;
size_t certSz;
byte* privateKey;
word32 privateKeySz;
} pkcs7EnvelopedVector;
#ifndef NO_PKCS7_ENCRYPTED_DATA
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
byte* encryptionKey;
word32 encryptionKeySz;
} pkcs7EncryptedVector;
#endif
#endif /* HAVE_PKCS7 */
/*----------------------------------------------------------------------------*
| Constants
@@ -4575,7 +4619,6 @@ static int test_wc_RipeMdFinal (void)
static int test_wc_InitSha3 (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3)
Sha3 sha3;
@@ -13845,6 +13888,744 @@ static int test_wc_ecc_is_valid_idx (void)
} /* END test_wc_ecc_is_valid_idx */
/*
* Testing wc_PKCS7_Init()
*/
static void test_wc_PKCS7_Init (void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_Init()");
AssertIntEQ(wc_PKCS7_Init(&pkcs7, heap, devId), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
#endif
} /* END test-wc_PKCS7_Init */
/*
* Testing wc_PKCS7_InitWithCert()
*/
static void test_wc_PKCS7_InitWithCert (void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof_client_cert_der_2048];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_2048, sizeof_client_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof_client_cert_der_1024];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
#else
unsigned char cert[ONEK_BUF];
FILE* fp;
int certSz;
fp = fopen("./certs/client_cert_der_1024", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
#endif
printf(testingFmt, "wc_PKCS7_InitWithCert()");
/* If initialization is not successful, it's free'd in init func. */
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, (word32)certSz), 0);
wc_PKCS7_Free(&pkcs7);
/* Valid initialization usage. */
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, NULL, 0), 0);
/* Pass in bad args. No need free for null checks, free at end.*/
AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, NULL, (word32)certSz),
BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
#endif
} /* END test_wc_PKCS7_InitWithCert */
/*
* Testing wc_PKCS7_EncodeData()
*/
static void test_wc_PKCS7_EncodeData (void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
byte output[FOURK_BUF];
byte data[] = "My encoded DER cert.";
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof_client_cert_der_2048];
unsigned char key[sizeof_client_key_der_2048];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof_client_cert_der_1024];
unsigned char key[sizeof_client_key_der_1024];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz;
int keySz;
fp = fopen("./certs/client_cert_der_1024", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
fp = fopen("./certs/client_key_der_1024", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
fclose(fp);
#endif
XMEMSET(output, 0, sizeof(output));
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeData()");
pkcs7.content = data;
pkcs7.contentSz = sizeof(data);
pkcs7.privateKey = key;
pkcs7.privateKeySz = keySz;
AssertIntGT(wc_PKCS7_EncodeData(&pkcs7, output, (word32)sizeof(output)), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(&pkcs7, NULL, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(&pkcs7, output, 5), BUFFER_E);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeData */
/*
* Testing wc_PKCS7_EncodeSignedData()
*/
static void test_wc_PKCS7_EncodeSignedData (void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
WC_RNG rng;
byte output[FOURK_BUF];
byte badOut[0];
word32 outputSz = (word32)sizeof(output);
word32 badOutSz = (word32)sizeof(badOut);
byte data[] = "Test data to encode.";
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof_client_key_der_2048];
byte cert[sizeof_client_cert_der_2048];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof_client_cert_der_1024];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz;
int keySz;
fp = fopen("./certs/client_cert_der_1024", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
fp = fopen("./certs/client_key_der_1024", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
fclose(fp);
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
pkcs7.content = data;
pkcs7.contentSz = (word32)sizeof(data);
pkcs7.privateKey = key;
pkcs7.privateKeySz = (word32)sizeof(key);
pkcs7.encryptOID = RSAk;
pkcs7.hashOID = SHAh;
pkcs7.rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0);
wc_PKCS7_Free(&pkcs7);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(&pkcs7, output, outputSz), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(&pkcs7, NULL, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(&pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_EncodeSignedData */
/*
* Testing wc_PKCS_VerifySignedData()
*/
static void test_wc_PKCS7_VerifySignedData(void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
WC_RNG rng;
byte output[FOURK_BUF];
byte badOut[0];
word32 outputSz = (word32)sizeof(output);
word32 badOutSz = (word32)sizeof(badOut);
byte data[] = "Test data to encode.";
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof_client_key_der_2048];
byte cert[sizeof_client_cert_der_2048];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof_client_cert_der_1024];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz;
int keySz;
fp = fopen("./certs/client_cert_der_1024", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
fp = fopen("./certs/client_key_der_1024", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
fclose(fp);
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_VerifySignedData()");
pkcs7.content = data;
pkcs7.contentSz = (word32)sizeof(data);
pkcs7.privateKey = key;
pkcs7.privateKeySz = (word32)sizeof(key);
pkcs7.encryptOID = RSAk;
pkcs7.hashOID = SHAh;
pkcs7.rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0);
wc_PKCS7_Free(&pkcs7);
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(&pkcs7, output, outputSz), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData(&pkcs7, NULL, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData(&pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_VerifySignedData() */
/*
* Testing wc_PKCS7_EncodeEnvelopedData()
*/
static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{
#if defined(HAVE_PKCS7)
PKCS7 pkcs7;
word32 tempWrd32 = 0;
byte* tmpBytePtr = NULL;
const char input[] = "Test data to encode.";
int i;
int testSz = 0;
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || !defined(NO_SHA512)))
byte* rsaCert = NULL;
byte* rsaPrivKey = NULL;
word32 rsaCertSz;
word32 rsaPrivKeySz;
#if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
!defined(USE_CERT_BUFFERS_2048) )
static const char* rsaClientCert = "./certs/client-cert.der";
static const char* rsaClientKey = "./certs/client-key.der";
rsaCertSz = (word32)sizeof(rsaClientCert);
rsaPrivKeySz = (word32)sizeof(rsaClientKey);
#endif
#endif
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || !defined(NO_SHA512)))
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz;
word32 eccPrivKeySz;
#if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
static const char* eccClientCert = "./certs/client-ecc-cert.der";
static const char* eccClientKey = "./certs/ecc-client-key.der";
#endif
#endif
/* Generic buffer size. */
byte output[ONEK_BUF];
byte decoded[sizeof(input)/sizeof(char)];
int decodedSz = 0;
#ifndef NO_FILESYSTEM
FILE* certFile;
FILE* keyFile;
#endif
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || !defined(NO_SHA512)))
/* RSA certs and keys. */
#if defined(USE_CERT_BUFFERS_1024)
/* Allocate buffer space. */
rsaCert = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_1024;
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
#elif defined(USE_CERT_BUFFERS_2048)
/* Allocate buffer */
rsaCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_2048;
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
#else
/* File system. */
certFile = fopen(rsaClientCert, "rb");
AssertNotNull(certFile);
rsaCertSz = (word32)FOURK_BUF;
rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
