WolfSSL
/
wolfcrypt-jni
mirror of https://github.com/wolfSSL/wolfcrypt-jni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #81 from cconlon/1.7release 

Prep for 1.7 Release
pull/82/head v1.7.0-stable
JacobBarthelmeh 2024-11-11 14:29:18 -07:00 committed by GitHub
parent 280032df17 2cb30f76e1
commit b75d8aa738
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 592 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog.md
View File

@ -1,3 +1,27 @@
### wolfCrypt JNI Release 1.7.0 (11/11/2024)
Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
**New JCE Functionality:**
- New WolfSSLKeyStore (WKS) KeyStore implementation for FIPS 140-2/3 compliance (PR 67)
**JNI and JCE Changes:**
- Remove call to BigInteger.longValueExact(), not available on some Java versions (PR 76)
- Detect `RSA_MIN_SIZE` in tests, add `Rsa.RSA_MIN_SIZE` helper (PR 77)
- Fix pointer use in native `X509CheckPrivateKey()` (PR 80)
**Example Changes:**
- Set keytool path correctly in `system-cacerts-to-wks.sh` (PR 78)
- Add example Android Studio project (IDE/Android) (PR 79)
**Testing Changes:**
- Run Facebook Infer on pull requests with GitHub Actions (PR 74)
- Add Android Gradle build with GitHub Actions to run on all pull requests (PR 79)
The wolfCrypt JNI/JCE Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
instructions and more details comments, please check the manual.
### wolfCrypt JNI Release 1.6.0 (4/17/2024)
Release 1.6.0 of wolfCrypt JNI and JCE has bug fixes and new features including:

31
IDE/WIN/README.md
View File

@ -137,8 +137,12 @@ section titled `/* Configuration */`:
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
After editing and saving the `user_settings.h` file, select one of the following
DLL Library configurations and build the wolfSSL library solution:
@ -204,8 +208,12 @@ and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
6. Build the `wolfssl-fips` project, which will create a DLL in one of the
following locations:
@ -230,19 +238,20 @@ in the wolfCrypt tests successfully running.
See the FIPS User Guide for more details on the FIPS verifyCore hash, or
email support@wolfssl.com.
## wolfSSL FIPS 140-3 (Upcoming)
## wolfSSL FIPS 140-3 (Certificate #4718)
To build a version of wolfSSL that has been submitted for FIPS 140-3, use
the Visual Studio solution file under the `IDE\WIN10` directory inside the
wolfSSL package:
To build a wolfSSL FIPS 140-3 variant for use with FIPS 140-3 certificate
#4718, use the Visual Studio solution file located in the `IDE/WIN10`
directory inside the wolfSSL package:
```
<wolfssl>\IDE\WIN10\wolfssl-fips.sln
```
Follow instructions in the above section for 140-2 / 3389, except use the
following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
`HAVE_FIPS_VERSION_MINOR` in `user_settings.h`:
following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`,
`HAVE_FIPS_VERSION_MAJOR`, `HAVE_FIPS_VERSION_MINOR`, and
`HAVE_FIPS_VERSION_PATCH` in `user_settings.h`:
```
#if 1
@ -250,8 +259,12 @@ following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 5
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR 5
#undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 1
#define HAVE_FIPS_VERSION_MINOR 2
#undef HAVE_FIPS_VERSION_PATCH
#define HAVE_FIPS_VERSION_PATCH 0
#endif
```
@ -261,8 +274,12 @@ The following additional defines will also need to be added to
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
For additional help, contact support@wolfssl.com.
# Building wolfCrypt JNI/JCE Library

1
IDE/WIN/wolfcryptjni.vcxproj
View File

@ -78,6 +78,7 @@
<ClCompile Include="..\..\jni\jni_feature_detect.c" />
<ClCompile Include="..\..\jni\jni_fips.c" />
<ClCompile Include="..\..\jni\jni_hmac.c" />
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c" />
<ClCompile Include="..\..\jni\jni_logging.c" />
<ClCompile Include="..\..\jni\jni_md5.c" />
<ClCompile Include="..\..\jni\jni_native_struct.c" />

3
IDE/WIN/wolfcryptjni.vcxproj.filters
View File

@ -170,5 +170,8 @@
<ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

2
README.md
View File

@ -208,7 +208,7 @@ on the current release):
<dependency>
<groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</dependency>
</dependencies>
...

