WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Various portability improvements: 

* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
pull/4961/head
David Garske 2022-03-17 14:00:55 -07:00
parent aa8e5a29d4
commit 3fba5d17c3
10 changed files with 85 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@ -86,15 +86,15 @@ else
fi
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
AC_CHECK_LIB([network],[socket])
AC_C_BIGENDIAN
# check if functions of interest are linkable, but also check if
# they're declared by the expected headers, and if not, supersede the
# unusable positive from AC_CHECK_FUNCS().
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime atexit])
AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit])
AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime], [], [
if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
then
AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])

3
cyassl/ctaocrypt/settings.h
View File

@ -350,9 +350,6 @@
#ifdef CYASSL_GAME_BUILD
#define SIZEOF_LONG_LONG 8
#if defined(__PPU) || defined(__XENON)
#define BIG_ENDIAN_ORDER
#endif
#endif
#ifdef CYASSL_LSR

12
src/internal.c
View File

@ -6734,7 +6734,7 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wc_curve448_free((curve448_key*)*pKey);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_free((falcon_key*)*pKey);
break;
@ -6801,7 +6801,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
sz = sizeof(curve448_key);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
sz = sizeof(falcon_key);
break;
@ -6851,7 +6851,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
ret = 0;
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_init((falcon_key*)*pKey);
ret = 0;
@ -7878,7 +7878,7 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
}
DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 epoch, word32 seq)
DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq)
{
WOLFSSL_ENTER("DtlsMsgFind()");
while (head != NULL && !(head->epoch == epoch && head->seq == seq)) {
@ -7888,7 +7888,7 @@ DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 epoch, word32 seq)
}
void DtlsMsgStore(WOLFSSL* ssl, word32 epoch, word32 seq, const byte* data,
void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq, const byte* data,
word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
{
/* See if seq exists in the list. If it isn't in the list, make
@ -13091,7 +13091,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
{

43
src/ssl.c
View File

@ -2411,7 +2411,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
/* Add some bytes so that we can operate with slight difference
* in set MTU size on each peer */
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx,
ssl->dtlsMtuSz + DTLS_MTU_ADDITIONAL_READ_BUFFER);
ssl->dtlsMtuSz + (word32)DTLS_MTU_ADDITIONAL_READ_BUFFER);
#endif
}
#endif
@ -5070,7 +5070,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (cm->minFalconKeySz < 0 ||
FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
@ -5396,7 +5396,7 @@ int wolfSSL_Init(void)
WOLFSSL_ENTER("wolfSSL_Init");
#if defined(HAVE_FIPS_VERSION) && ((HAVE_FIPS_VERSION > 5) || ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR >= 1)))
#if FIPS_VERSION_GE(5,1)
ret = wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL);
if (ret != 0)
return ret;
@ -15275,7 +15275,7 @@ int wolfSSL_Cleanup(void)
ret = WC_CLEANUP_E;
}
#if defined(HAVE_FIPS_VERSION) && ((HAVE_FIPS_VERSION > 5) || ((HAVE_FIPS_VERSION == 5) && (HAVE_FIPS_VERSION_MINOR >= 1)))
#if FIPS_VERSION_GE(5,1)
if (wolfCrypt_SetPrivateKeyReadEnable_fips(0, WC_KEYTYPE_ALL) < 0) {
if (ret == WOLFSSL_SUCCESS)
ret = WC_CLEANUP_E;
@ -21701,7 +21701,9 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
/* used by JSSE (not a standard compatibility function) */
WOLFSSL_ABI
@ -21737,6 +21739,19 @@ const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
return x509->notAfterData;
}
int wolfSSL_X509_version(WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_X509_version");
if (x509 == NULL)
return 0;
return x509->version;
}
#endif
#ifdef OPENSSL_EXTRA
/* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate
*
* outSz : gets set to the size of the buffer
@ -21771,16 +21786,6 @@ const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz)
return tbs;
}
int wolfSSL_X509_version(WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_X509_version");
if (x509 == NULL)
return 0;
return x509->version;
}
#ifdef WOLFSSL_SEP
/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
@ -58576,7 +58581,8 @@ int wolfSSL_RAND_write_file(const char* fname)
#ifndef FREERTOS_TCP
/* These constant values are protocol values made by egd */
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(NETOS)
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
defined(HAVE_HASHDRBG) && !defined(NETOS) && defined(HAVE_SYS_UN_H)
#define WOLFSSL_EGD_NBLOCK 0x01
#include <sys/un.h>
#endif
@ -58589,8 +58595,7 @@ int wolfSSL_RAND_write_file(const char* fname)
*/
int wolfSSL_RAND_egd(const char* nm)
{
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
defined(HAVE_HASHDRBG)
#ifdef WOLFSSL_EGD_NBLOCK
struct sockaddr_un rem;
int fd;
int ret = WOLFSSL_SUCCESS;
@ -58728,7 +58733,7 @@ int wolfSSL_RAND_egd(const char* nm)
(void)nm;
return WOLFSSL_FATAL_ERROR;
#endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */
#endif /* WOLFSSL_EGD_NBLOCK */
}
#endif /* !FREERTOS_TCP */