rsaCertSz = (word32)fread(rsaCert, 1, rsaCertSz, certFile);
fclose(certFile);
keyFile = fopen(rsaClientKey, "rb");
AssertNotNull(keyFile);
rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
rsaPrivKeySz = (word32)FOURK_BUF;
rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
fclose(keyFile);
#endif /* USE_CERT_BUFFERS */
#endif /* NO_RSA */
/* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || !defined(NO_SHA512)))
#ifdef USE_CERT_BUFFERS_256
eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* Init buffer. */
eccCertSz = (word32)sizeof_cliecc_cert_der_256;
XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
#else /* File system. */
certFile = fopen(eccClientCert, "rb");
AssertNotNull(certFile);
eccCertSz = (word32)FOURK_BUF;
eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
eccCertSz = (word32)fread(eccCert, 1, eccCertSz, certFile);
fclose(certFile);
keyFile = fopen(eccClientKey, "rb");
AssertNotNull(keyFile);
eccPrivKeySz = (word32)FOURK_BUF;
eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
eccPrivKeySz = (word32)fread(eccPrivKey, 1, eccPrivKeySz, keyFile);
fclose(keyFile);
#endif /* USE_CERT_BUFFERS_256 */
#endif /* END HAVE_ECC */
/* Silence. */
(void)keyFile;
(void)certFile;
const pkcs7EnvelopedVector testVectors[] = {
/* DATA is a global variable defined in the makefile. */
#if !defined(NO_RSA)
#ifndef NO_DES3
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#ifndef NO_AES
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_AES */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#ifndef NO_AES
#ifndef NO_SHA
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#ifndef NO_SHA256
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#ifdef WOLFSSL_SHA512
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#endif /* NO_AES */
#endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */
printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");
testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
for (i = 0; i < testSz; i++) {
AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert,
(word32)(testVectors + i)->certSz), 0);
pkcs7.content = (byte*)(testVectors + i)->content;
pkcs7.contentSz = (testVectors + i)->contentSz;
pkcs7.contentOID = (testVectors + i)->contentOID;
pkcs7.encryptOID = (testVectors + i)->encryptOID;
pkcs7.keyWrapOID = (testVectors + i)->keyWrapOID;
pkcs7.keyAgreeOID = (testVectors + i)->keyAgreeOID;
pkcs7.privateKey = (testVectors + i)->privateKey;
pkcs7.privateKeySz = (testVectors + i)->privateKeySz;
AssertIntGE(wc_PKCS7_EncodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output)), 0);
decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded));
AssertIntGE(decodedSz, 0);
/* Verify the size of each buffer. */
AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
/* Don't free the last time through the loop. */
if (i < testSz - 1 ){
wc_PKCS7_Free(&pkcs7);
}
} /* END test loop. */
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(&pkcs7, NULL,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(&pkcs7, output, 0), BAD_FUNC_ARG);
printf(resultFmt, passed);
/* Decode. */
printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, NULL,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
tempWrd32 = pkcs7.singleCertSz;
pkcs7.singleCertSz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7.singleCertSz = tempWrd32;
tempWrd32 = pkcs7.privateKeySz;
pkcs7.privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7.privateKeySz = tempWrd32;
tmpBytePtr = pkcs7.singleCert;
pkcs7.singleCert = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7.singleCert = tmpBytePtr;
tmpBytePtr = pkcs7.privateKey;
pkcs7.privateKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(&pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7.privateKey = tmpBytePtr;
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
#ifndef NO_RSA
if (rsaCert) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (rsaPrivKey) {
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /*NO_RSA */
#ifdef HAVE_ECC
if (eccCert) {
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (eccPrivKey) {
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_ECC */
#endif /* HAVE_PKCS7 */
} /* END test_wc_PKCS7_EncodeEnvelopedData() */
/*
* Testing wc_PKCS7_EncodeEncryptedData()
*/
static void test_wc_PKCS7_EncodeEncryptedData (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
PKCS7 pkcs7;
byte* tmpBytePtr = NULL;
byte encrypted[TWOK_BUF];
byte decoded[TWOK_BUF];
word32 tmpWrd32 = 0;
int tmpInt = 0;
int decodedSz;
int encryptedSz;
int testSz;
int i;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_DES3
byte desKey[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
byte des3Key[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
#endif
#ifndef NO_AES
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
byte aes192Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* NO_DES3 */
#ifndef NO_AES
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
{data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
sizeof(aes192Key)},
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key)},
#endif /* NO_AES */
};
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
for (i = 0; i < testSz; i++) {
AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0);
pkcs7.content = (byte*)testVectors[i].content;
pkcs7.contentSz = testVectors[i].contentSz;
pkcs7.contentOID = testVectors[i].contentOID;
pkcs7.encryptOID = testVectors[i].encryptOID;
pkcs7.encryptionKey = testVectors[i].encryptionKey;
pkcs7.encryptionKeySz = testVectors[i].encryptionKeySz;
pkcs7.heap = HEAP_HINT;
/* encode encryptedData */
encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted));
AssertIntGT(encryptedSz, 0);
/* Decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded));
AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
/* Keep values for last itr. */
if (i < testSz - 1) {
wc_PKCS7_Free(&pkcs7);
}
}
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
sizeof(encrypted)),BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, NULL,
sizeof(encrypted)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
0), BAD_FUNC_ARG);
/* Testing the struct. */
tmpBytePtr = pkcs7.content;
pkcs7.content = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7.content = tmpBytePtr;
tmpWrd32 = pkcs7.contentSz;
pkcs7.contentSz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7.contentSz = tmpWrd32;
tmpInt = pkcs7.encryptOID;
pkcs7.encryptOID = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7.encryptOID = tmpInt;
tmpBytePtr = pkcs7.encryptionKey;
pkcs7.encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7.encryptionKey = tmpBytePtr;
tmpWrd32 = pkcs7.encryptionKeySz;
pkcs7.encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7.encryptionKeySz = tmpWrd32;
printf(resultFmt, passed);
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, NULL, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, 0,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
NULL, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
decoded, 0), BAD_FUNC_ARG);
/* Test struct fields */
tmpBytePtr = pkcs7.encryptionKey;
pkcs7.encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
pkcs7.encryptionKey = tmpBytePtr;
pkcs7.encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(&pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeEncryptedData() */
/*----------------------------------------------------------------------------*
@@ -17879,6 +18660,15 @@ void ApiTest(void)
AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
AssertIntEQ(test_wc_ecc_mulmod(), 0);
AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
test_wc_PKCS7_Init();
test_wc_PKCS7_InitWithCert();
test_wc_PKCS7_EncodeData();
test_wc_PKCS7_EncodeSignedData();
test_wc_PKCS7_VerifySignedData();
test_wc_PKCS7_EncodeDecodeEnvelopedData();
test_wc_PKCS7_EncodeEncryptedData();
printf(" End API Tests\n");
}