2
build.xml
View File

@ -19,7 +19,7 @@
<!-- versioning/manifest properties -->
<property name="implementation.vendor" value="wolfSSL Inc." />
<property name="implementation.title" value="wolfCrypt JNI" />
<property name="implementation.version" value="1.6" />
<property name="implementation.version" value="1.7" />
<!-- set properties for this build -->
<property name="src.dir" value="src/main/java/" />

2
examples/WindowsConfig.bat
View File

@ -9,7 +9,7 @@
:: included by other example .bat files.
:: wolfSSL Normal non-FIPS (DLL Debug x64)
SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\x64
SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\DLL Debug\x64
SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\x64
:: wolfSSL Normal non-FIPS (DLL Release x64)

14
examples/certs/systemcerts/system-cacerts-to-wks.sh
View File

@ -29,9 +29,19 @@ export DYLD_LIBRARY_PATH=../../../lib:$DYLD_LIBRARY_PATH
OUTDIR=`pwd`
# First argument can be passed in to represent path to
# wolfcrypt-jni.jar provider JAR. If not given, use default.
if [ -z "$1" ]; then
# default wolfcrypt-jni.jar path
PROVIDER_PATH="../../../lib/wolfcrypt-jni.jar"
else
# use custom provider path
PROVIDER_PATH=$1
fi
# ARGS: <input-keystore-name> <output-keystore-name> <in-password> <out-password> <java home>
jks_to_wks() {
${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath ../../../lib/wolfcrypt-jni.jar &> /dev/null
${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath "$PROVIDER_PATH"
if [ $? -ne 0 ]; then
printf "Failed to convert JKS to WKS!"
exit 1
@ -58,6 +68,8 @@ else
javaHome="$JAVA_HOME"
fi
echo "PROVIDER_PATH: $PROVIDER_PATH"
# Set up Java include and library paths for OS X and Linux
# NOTE: you may need to modify these if your platform uses different locations
if [ "$OS" == "Darwin" ]; then

4
jni/jni_ecc.c
View File

@ -338,7 +338,9 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1export_1private(
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_private_only(ecc, output, &outputSz);
PRIVATE_KEY_LOCK();
}
if (ret == 0) {
@ -1054,7 +1056,9 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1private_1ke
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_EccPrivateKeyToDer(ecc, derKey, derKeySz);
PRIVATE_KEY_LOCK();
if (ret >= 0) {
derKeySz = ret;
ret = 0;

522
jni/jni_fips.c
View File

@ -218,7 +218,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetKey_1fips__Lcom_wol
if (!aes || !key)
return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetKey_fips(aes, key, (word32)size, iv, dir);
#else
ret = AesSetKey_fips(aes, key, (word32)size, iv, dir);
#endif
LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes,
dir ? "dec" : "enc", ret);
@ -253,8 +257,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetKey_1fips__Lcom_wol
key = getByteArray(env, key_buffer);
iv = getByteArray(env, iv_buffer);
ret = (!aes || !key) ? BAD_FUNC_ARG
: AesSetKey_fips(aes, key, (word32)size, iv, dir);
if (aes == NULL || key == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetKey_fips(aes, key, (word32)size, iv, dir);
#else
ret = AesSetKey_fips(aes, key, (word32)size, iv, dir);
#endif
}
LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes,
dir ? "dec" : "enc", ret);
@ -294,7 +306,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lco
return BAD_FUNC_ARG;
}
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetExtIV_fips(aes, iv, (word32)size);
#else
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#endif
LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)size, iv);
@ -328,7 +344,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lco
return BAD_FUNC_ARG;
}
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetExtIV_fips(aes, iv, (word32)size);
#else
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#endif
LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)size, iv);
@ -362,7 +382,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetIV_1fips__Lcom_wolf
if (!aes || !iv)
return BAD_FUNC_ARG;
ret = AesSetIV_fips(aes, iv);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetIV_fips(aes, iv);
#else
ret = AesSetIV_fips(aes, iv);
#endif
LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv);
@ -391,8 +415,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetIV_1fips__Lcom_wolf
iv = getByteArray(env, iv_buffer);
ret = (!aes || !iv) ? BAD_FUNC_ARG
: AesSetIV_fips(aes, iv);
if (aes == NULL || iv == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetIV_fips(aes, iv);
#else
ret = AesSetIV_fips(aes, iv);
#endif
}
LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv);
@ -429,7 +461,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcEncrypt_1fips__Lcom
if (!aes || !out || !in)
return BAD_FUNC_ARG;
ret = AesCbcEncrypt_fips(aes, out, in, (word32) size);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcEncrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcEncrypt_fips(aes, out, in, (word32) size);
#endif
LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -463,9 +499,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcEncrypt_1fips__Lcom
out = getByteArray(env, out_buffer);
in = getByteArray(env, in_buffer);
ret = (!aes || !out || !in)
? BAD_FUNC_ARG
: AesCbcEncrypt_fips(aes, out, in, (word32) size);
if (aes == NULL || out == NULL || in == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcEncrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcEncrypt_fips(aes, out, in, (word32) size);
#endif
}
LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -505,7 +548,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcDecrypt_1fips__Lcom
if (!aes || !out || !in)
return BAD_FUNC_ARG;
ret = AesCbcDecrypt_fips(aes, out, in, (word32) size);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcDecrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcDecrypt_fips(aes, out, in, (word32) size);
#endif
LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -539,9 +586,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcDecrypt_1fips__Lcom
out = getByteArray(env, out_buffer);
in = getByteArray(env, in_buffer);
ret = (!aes || !out || !in)
? BAD_FUNC_ARG
: AesCbcDecrypt_fips(aes, out, in, (word32) size);
if (aes == NULL || out == NULL || in == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcDecrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcDecrypt_fips(aes, out, in, (word32) size);
#endif
}
LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -579,7 +633,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_
if (!aes || !key)
return BAD_FUNC_ARG;
ret = AesGcmSetKey_fips(aes, key, (word32)size);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetKey_fips(aes, key, (word32)size);
#else
ret = AesGcmSetKey_fips(aes, key, (word32)size);
#endif
LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret);
LogStr("key[%u]: [%p]\n", (word32)size, key);
@ -609,8 +667,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_
key = getByteArray(env, key_buffer);
ret = (!aes || !key) ? BAD_FUNC_ARG
: AesGcmSetKey_fips(aes, key, (word32)size);
if (aes == NULL || key == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetKey_fips(aes, key, (word32)size);
#else
ret = AesGcmSetKey_fips(aes, key, (word32)size);
#endif
}
LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret);
LogStr("key[%u]: [%p]\n", (word32)size, key);
@ -657,8 +723,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
return BAD_FUNC_ARG;
}
ret = AesGcmEncrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
authTag, (word32) authTagSz, authIn, (word32) authInSz);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmEncrypt_fips(aes, out, in, (word32)size, iv,
(word32) ivSz, authTag, (word32)authTagSz, authIn,
(word32)authInSz);
#else
ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
LogStr(
"AesGcmEncrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -714,8 +786,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
}
else {
ret = AesGcmEncrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
authTag, (word32) authTagSz, authIn, (word32) authInSz);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmEncrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
}
LogStr(
@ -776,8 +853,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmDecrypt_1fips__Lcom
|| (!authIn && authInSz))
return BAD_FUNC_ARG;
ret = AesGcmDecrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
authTag, (word32) authTagSz, authIn, (word32) authInSz);
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmDecrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
LogStr(
"AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -828,11 +910,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmDecrypt_1fips__Lcom
authIn = getByteArray(env, authIn_buffer);
if (!aes || !out || !in || (!iv && ivSz) || (!authTag && authTagSz)
|| (!authIn && authInSz))
|| (!authIn && authInSz)) {
ret = BAD_FUNC_ARG;
else
ret = AesGcmDecrypt_fips(aes, out, in, (word32) size, iv, (word32) ivSz,
authTag, (word32) authTagSz, authIn, (word32) authInSz);
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmDecrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
}
LogStr(
"AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -1196,7 +1285,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacSetKey_1fips__Lcom_wo
if (!hmac || !key)
return BAD_FUNC_ARG;
ret = HmacSetKey_fips(hmac, type, key, (word32)keySz);
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacSetKey_fips(hmac, type, key, (word32)keySz);
#else
ret = HmacSetKey_fips(hmac, type, key, (word32)keySz);
#endif
LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type,
ret);
@ -1227,8 +1320,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacSetKey_1fips__Lcom_wo
key = getByteArray(env, key_buffer);
ret = (!hmac || !key) ? BAD_FUNC_ARG
: HmacSetKey_fips(hmac, type, key, (word32)keySz);
if (hmac == NULL || key == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacSetKey_fips(hmac, type, key, (word32)keySz);
#else
ret = HmacSetKey_fips(hmac, type, key, (word32)keySz);
#endif
}
LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type,
ret);
@ -1264,7 +1365,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacUpdate_1fips__Lcom_wo
if (!hmac || !data)
return BAD_FUNC_ARG;
ret = HmacUpdate_fips(hmac, data, (word32)len);
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacUpdate_fips(hmac, data, (word32)len);
#else
ret = HmacUpdate_fips(hmac, data, (word32)len);
#endif
LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -1294,8 +1399,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacUpdate_1fips__Lcom_wo
data = getByteArray(env, data_buffer);
ret = (!hmac || !data) ? BAD_FUNC_ARG
: HmacUpdate_fips(hmac, data, (word32)len);
if (hmac == NULL || data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacUpdate_fips(hmac, data, (word32)len);
#else
ret = HmacUpdate_fips(hmac, data, (word32)len);
#endif
}
LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -1329,7 +1442,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacFinal_1fips__Lcom_wol
if (!hmac || !hash)
return BAD_FUNC_ARG;
ret = HmacFinal_fips(hmac, hash);
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacFinal_fips(hmac, hash);
#else
ret = HmacFinal_fips(hmac, hash);
#endif
LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret);
@ -1356,8 +1473,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacFinal_1fips__Lcom_wol
hash = getByteArray(env, hash_buffer);
ret = (!hmac || !hash) ? BAD_FUNC_ARG
: HmacFinal_fips(hmac, hash);
if (hmac == NULL || hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacFinal_fips(hmac, hash);
#else
ret = HmacFinal_fips(hmac, hash);
#endif
}
LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret);
@ -1387,7 +1512,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitRng_1fips(
return BAD_FUNC_ARG;
}
ret = InitRng_fips(rng);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitRng_fips(rng);
#else
ret = InitRng_fips(rng);
#endif
LogStr("InitRng_fips(rng=%p) = %d\n", rng, ret);
@ -1409,7 +1538,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_FreeRng_1fips(
return BAD_FUNC_ARG;
}
ret = FreeRng_fips(rng);
#if FIPS_VERSION_GT(5,0)
ret = wc_FreeRng_fips(rng);
#else
ret = FreeRng_fips(rng);
#endif
LogStr("FreeRng_fips(rng=%p) = %d\n", rng, ret);
@ -1440,7 +1573,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1GenerateBlock_1fips_
if (!rng || !buf)
return BAD_FUNC_ARG;
ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#else
ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#endif
LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret);
LogStr("output[%u]: [%p]\n", (word32)bufSz, buf);
@ -1470,8 +1607,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1GenerateBlock_1fips_
buf = getByteArray(env, buf_buffer);
ret = (!rng || !buf) ? BAD_FUNC_ARG
: RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
if (rng == NULL || buf == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#else
ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#endif
}
LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret);
LogStr("output[%u]: [%p]\n", (word32)bufSz, buf);
@ -1500,8 +1645,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1HealthTest_1fips__IL
if (!entropyA || (reseed && !entropyB) || !output)
return BAD_FUNC_ARG;
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz, entropyB,