5
wolfcrypt/benchmark/benchmark.c
View File

@@ -1439,6 +1439,11 @@ exit:
wolfAsync_DevClose(&devId);
#endif
/* cleanup the thread if fixed point cache is enabled and have thread local */
#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
wc_ecc_fp_free();
#endif
(void)bench_cipher_algs;
(void)bench_digest_algs;
(void)bench_mac_algs;

22
wolfcrypt/src/aes.c
View File

@@ -7544,10 +7544,17 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
/* only 12-byte IV is supported in HW */
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES &&
sz >= WC_ASYNC_THRESH_AES_GCM) {
sz >= WC_ASYNC_THRESH_AES_GCM && ivSz == NONCE_SZ) {
#if defined(HAVE_CAVIUM)
/* Not yet supported, contact wolfSSL if interested in using */
#ifdef HAVE_CAVIUM_V
if (authInSz == 20) { /* Nitrox V GCM is only working with 20 byte AAD */
return NitroxAesGcmEncrypt(aes, out, in, sz,
(const byte*)aes->asyncKey, aes->keylen, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}
#endif
#elif defined(HAVE_INTEL_QA)
return IntelQaSymAesGcmEncrypt(&aes->asyncDev, out, in, sz,
(const byte*)aes->asyncKey, aes->keylen, iv, ivSz,
@@ -7887,10 +7894,17 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
/* if async and byte count above threshold */
/* only 12-byte IV is supported in HW */
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES &&
sz >= WC_ASYNC_THRESH_AES_GCM) {
sz >= WC_ASYNC_THRESH_AES_GCM && ivSz == NONCE_SZ) {
#if defined(HAVE_CAVIUM)
/* Not yet supported, contact wolfSSL if interested in using */
#ifdef HAVE_CAVIUM_V
if (authInSz == 20) { /* Nitrox V GCM is only working with 20 byte AAD */
return NitroxAesGcmDecrypt(aes, out, in, sz,
(const byte*)aes->asyncKey, aes->keylen, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}
#endif
#elif defined(HAVE_INTEL_QA)
return IntelQaSymAesGcmDecrypt(&aes->asyncDev, out, in, sz,
(const byte*)aes->asyncKey, aes->keylen, iv, ivSz,

6
wolfcrypt/src/asn.c
View File

@@ -1208,7 +1208,9 @@ static const byte extCertPolicyOid[] = {85, 29, 32};
static const byte extKeyUsageOid[] = {85, 29, 15};
static const byte extInhibitAnyOid[] = {85, 29, 54};
static const byte extExtKeyUsageOid[] = {85, 29, 37};
static const byte extNameConsOid[] = {85, 29, 30};
#ifndef IGNORE_NAME_CONSTRAINTS
static const byte extNameConsOid[] = {85, 29, 30};
#endif
/* certAuthInfoType */
#ifdef HAVE_OCSP
@@ -5532,7 +5534,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
/* make sure we're right justified */
encodedSigSz = wc_EncodeSignature(encodedSig,
sigCtx->digest, sigCtx->digestSz, sigCtx->typeH);
if (encodedSigSz == verifySz &&
if (encodedSigSz == verifySz && sigCtx->out != NULL &&
XMEMCMP(sigCtx->out, encodedSig, encodedSigSz) == 0) {
ret = 0;
}