(word32)entropyBSz, output, (word32)outputSz);
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#else
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#endif
LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, "
"entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret);
@ -1530,10 +1680,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1HealthTest_1fips__I_
const byte* entropyB = getByteArray(env, entropyB_object);
byte* output = getByteArray(env, output_object);
ret = (!entropyA || (reseed && !entropyB) || !output)
? BAD_FUNC_ARG
: RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz, entropyB,
(word32)entropyBSz, output, (word32)outputSz);
if (!entropyA || (reseed && !entropyB) || !output) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#else
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#endif
}
LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, "
"entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret);
@ -1577,7 +1735,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitRsaKey_1fips(
heap = getDirectBufferAddress(env, heap_object);
ret = InitRsaKey_fips(key, heap);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitRsaKey_fips(key, heap);
#else
ret = InitRsaKey_fips(key, heap);
#endif
LogStr("InitRsaKey_fips(key=%p, heap=%p) = %d\n", key, heap, ret);
@ -1599,7 +1761,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_FreeRsaKey_1fips(
return BAD_FUNC_ARG;
}
ret = FreeRsaKey_fips(key);
#if FIPS_VERSION_GT(5,0)
ret = wc_FreeRsaKey_fips(key);
#else
ret = FreeRsaKey_fips(key);
#endif
LogStr("FreeRsaKey_fips(key=%p) = %d\n", key, ret);
@ -1643,7 +1809,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips__Ljava
if (!in || !out)
return BAD_FUNC_ARG;
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen, key, rng);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
key, rng, ret);
@ -1699,8 +1871,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips___3BJ_
* Providing an rng is optional. RNG_GenerateBlock will return
* BAD_FUNC_ARG on a NULL rng if an RNG is needed by RsaPad.
*/
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
}
LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -1748,7 +1925,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Verify_1fips__Lja
if (!in || !out)
return BAD_FUNC_ARG;
ret = RsaSSL_Verify_fips(in, (word32)inLen, out, (word32)outLen, key);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret);
@ -1793,7 +1976,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Verify_1fips___3B
ret = BAD_FUNC_ARG;
}
else {
ret = RsaSSL_Verify_fips(in, (word32)inLen, out, (word32)outLen, key);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n",
key, ret);
@ -1824,7 +2013,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaEncryptSize_1fips(
return BAD_FUNC_ARG;
}
ret = RsaEncryptSize_fips(key);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaEncryptSize_fips(key);
#else
ret = RsaEncryptSize_fips(key);
#endif
LogStr("RsaEncryptSize_fips(key=%p) = %d\n", key, ret);
@ -2045,7 +2238,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha_1fips(
return BAD_FUNC_ARG;
}
ret = InitSha_fips(sha);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha_fips(sha);
#else
ret = InitSha_fips(sha);
#endif
#endif
@ -2072,7 +2269,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaUpdate_1fips__Lcom_wol
if (!data)
return BAD_FUNC_ARG;
ret = ShaUpdate_fips(sha, data, (word32)len);
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaUpdate_fips(sha, data, (word32)len);
#else
ret = ShaUpdate_fips(sha, data, (word32)len);
#endif
LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2101,8 +2302,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaUpdate_1fips__Lcom_wol
data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: ShaUpdate_fips(sha, data, (word32)len);
if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaUpdate_fips(sha, data, (word32)len);
#else
ret = ShaUpdate_fips(sha, data, (word32)len);
#endif
}
LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2134,7 +2343,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaFinal_1fips__Lcom_wolf
if (!hash)
return BAD_FUNC_ARG;
ret = ShaFinal_fips(sha, hash);
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaFinal_fips(sha, hash);
#else
ret = ShaFinal_fips(sha, hash);
#endif
LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash);
@ -2162,8 +2375,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaFinal_1fips__Lcom_wolf
hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: ShaFinal_fips(sha, hash);
if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaFinal_fips(sha, hash);
#else
ret = ShaFinal_fips(sha, hash);
#endif
}
LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash);
@ -2190,7 +2411,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha256_1fips(
return BAD_FUNC_ARG;
}
ret = InitSha256_fips(sha);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha256_fips(sha);
#else
ret = InitSha256_fips(sha);
#endif
#endif
@ -2217,7 +2442,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Update_1fips__Lcom_
if (!data)
return BAD_FUNC_ARG;
ret = Sha256Update_fips(sha, data, (word32)len);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Update_fips(sha, data, (word32)len);
#else
ret = Sha256Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2246,8 +2475,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Update_1fips__Lcom_
data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: Sha256Update_fips(sha, data, (word32)len);