467
wolfcrypt/src/ecc.c
View File

@@ -2728,6 +2728,49 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
}
#ifdef WOLFSSL_ASYNC_CRYPT
static INLINE int wc_ecc_alloc_mpint(ecc_key* key, mp_int** mp)
{
if (key == NULL || mp == NULL)
return BAD_FUNC_ARG;
if (*mp == NULL) {
*mp = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT);
if (*mp == NULL) {
return MEMORY_E;
}
XMEMSET(*mp, 0, sizeof(mp_int));
}
return 0;
}
static INLINE void wc_ecc_free_mpint(ecc_key* key, mp_int** mp)
{
if (key && mp && *mp) {
mp_clear(*mp);
XFREE(*mp, key->heap, DYNAMIC_TYPE_BIGINT);
*mp = NULL;
}
}
static int wc_ecc_alloc_async(ecc_key* key)
{
int err = wc_ecc_alloc_mpint(key, &key->r);
if (err == 0)
err = wc_ecc_alloc_mpint(key, &key->s);
return err;
}
static void wc_ecc_free_async(ecc_key* key)
{
wc_ecc_free_mpint(key, &key->r);
wc_ecc_free_mpint(key, &key->s);
#ifdef HAVE_CAVIUM_V
wc_ecc_free_mpint(key, &key->e);
wc_ecc_free_mpint(key, &key->signK);
#endif /* HAVE_CAVIUM_V */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_ECC_DHE
/**
Create an ECC shared secret between two keys
@@ -2872,26 +2915,45 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
{
int err;
#ifdef HAVE_CAVIUM
/* TODO: Not implemented - use software for now */
err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen, curve);
#if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
#ifdef HAVE_CAVIUM_V
/* verify the curve is supported by hardware */
if (NitroxEccIsCurveSupported(private_key))
#endif
{
word32 keySz = private_key->dp->size;
#elif defined(HAVE_INTEL_QA)
/* sync public key x/y */
err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&private_key->k, &private_key->k.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(point->x, &point->x->raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(point->y, &point->y->raw);
if (err == MP_OKAY)
err = IntelQaEcdh(&private_key->asyncDev,
&private_key->k.raw, &point->x->raw, &point->y->raw,
out, outlen,
&curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
private_key->dp->cofactor);
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
/* sync public key x/y */
err = wc_mp_to_bigint_sz(&private_key->k, &private_key->k.raw, keySz);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(point->x, &point->x->raw, keySz);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(point->y, &point->y->raw, keySz);
#ifdef HAVE_CAVIUM_V
/* allocate buffer for output */
if (err == MP_OKAY)
err = wc_ecc_alloc_mpint(private_key, &private_key->e);
if (err == MP_OKAY)
err = wc_bigint_alloc(&private_key->e->raw,
NitroxEccGetSize(private_key)*2);
if (err == MP_OKAY)
err = NitroxEcdh(private_key,
&private_key->k.raw, &point->x->raw, &point->y->raw,
private_key->e->raw.buf, &private_key->e->raw.len,
&curve->prime->raw);
#else
if (err == MP_OKAY)
err = wc_ecc_curve_load(private_key->dp, &curve, ECC_CURVE_FIELD_BF);
if (err == MP_OKAY)
err = IntelQaEcdh(&private_key->asyncDev,
&private_key->k.raw, &point->x->raw, &point->y->raw,
out, outlen,
&curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
private_key->dp->cofactor);
#endif
return err;
}
#elif defined(WOLFSSL_ASYNC_CRYPT_TEST)
if (wc_AsyncTestInit(&private_key->asyncDev, ASYNC_TEST_ECC_SHARED_SEC)) {
WC_ASYNC_TEST* testDev = &private_key->asyncDev.test;
testDev->eccSharedSec.private_key = private_key;
@@ -2900,9 +2962,11 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
testDev->eccSharedSec.outLen = outlen;
return WC_PENDING_E;
}
err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen, curve);
#endif
/* use sync in other cases */
err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen, curve);
return err;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2983,6 +3047,18 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
case ECC_STATE_SHARED_SEC_RES:
private_key->state = ECC_STATE_SHARED_SEC_RES;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM_V
/* verify the curve is supported by hardware */
if (NitroxEccIsCurveSupported(private_key)) {
/* copy output */
*outlen = private_key->dp->size;
XMEMCPY(out, private_key->e->raw.buf, *outlen);
}
#endif /* HAVE_CAVIUM_V */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
err = 0;
break;
@@ -2996,6 +3072,10 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
return err;
}
/* cleanup */
#ifdef WOLFSSL_ASYNC_CRYPT
wc_ecc_free_async(private_key);
#endif
private_key->state = ECC_STATE_NONE;
return err;
@@ -3271,9 +3351,12 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
}
/* populate key->pubkey */
err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw, 32);
err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw,
ECC_MAX_CRYPTO_HW_SIZE);
if (err = MP_OKAY)
err = mp_read_unsigned_bin(key->pubkey.y, key->pubkey_raw + 32, 32);
err = mp_read_unsigned_bin(key->pubkey.y,
key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE,
ECC_MAX_CRYPTO_HW_SIZE);
#else
#ifdef WOLFSSL_HAVE_SP_ECC
@@ -3394,66 +3477,6 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
return wc_ecc_make_key_ex(rng, keysize, key, ECC_CURVE_DEF);
}
static INLINE int wc_ecc_alloc_rs(ecc_key* key, mp_int** r, mp_int** s)
{
int err = 0;
#ifndef WOLFSSL_ASYNC_CRYPT
(void)key;
#endif
if (*r == NULL) {
#ifdef WOLFSSL_ASYNC_CRYPT
*r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT);
if (*r == NULL) {
return MEMORY_E;
}
key->r = *r;
#endif
}
if (*s == NULL) {
#ifdef WOLFSSL_ASYNC_CRYPT
*s = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_BIGINT);
if (*s == NULL) {
XFREE(*r, key->heap, DYNAMIC_TYPE_BIGINT);
return MEMORY_E;
}
key->s = *s;
#endif
}
/* initialize mp_int */
if (*r)
XMEMSET(*r, 0, sizeof(mp_int));
if (*s)
XMEMSET(*s, 0, sizeof(mp_int));
return err;
}
static INLINE void wc_ecc_free_rs(ecc_key* key, mp_int** r, mp_int** s)
{
if (*r) {
mp_clear(*r);
#ifdef WOLFSSL_ASYNC_CRYPT
XFREE(*r, key->heap, DYNAMIC_TYPE_BIGINT);
key->r = NULL;
#endif
*r = NULL;
}
if (*s) {
mp_clear(*s);
#ifdef WOLFSSL_ASYNC_CRYPT
XFREE(*s, key->heap, DYNAMIC_TYPE_BIGINT);
key->s = NULL;
#endif
*s = NULL;
}
(void)key;
}
/* Setup dynamic pointers if using normal math for proper freeing */
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
{
@@ -3609,8 +3632,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
mp_int *r = NULL, *s = NULL;
#ifndef WOLFSSL_ASYNC_CRYPT
mp_int r_lcl, s_lcl;
r = &r_lcl;
s = &s_lcl;
#endif
if (in == NULL || out == NULL || outlen == NULL || key == NULL ||
@@ -3618,15 +3639,22 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
return ECC_BAD_ARG_E;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = wc_ecc_alloc_async(key);
if (err != 0)
return err;
r = key->r;
s = key->s;
#else
r = &r_lcl;
s = &s_lcl;
#endif
switch(key->state) {
case ECC_STATE_NONE:
case ECC_STATE_SIGN_DO:
key->state = ECC_STATE_SIGN_DO;
err = wc_ecc_alloc_rs(key, &r, &s);
if (err != 0)
break;
if ((err = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY){
break;
}
@@ -3647,13 +3675,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
key->state = ECC_STATE_SIGN_ENCODE;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
/* restore r/s */
r = key->r;
s = key->s;
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
/* only do this if not simulator, since it overwrites result */
#ifdef HAVE_CAVIUM_V
/* Nitrox requires r and s in sep buffer, so split it */
NitroxEccRsSplit(key, &r->raw, &s->raw);
#endif
#ifndef WOLFSSL_ASYNC_CRYPT_TEST
/* only do this if not simulator, since it overwrites result */
wc_bigint_to_mp(&r->raw, r);
wc_bigint_to_mp(&s->raw, s);
#endif
@@ -3663,7 +3691,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
/* encoded with DSA header */
err = StoreECC_DSA_Sig(out, outlen, r, s);
/* always free r/s */
/* done with R/S */
mp_clear(r);
mp_clear(s);
break;
@@ -3680,7 +3708,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
}
/* cleanup */
wc_ecc_free_rs(key, &r, &s);
#ifdef WOLFSSL_ASYNC_CRYPT
wc_ecc_free_async(key);
#endif
key->state = ECC_STATE_NONE;
return err;
@@ -3702,8 +3732,12 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
{
int err;
#ifndef WOLFSSL_SP_MATH
mp_int e;
mp_int* e;
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
mp_int e_lcl;
#endif
#endif /* !WOLFSSL_SP_MATH */
DECLARE_CURVE_SPECS(1)
if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL)
@@ -3736,7 +3770,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->heap);
#endif
}
#endif
#endif /* WOLFSSL_HAVE_SP_ECC */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
defined(WOLFSSL_ASYNC_CRYPT_TEST)
@@ -3754,9 +3789,18 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
}
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V)
err = wc_ecc_alloc_mpint(key, &key->e);
if (err != 0)
return err;
e = key->e;
#else
e = &e_lcl;
#endif
/* get the hash and load it as a bignum into 'e' */
/* init the bignums */
if ((err = mp_init(&e)) != MP_OKAY) {
if ((err = mp_init(e)) != MP_OKAY) {
return err;
}
@@ -3771,11 +3815,11 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
/* truncate down to byte size, may be all that's needed */
if ((WOLFSSL_BIT_SIZE * inlen) > orderBits)
inlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE;
err = mp_read_unsigned_bin(&e, (byte*)in, inlen);
err = mp_read_unsigned_bin(e, (byte*)in, inlen);
/* may still need bit truncation too */
if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * inlen) > orderBits)
mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
mp_rshb(e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
}
/* make up a key and export the public copy */
@@ -3785,40 +3829,74 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#elif defined(HAVE_INTEL_QA)
mp_int k;
#if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
#ifdef HAVE_CAVIUM_V
if (NitroxEccIsCurveSupported(key))
#endif
{
word32 keySz = key->dp->size;
mp_int* k;
#ifdef HAVE_CAVIUM_V
err = wc_ecc_alloc_mpint(key, &key->signK);
if (err != 0)
return err;
k = key->signK;
#else
mp_int k_lcl;
k = &k_lcl;
#endif
err = mp_init(&k);
/* make sure r and s are allocated */
if (err == MP_OKAY)
err = wc_bigint_alloc(&key->r->raw, key->dp->size);
if (err == MP_OKAY)
err = wc_bigint_alloc(&key->s->raw, key->dp->size);
/* load e and k */
if (err == MP_OKAY)
err = wc_mp_to_bigint(&e, &e.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->k, &key->k.raw);
if (err == MP_OKAY)
err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL);
if (err == MP_OKAY)
err = wc_ecc_gen_k(rng, key->dp->size, &k, curve->order);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&k, &k.raw);
if (err == MP_OKAY)
err = IntelQaEcdsaSign(&key->asyncDev, &e.raw, &key->k.raw,
&k.raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw,
&curve->prime->raw, &curve->order->raw, &curve->Gx->raw,
&curve->Gy->raw);
err = mp_init(k);
mp_clear(&e);
mp_clear(&k);
wc_ecc_curve_free(curve);
/* make sure r and s are allocated */
#ifdef HAVE_CAVIUM_V
/* Nitrox V needs single buffer for R and S */
if (err == MP_OKAY)
err = wc_bigint_alloc(&key->r->raw, NitroxEccGetSize(key)*2);
/* Nitrox V only needs Prime and Order */
if (err == MP_OKAY)
err = wc_ecc_curve_load(key->dp, &curve,
(ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_ORDER));
#else
if (err == MP_OKAY)
err = wc_bigint_alloc(&key->r->raw, key->dp->size);
if (err == MP_OKAY)
err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL);
#endif
if (err == MP_OKAY)
err = wc_bigint_alloc(&key->s->raw, key->dp->size);
return err;
#endif
/* load e and k */
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(e, &e->raw, keySz);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(&key->k, &key->k.raw, keySz);
if (err == MP_OKAY)
err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(k, &k->raw, keySz);
#ifdef HAVE_CAVIUM_V
if (err == MP_OKAY)
err = NitroxEcdsaSign(key, &e->raw, &key->k.raw, &k->raw,
&r->raw, &s->raw, &curve->prime->raw, &curve->order->raw);
#else
if (err == MP_OKAY)
err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k.raw,
&k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw,
&curve->prime->raw, &curve->order->raw, &curve->Gx->raw,
&curve->Gy->raw);
#endif
#ifndef HAVE_CAVIUM_V
mp_clear(e);
mp_clear(k);
#endif
wc_ecc_curve_free(curve);
return err;
}
#endif /* HAVE_CAVIUM_V || HAVE_INTEL_QA */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -3862,7 +3940,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
if (err != MP_OKAY) break;
/* s = e + xr */