if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Update_fips(sha, data, (word32)len);
#else
ret = Sha256Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2279,7 +2516,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Final_1fips__Lcom_w
if (!hash)
return BAD_FUNC_ARG;
ret = Sha256Final_fips(sha, hash);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Final_fips(sha, hash);
#else
ret = Sha256Final_fips(sha, hash);
#endif
LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash);
@ -2306,8 +2547,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Final_1fips__Lcom_w
}
hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha256Final_fips(sha, hash);
if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Final_fips(sha, hash);
#else
ret = Sha256Final_fips(sha, hash);
#endif
}
LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash);
@ -2334,7 +2584,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha384_1fips(
return BAD_FUNC_ARG;
}
ret = InitSha384_fips(sha);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha384_fips(sha);
#else
ret = InitSha384_fips(sha);
#endif
#endif
@ -2361,7 +2615,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Update_1fips__Lcom_
if (!data)
return BAD_FUNC_ARG;
ret = Sha384Update_fips(sha, data, (word32)len);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Update_fips(sha, data, (word32)len);
#else
ret = Sha384Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2389,8 +2647,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Update_1fips__Lcom_
}
data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: Sha384Update_fips(sha, data, (word32)len);
if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Update_fips(sha, data, (word32)len);
#else
ret = Sha384Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2422,7 +2689,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Final_1fips__Lcom_w
if (!hash)
return BAD_FUNC_ARG;
ret = Sha384Final_fips(sha, hash);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Final_fips(sha, hash);
#else
ret = Sha384Final_fips(sha, hash);
#endif
LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash);
@ -2449,8 +2720,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Final_1fips__Lcom_w
}
hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha384Final_fips(sha, hash);
if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Final_fips(sha, hash);
#else
ret = Sha384Final_fips(sha, hash);
#endif
}
LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash);
@ -2477,7 +2757,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha512_1fips(
return BAD_FUNC_ARG;
}
ret = InitSha512_fips(sha);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha512_fips(sha);
#else
ret = InitSha512_fips(sha);
#endif
#endif
@ -2504,7 +2788,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Update_1fips__Lcom_
if (!data)
return BAD_FUNC_ARG;
ret = Sha512Update_fips(sha, data, (word32)len);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Update_fips(sha, data, (word32)len);
#else
ret = Sha512Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2532,8 +2820,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Update_1fips__Lcom_
}
data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: Sha512Update_fips(sha, data, (word32)len);
if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Update_fips(sha, data, (word32)len);
#else
ret = Sha512Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2565,7 +2862,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Final_1fips__Lcom_w
if (!hash)
return BAD_FUNC_ARG;
ret = Sha512Final_fips(sha, hash);
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Final_fips(sha, hash);
#else
ret = Sha512Final_fips(sha, hash);
#endif
LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash);
@ -2592,8 +2893,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Final_1fips__Lcom_w
}
hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha512Final_fips(sha, hash);
if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Final_fips(sha, hash);
#else
ret = Sha512Final_fips(sha, hash);
#endif
}
LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash);
@ -2671,8 +2981,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPublicEncrypt_1fips__L
if (!in || !out)
return BAD_FUNC_ARG;
ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
LogStr(
"RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -2717,10 +3032,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPublicEncrypt_1fips___
* Providing an rng is optional. RNG_GenerateBlock will return BAD_FUNC_ARG
* on a NULL rng if an RNG is needed by RsaPad.
*/
ret = (!in || !out)
? BAD_FUNC_ARG
: RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
if (in == NULL || out == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
}
LogStr(
"RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -2761,7 +3084,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPrivateDecrypt_1fips__
if (!in || !out)
return BAD_FUNC_ARG;
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out, (word32)outLen, key);
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret);
@ -2795,9 +3124,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPrivateDecrypt_1fips__
in = getByteArray(env, in_object);
out = getByteArray(env, out_object);
ret = (!in || !out)
? BAD_FUNC_ARG
: RsaPrivateDecrypt_fips(in, (word32)inLen, out, (word32)outLen, key);
if (in == NULL || out == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
}
LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret);