err = mp_add(&e, s, s);
err = mp_add(e, s, s);
if (err != MP_OKAY) break;
/* s = e + xr */
@@ -3880,9 +3958,9 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
}
}
mp_clear(&e);
mp_clear(e);
wc_ecc_curve_free(curve);
#endif
#endif /* WOLFSSL_SP_MATH */
return err;
}
@@ -3921,9 +3999,11 @@ int wc_ecc_free(ecc_key* key)
return 0;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
#ifdef WOLFSSL_ASYNC_CRYPT
#ifdef WC_ASYNC_ENABLE_ECC
wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC);
wc_ecc_free_rs(key, &key->r, &key->s);
#endif
wc_ecc_free_async(key);
#endif
#ifdef WOLFSSL_ATECC508A
@@ -4203,14 +4283,23 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
mp_int *r = NULL, *s = NULL;
#ifndef WOLFSSL_ASYNC_CRYPT
mp_int r_lcl, s_lcl;
r = &r_lcl;
s = &s_lcl;
#endif
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
return ECC_BAD_ARG_E;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = wc_ecc_alloc_async(key);
if (err != 0)
return err;
r = key->r;
s = key->s;
#else
r = &r_lcl;
s = &s_lcl;
#endif
switch(key->state) {
case ECC_STATE_NONE:
case ECC_STATE_VERIFY_DECODE:
@@ -4223,10 +4312,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
* If either of those don't allocate correctly, none of
* the rest of this function will execute, and everything
* gets cleaned up at the end. */
err = wc_ecc_alloc_rs(key, &r, &s);
if (err != 0)
break;
/* decode DSA header */
err = DecodeECC_DSA_Sig(sig, siglen, r, s);
if (err < 0) {
@@ -4247,12 +4332,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
key->state = ECC_STATE_VERIFY_RES;
err = 0;
#ifdef WOLFSSL_ASYNC_CRYPT
/* restore r/s */
r = key->r;
s = key->s;
#endif
/* done with R/S */
mp_clear(r);
mp_clear(s);
@@ -4269,7 +4348,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
}
/* cleanup */
wc_ecc_free_rs(key, &r, &s);
#ifdef WOLFSSL_ASYNC_CRYPT
wc_ecc_free_async(key);
#endif
key->state = ECC_STATE_NONE;
return err;
@@ -4291,19 +4372,20 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
word32 hashlen, int* res, ecc_key* key)
{
int err;
#ifndef WOLFSSL_ATECC508A
#ifndef WOLFSSL_SP_MATH
#ifdef WOLFSSL_ATECC508A
byte sigRS[ATECC_KEY_SIZE*2];
#elif !defined(WOLFSSL_SP_MATH)
int did_init = 0;
ecc_point *mG = NULL, *mQ = NULL;
mp_int v;
mp_int w;
mp_int u1;
mp_int u2;
mp_int e;
DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT)
mp_int* e;
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
mp_int e_lcl;
#endif
#else
byte sigRS[ATECC_KEY_SIZE*2];
DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT)
#endif
if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL)
@@ -4383,7 +4465,16 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
#endif
#endif
err = mp_init(&e);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V)
err = wc_ecc_alloc_mpint(key, &key->e);
if (err != 0)
return err;
e = key->e;
#else
e = &e_lcl;
#endif
err = mp_init(e);
if (err != MP_OKAY)
return MEMORY_E;
@@ -4407,36 +4498,48 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* truncate down to byte size, may be all that's needed */
if ( (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
hashlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE;
err = mp_read_unsigned_bin(&e, hash, hashlen);
err = mp_read_unsigned_bin(e, hash, hashlen);
/* may still need bit truncation too */
if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * hashlen) > orderBits)
mp_rshb(&e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
mp_rshb(e, WOLFSSL_BIT_SIZE - (orderBits & 0x7));
}
/* check for async hardware acceleration */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#elif defined(HAVE_INTEL_QA)
err = wc_mp_to_bigint(&e, &e.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(key->pubkey.y, &key->pubkey.y->raw);
if (err == MP_OKAY)
err = IntelQaEcdsaVerify(&key->asyncDev, &e.raw, &key->pubkey.x->raw,
&key->pubkey.y->raw, &r->raw, &s->raw, &curve->Af->raw,
&curve->Bf->raw, &curve->prime->raw, &curve->order->raw,
&curve->Gx->raw, &curve->Gy->raw, res);
mp_clear(&e);
wc_ecc_curve_free(curve);
return err;
#if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
#ifdef HAVE_CAVIUM_V
if (NitroxEccIsCurveSupported(key))
#endif
{
word32 keySz = key->dp->size;
err = wc_mp_to_bigint_sz(e, &e->raw, keySz);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(key->pubkey.x, &key->pubkey.x->raw, keySz);
if (err == MP_OKAY)
err = wc_mp_to_bigint_sz(key->pubkey.y, &key->pubkey.y->raw, keySz);
if (err == MP_OKAY)
#ifdef HAVE_CAVIUM_V
err = NitroxEcdsaVerify(key, &e->raw, &key->pubkey.x->raw,
&key->pubkey.y->raw, &r->raw, &s->raw,
&curve->prime->raw, &curve->order->raw, res);
#else
err = IntelQaEcdsaVerify(&key->asyncDev, &e->raw, &key->pubkey.x->raw,
&key->pubkey.y->raw, &r->raw, &s->raw, &curve->Af->raw,
&curve->Bf->raw, &curve->prime->raw, &curve->order->raw,
&curve->Gx->raw, &curve->Gy->raw, res);
#endif
#ifndef HAVE_CAVIUM_V
mp_clear(e);
#endif
wc_ecc_curve_free(curve);
return err;
}
#endif /* HAVE_CAVIUM_V || HAVE_INTEL_QA */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -4462,7 +4565,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* u1 = ew */
if (err == MP_OKAY)
err = mp_mulmod(&e, &w, curve->order, &u1);
err = mp_mulmod(e, &w, curve->order, &u1);
/* u2 = rw */
if (err == MP_OKAY)
@@ -4491,7 +4594,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
err = wc_ecc_mulmod_ex(&u2, mQ, mQ, curve->Af, curve->prime, 0, key->heap);
if (err == MP_OKAY)
err = wc_ecc_point_add(mG, mQ, mG, curve->prime);
#else /* FREESCALE_LTC_ECC */
#else
#ifndef ECC_SHAMIR
{
mp_digit mp = 0;
@@ -4541,7 +4644,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
wc_ecc_del_point_h(mG, key->heap);
wc_ecc_del_point_h(mQ, key->heap);
mp_clear(&e);
mp_clear(e);
if (did_init) {
mp_clear(&v);
mp_clear(&w);
@@ -4551,7 +4654,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
wc_ecc_curve_free(curve);
#endif
#endif /* WOLFSSL_SP_MATH */
#endif /* WOLFSSL_ATECC508A */
return err;
@@ -4616,7 +4719,7 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
#ifdef WOLFSSL_ATECC508A
/* populate key->pubkey_raw */
XMEMCPY(key->pubkey_raw, (byte*)in, PUB_KEY_SIZE);
XMEMCPY(key->pubkey_raw, (byte*)in, sizeof(key->pubkey_raw));
#endif
/* read data */

5
wolfcrypt/src/evp.c
View File

@@ -315,12 +315,13 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
int blocks;
int fill;
*outl = 0;
if ((ctx == NULL) || (inl < 0) ||
(outl == NULL)|| (out == NULL) || (in == NULL)) return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
if (inl == 0) return WOLFSSL_FAILURE;
*outl = 0;
if (inl == 0) return WOLFSSL_SUCCESS;
if (ctx->bufUsed > 0) { /* concatinate them if there is anything */
fill = fillBuff(ctx, in, inl);
inl -= fill;

57
wolfcrypt/src/hmac.c
View File

@@ -287,23 +287,6 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
#if defined(HAVE_CAVIUM)
if (length > WC_HMAC_BLOCK_SIZE) {
return WC_KEY_SIZE_E;
}
if (key != NULL) {
XMEMCPY(hmac->ipad, key, length);
}
hmac->keyLen = (word16)length;
return 0; /* nothing to do here */
#endif /* HAVE_CAVIUM */
}
#endif /* WOLFSSL_ASYNC_CRYPT */
ret = _InitHmac(hmac, type, heap);
if (ret != 0)
return ret;
@@ -545,13 +528,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
#if defined(HAVE_INTEL_QA)
if (length > hmac_block_size)
length = hmac_block_size;
/* update key length */
hmac->keyLen = (word16)length;
#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
#ifdef HAVE_INTEL_QA
if (IntelQaHmacGetType(hmac->macType, NULL) == 0)
#endif
{
if (length > hmac_block_size)
length = hmac_block_size;
/* update key length */
hmac->keyLen = (word16)length;
return ret;
return ret;
}
/* no need to pad below */
#endif
}
@@ -667,8 +655,10 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
#if defined(HAVE_CAVIUM)
return NitroxHmacUpdate(hmac, msg, length);
#elif defined(HAVE_INTEL_QA)
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, NULL, msg, length);
}
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -759,10 +749,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
return hashLen;
#if defined(HAVE_CAVIUM)
return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen);
return NitroxHmacFinal(hmac, hash, hashLen);
#elif defined(HAVE_INTEL_QA)
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
if (IntelQaHmacGetType(hmac->macType, NULL) == 0) {
return IntelQaHmac(&hmac->asyncDev, hmac->macType,
(byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen);
}
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -982,10 +974,6 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
hmac->keyLen = 0;
#ifdef HAVE_CAVIUM
hmac->dataLen = 0;
hmac->data = NULL; /* buffered input data */
#endif /* HAVE_CAVIUM */
ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC,
hmac->heap, devId);
@@ -1004,11 +992,6 @@ void wc_HmacFree(Hmac* hmac)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
wolfAsync_DevCtxFree(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC);
#ifdef HAVE_CAVIUM
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_HMAC);
hmac->data = NULL;
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
}

9
wolfcrypt/src/pkcs7.c
View File

@@ -261,6 +261,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
void* heap;
if (pkcs7 == NULL || (cert == NULL && certSz != 0)) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_HEAP_TEST
heap = (void*)WOLFSSL_HEAP_TEST;
#else
@@ -450,6 +454,10 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
word32 oidSz = (word32)sizeof(oid);
int idx = 0;
if (pkcs7 == NULL || output == NULL) {
return BAD_FUNC_ARG;
}
octetStrSz = SetOctetString(pkcs7->contentSz, octetStr);
seqSz = SetSequence(pkcs7->contentSz + octetStrSz + oidSz, seq);
@@ -4943,7 +4951,6 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
if (pkiMsg == NULL || pkiMsgSz == 0 ||
output == NULL || outputSz == 0)
return BAD_FUNC_ARG;
/* read past ContentInfo, verify type is encrypted-data */
if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;

10
wolfcrypt/src/port/atmel/atmel.c
View File

@@ -25,18 +25,20 @@
#include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_ATMEL
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/ssl.h>
#include <wolfssl/internal.h>
#ifdef WOLFSSL_ATMEL
#define Aes Aes_Remap
#define Gmac Gmac_Remap
#include "asf.h"
#undef Aes
#undef Gmac
#endif /* WOLFSSL_ATMEL */
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
@@ -102,16 +104,20 @@ int atmel_get_random_block(unsigned char* output, unsigned int sz)
return atmel_get_random_number((uint32_t)sz, (uint8_t*)output);
}
#ifdef WOLFSSL_ATMEL
extern struct rtc_module *_rtc_instance[RTC_INST_NUM];
#endif
long atmel_get_curr_time_and_date(long* tm)
{
(void)tm;
#ifdef WOLFSSL_ATMEL
/* Get current time */
//struct rtc_calendar_time rtcTime;
//rtc_calendar_get_time(_rtc_instance[0], &rtcTime);
/* Convert rtc_calendar_time to seconds since UTC */
#endif
return 0;
}
@@ -241,4 +247,4 @@ void atmel_init(void)
}
}
#endif /* WOLFSSL_ATMEL */
#endif /* WOLFSSL_ATMEL || WOLFSSL_ATECC508A */

29
wolfcrypt/src/rsa.c
View File

@@ -1465,6 +1465,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef HAVE_CAVIUM
key->dataLen = key->n.raw.len;
ret = NitroxRsaExptMod(in, inLen,
key->d.raw.buf, key->d.raw.len,
key->n.raw.buf, key->n.raw.len,
@@ -1489,6 +1490,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef HAVE_CAVIUM
key->dataLen = key->n.raw.len;
ret = NitroxRsaExptMod(in, inLen,
key->e.raw.buf, key->e.raw.len,
key->n.raw.buf, key->n.raw.len,
@@ -1731,7 +1733,8 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && key->n.raw.buf) {
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
pad_type != WC_RSA_PSS_PAD && key->n.raw.buf) {
/* Async operations that include padding */
if (rsa_type == RSA_PUBLIC_ENCRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
@@ -1833,14 +1836,14 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
/* Async operations that include padding */
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
pad_type != WC_RSA_PSS_PAD) {
if (rsa_type == RSA_PRIVATE_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_2) {
key->state = RSA_STATE_DECRYPT_RES;
key->data = NULL;
if (outPtr)
*outPtr = in;
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen, key);
return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen,
key);
}
else if (rsa_type == RSA_PUBLIC_DECRYPT &&
pad_value == RSA_BLOCK_TYPE_1) {
@@ -1911,14 +1914,14 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
case RSA_STATE_DECRYPT_RES:
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \
defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
/* return event ret */
ret = key->asyncDev.event.ret;
if (ret == 0) {
/* convert result */
byte* dataLen = (byte*)&key->dataLen;
ret = (dataLen[0] << 8) | (dataLen[1]);
}
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA &&
pad_type != WC_RSA_PSS_PAD) {
/* convert result */
byte* dataLen = (byte*)&key->dataLen;
ret = (dataLen[0] << 8) | (dataLen[1]);
if (outPtr)
*outPtr = in;
}
#endif
break;

4
wolfcrypt/src/wc_port.c
View File

@@ -46,7 +46,7 @@
#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
#endif
#ifdef WOLFSSL_ATMEL
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
@@ -129,7 +129,7 @@ int wolfCrypt_Init(void)
}
#endif
#ifdef WOLFSSL_ATMEL
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A)
atmel_init();
#endif

34
wolfcrypt/src/wolfmath.c
View File

@@ -235,22 +235,46 @@ void wc_bigint_free(WC_BIGINT* a)
}
}
int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst)
/* sz: make sure the buffer is at least that size and zero padded.
* A `sz == 0` will use the size of `src`.
* The calulcates sz is stored into dst->len in `wc_bigint_alloc`.
*/
int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz)
{
int err;
word32 sz;
word32 x, y;
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
sz = mp_unsigned_bin_size(src);
/* get size of source */
x = mp_unsigned_bin_size(src);
if (sz < x)
sz = x;
/* make sure destination is allocated and large enough */
err = wc_bigint_alloc(dst, sz);
if (err == MP_OKAY)
err = mp_to_unsigned_bin(src, dst->buf);
if (err == MP_OKAY) {
/* leading zero pad */
y = sz - x;
XMEMSET(dst->buf, 0, y);
/* export src as unsigned bin to destination buf */
err = mp_to_unsigned_bin(src, dst->buf + y);
}
return err;
}
int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst)
{
if (src == NULL || dst == NULL)
return BAD_FUNC_ARG;
return wc_mp_to_bigint_sz(src, dst, 0);
}
int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst)
{
int err;