4
jni/jni_jce_wolfsslkeystore.c
View File

@ -96,9 +96,11 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_provider_jce_WolfSSLKeyStore_X509Che
}
if (ret == WOLFSSL_SUCCESS) {
PRIVATE_KEY_UNLOCK();
ret = wolfSSL_X509_check_private_key(x509, key);
PRIVATE_KEY_LOCK();
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "Native wolfSSL_X509_check_private_key() failed");
fprintf(stderr, "Native wolfSSL_X509_check_private_key() failed: %d", ret);
}
}

4
pom.xml
View File

@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>wolfcrypt-jni</name>
<url>https://www.wolfssl.com</url>
@ -30,6 +30,8 @@
</dependencies>
<build>
<sourceDirectory>./src/main/java</sourceDirectory>
<testSourceDirectory>./src/test/java</testSourceDirectory>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>

2
scripts/infer.sh
View File

@ -77,7 +77,7 @@ infer --fail-on-issue run -- javac \
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptRandom.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptSecretKeyFactory.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java
src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java \
src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
RETVAL=$?

2
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
View File

@ -36,7 +36,7 @@ public final class WolfCryptProvider extends Provider {
* Create new WolfCryptProvider object
*/
public WolfCryptProvider() {
super("wolfJCE", 1.6, "wolfCrypt JCE Provider");
super("wolfJCE", 1.7, "wolfCrypt JCE Provider");
/* MessageDigest */
if (FeatureDetect.Md5Enabled()) {

8
src/main/java/com/wolfssl/wolfcrypt/Chacha.java
View File

@ -150,10 +150,12 @@ public class Chacha extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_Chacha_setKey(Key);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_Chacha_setKey(Key);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**

40
src/main/java/com/wolfssl/wolfcrypt/Curve25519.java
View File

@ -166,10 +166,12 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_curve25519_make_key(rng, size);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_curve25519_make_key(rng, size);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -189,10 +191,12 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_curve25519_make_key_ex(rng, size, endian);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_curve25519_make_key_ex(rng, size, endian);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -230,10 +234,12 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_curve25519_import_private(privKey, xKey);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_curve25519_import_private(privKey, xKey);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -252,10 +258,12 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_curve25519_import_private_only(privKey);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_curve25519_import_private_only(privKey);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -274,10 +282,12 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_curve25519_import_public(pubKey);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_curve25519_import_public(pubKey);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**

32
src/main/java/com/wolfssl/wolfcrypt/Ed25519.java
View File

@ -165,10 +165,12 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_ed25519_make_key(rng, size);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_ed25519_make_key(rng, size);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -208,10 +210,12 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_ed25519_import_private(privKey, Key);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_ed25519_import_private(privKey, Key);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -230,10 +234,12 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_ed25519_import_private_only(privKey);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_ed25519_import_private_only(privKey);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**
@ -252,10 +258,12 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize();
throwIfKeyExists();
synchronized (pointerLock) {
wc_ed25519_import_public(Key);
synchronized (stateLock) {
synchronized (pointerLock) {
wc_ed25519_import_public(Key);
}
state = WolfCryptState.READY;
}
state = WolfCryptState.READY;
}
/**

5
src/main/java/com/wolfssl/wolfcrypt/WolfCryptError.java
View File

@ -341,8 +341,11 @@ public enum WolfCryptError {
/** DH KAT failure */
DH_KAT_FIPS_E (-256),
/** Cannot export private key */
FIPS_PRIVATE_KEY_LOCKED_E (-287),
/** Update this to indicate last error */
WC_LAST_E (-256),
WC_LAST_E (-299),
/** errors -101 - -299 */
MIN_CODE_E (-300);

29
src/test/java/com/wolfssl/provider/jce/test/WolfSSLKeyStoreTest.java
View File

@ -66,6 +66,11 @@ import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import com.wolfssl.provider.jce.WolfCryptProvider;
public class WolfSSLKeyStoreTest {
@ -173,6 +178,17 @@ public class WolfSSLKeyStoreTest {
return false;
}
/**
* Test if this environment is Windows.
* @return true if Windows, otherwise false.
*/
private static boolean isWindows() {
if (System.getProperty("os.name").startsWith("Windows")) {
return true;
}
return false;
}
/**
* Read in and convert DER private key into PrivateKey object.
*
@ -1423,7 +1439,9 @@ public class WolfSSLKeyStoreTest {
String scriptName = "system-cacerts-to-wks.sh";
String cacertsWKS = "cacerts.wks";
String jssecacertsWKS = "jssecacerts.wks";
String cmd = "cd " + userDir + scriptDir + " && /bin/sh " + scriptName;
String providerJARPath = "/lib/wolfcrypt-jni.jar";
String cmd = "cd " + userDir + scriptDir + " && /bin/sh " + scriptName +
" " + userDir + providerJARPath;
KeyStore store = null;
String cacertsPass = "changeitchangeit";
File cacertFile = null;
@ -1432,6 +1450,15 @@ public class WolfSSLKeyStoreTest {
* and cacert gen script won't be there. */
Assume.assumeTrue(!isAndroid());
/* Skip running this test on Windows until portabiliy of running
* above script is figured out. */
Assume.assumeTrue(!isWindows());
/* Skip of wolfcrypt-jni.jar does not exist. This can happen if we
* are running via 'mvn test' and the jar has not been created yet */
File jarFile = new File(userDir + providerJARPath);
Assume.assumeTrue(jarFile.exists());
assertNotNull(userDir);
/* Call system-cacerts-to-wks.sh script, converts system cacerts