48
wolfcrypt/test/test.c
View File

@@ -954,6 +954,11 @@ initDefaultName();
wolfAsync_DevClose(&devId);
#endif
/* cleanup the thread if fixed point cache is enabled and have thread local */
#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
wc_ecc_fp_free();
#endif
((func_args*)args)->return_code = ret;
EXIT_TEST(ret);
@@ -965,6 +970,7 @@ initDefaultName();
/* so overall tests can pull in test function */
int main(int argc, char** argv)
{
int ret;
func_args args;
#ifdef HAVE_WNR
@@ -977,7 +983,10 @@ initDefaultName();
args.argc = argc;
args.argv = argv;
wolfCrypt_Init();
if ((ret = wolfCrypt_Init()) != 0) {
printf("wolfCrypt_Init failed %d\n", ret);
err_sys("Error with wolfCrypt_Init!\n", -1003);
}
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, wolfcrypt_test);
@@ -985,13 +994,14 @@ initDefaultName();
wolfcrypt_test(&args);
#endif
if (wolfCrypt_Cleanup() != 0) {
err_sys("Error with wolfCrypt_Cleanup!\n", -1003);
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", ret);
err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
}
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context", -1004);
err_sys("Failed to free netRandom context", -1005);
#endif /* HAVE_WNR */
return args.return_code;
@@ -6118,7 +6128,7 @@ int aesgcm_test(void)
};
/* FIPS, QAT and STM32F2/4 HW Crypto only support 12-byte IV */
#if !defined(HAVE_FIPS) && !defined(HAVE_INTEL_QA) && \
#if !defined(HAVE_FIPS) && \
!defined(STM32_CRYPTO) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
!defined(WOLFSSL_XILINX_CRYPT)
@@ -12136,6 +12146,15 @@ int openssl_test(void)
int outlen ;
int total = 0;
EVP_CIPHER_CTX_init(&en);
if (EVP_CipherInit(&en, EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return -5960;
/* openSSL compatibility, if(inlen == 0)return 1; */
if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen,
(byte*)cbcPlain, 0) != 1)
return -5960;
EVP_CIPHER_CTX_init(&en);
if (EVP_CipherInit(&en, EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
@@ -12259,6 +12278,7 @@ int openssl_test(void)
if (XMEMCMP(plain, cbcPlain, 18))
return -3448;
}
#endif /* WOLFSSL_AES_128 */
#endif /* ifndef NO_AES */
@@ -13967,6 +13987,13 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
if (ret != 0)
goto done;
/* only perform the below tests if the key size matches */
if (dp == NULL && keySize > 0 && wc_ecc_size(&userA) != keySize) {
ret = ECC_CURVE_OID_E;
goto done;
}
#ifdef HAVE_ECC_DHE
x = ECC_SHARED_SIZE;
do {
@@ -14566,12 +14593,14 @@ static int ecc_exp_imp_test(ecc_key* key)
goto done;
}
#ifndef HAVE_SELFTEST
/* test import of public */
ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
if (ret != 0) {
ret = -6638;
goto done;
}
#endif
wc_ecc_free(&keyImp);
wc_ecc_init(&keyImp);
@@ -14585,12 +14614,14 @@ static int ecc_exp_imp_test(ecc_key* key)
goto done;
}
#ifndef HAVE_SELFTEST
/* test import of private and public */
ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1);
if (ret != 0) {
ret = -6640;
goto done;
}
#endif
done:
wc_ecc_free(&keyImp);
@@ -14941,11 +14972,16 @@ static int ecc_test_custom_curves(WC_RNG* rng)
}
#endif
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
if (ret != 0) {
return -6715;
}
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key,
sizeof(eccKeyExplicitCurve));
if (ret != 0)
return -6715;
return -6716;
wc_ecc_free(&key);

7
wolfssl/wolfcrypt/ecc.h
View File

@@ -122,6 +122,7 @@ enum {
/* max crypto hardware size */
#ifdef WOLFSSL_ATECC508A
ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2)
#elif defined(PLUTON_CRYPTO_ECC)
ECC_MAX_CRYPTO_HW_SIZE = 32,
#endif
@@ -316,7 +317,7 @@ struct ecc_key {
mp_int k; /* private key */
#ifdef WOLFSSL_ATECC508A
int slot; /* Key Slot Number (-1 unknown) */
byte pubkey_raw[PUB_KEY_SIZE];
byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
#endif
#ifdef PLUTON_CRYPTO_ECC
int devId;
@@ -325,6 +326,10 @@ struct ecc_key {
mp_int* r; /* sign/verify temps */
mp_int* s;
WC_ASYNC_DEV asyncDev;
#ifdef HAVE_CAVIUM_V
mp_int* e; /* Sign, Verify and Shared Secret */
mp_int* signK;
#endif
#ifdef WOLFSSL_CERT_GEN
CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
#endif

4
wolfssl/wolfcrypt/hmac.h
View File

@@ -157,10 +157,6 @@ typedef struct Hmac {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
word16 keyLen; /* hmac key length (key in ipad) */
#ifdef HAVE_CAVIUM
byte* data; /* buffered input data for one call */
word16 dataLen;
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
} Hmac;

8
wolfssl/wolfcrypt/wolfevent.h
View File

@@ -29,9 +29,6 @@
#ifndef SINGLE_THREADED
#include <wolfssl/wolfcrypt/wc_port.h>
#endif
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
@@ -74,7 +71,10 @@ struct WOLF_EVENT {
#endif
} dev;
#ifdef HAVE_CAVIUM
CavReqId reqId;
word64 reqId;
#ifdef WOLFSSL_NITROX_DEBUG
word32 pendCount;
#endif
#endif
#ifndef WC_NO_ASYNC_THREADING
pthread_t threadId;

1
wolfssl/wolfcrypt/wolfmath.h
View File

@@ -61,6 +61,7 @@
void wc_bigint_free(WC_BIGINT* a);
int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst);
int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz);
int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst);
#endif /* HAVE_WOLF_BIGINT */