2
wolfcrypt/src/pkcs12.c
View File

@ -512,7 +512,7 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
int id = 3; /* value from RFC 7292 indicating key is used for MAC */
word32 i;
byte unicodePasswd[MAX_UNICODE_SZ];
byte key[MAX_KEY_SIZE];
byte key[PKCS_MAX_KEY_SIZE];
if (pkcs12 == NULL || pkcs12->signData == NULL || data == NULL ||
out == NULL) {

26
wolfcrypt/src/wc_encrypt.c
View File

@ -381,7 +381,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
#ifdef WOLFSSL_SMALL_STACK
byte* key;
#else
byte key[MAX_KEY_SIZE];
byte key[PKCS_MAX_KEY_SIZE];
#endif
(void)input;
@ -469,7 +469,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
}
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
key = (byte*)XMALLOC(PKCS_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
#endif
@ -494,7 +494,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
byte unicodePasswd[MAX_UNICODE_SZ];
if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -519,7 +519,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
}
#endif /* HAVE_PKCS12 */
default:
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -528,7 +528,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
} /* switch (version) */
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -554,7 +554,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -582,7 +582,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -595,7 +595,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -608,7 +608,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_Des3_CbcDecrypt(&des, input, input, length);
}
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -669,7 +669,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -692,7 +692,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
if (ret != 0) {
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -704,7 +704,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
#endif
default:
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -712,7 +712,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
return ALGO_ID_E;
}
ForceZero(key, MAX_KEY_SIZE);
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

38
wolfssl/internal.h
View File

@ -1805,14 +1805,22 @@ enum {
#endif
/* give user option to use 16K static buffers */
#if defined(LARGE_STATIC_BUFFERS)
#define RECORD_SIZE MAX_RECORD_SIZE
/* determine maximum record size */
#ifdef RECORD_SIZE
/* user supplied value */
#if RECORD_SIZE < 128 || RECORD_SIZE > MAX_RECORD_SIZE
#error Invalid record size
#endif
#else
#ifdef WOLFSSL_DTLS
#define RECORD_SIZE MAX_MTU
/* give user option to use 16K static buffers */
#if defined(LARGE_STATIC_BUFFERS)
#define RECORD_SIZE MAX_RECORD_SIZE
#else
#define RECORD_SIZE 128
#ifdef WOLFSSL_DTLS
#define RECORD_SIZE MAX_MTU
#else
#define RECORD_SIZE 128
#endif
#endif
#endif
@ -1835,7 +1843,13 @@ enum {
The length (in bytes) of the following TLSPlaintext.fragment.
The length should not exceed 2^14.
*/
#if defined(LARGE_STATIC_BUFFERS)
#ifdef STATIC_BUFFER_LEN
/* user supplied option */
#if STATIC_BUFFER_LEN < 5 || STATIC_BUFFER_LEN > (RECORD_HEADER_SZ + \
RECORD_SIZE + COMP_EXTRA + MTU_EXTRA + MAX_MSG_EXTRA))
#error Invalid static buffer length
#endif
#elif defined(LARGE_STATIC_BUFFERS)
#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
MTU_EXTRA + MAX_MSG_EXTRA
#else
@ -4047,8 +4061,9 @@ struct WOLFSSL_X509 {
WOLFSSL_X509_ALGOR algor;
WOLFSSL_X509_PUBKEY key;
#endif
#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
defined(SESSION_CERTS)
#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
byte notBeforeData[CTC_DATE_SIZE];
byte notAfterData[CTC_DATE_SIZE];
#endif
@ -4936,8 +4951,9 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch,
const byte* data, byte type,
word32 fragOffset, word32 fragSz, void* heap);
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 epoch, word32 seq);
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL* ssl, word32 epoch, word32 seq,
WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq);
WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq,
const byte* data, word32 dataSz, byte type,
word32 fragOffset, word32 fragSz,
void* heap);

8
wolfssl/wolfcrypt/asn.h
View File

@ -2278,8 +2278,12 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
#if !defined(NO_ASN) || !defined(NO_PWDBASED)
#ifndef MAX_KEY_SIZE
#define MAX_KEY_SIZE 64 /* MAX PKCS Key length */
#ifndef PKCS_MAX_KEY_SIZE
#define PKCS_MAX_KEY_SIZE 64 /* MAX PKCS Key length */
#endif
#if !defined(WOLFSSL_GAME_BUILD) && !defined(MAX_KEY_SIZE)
/* for backwards compatibility */
#define MAX_KEY_SIZE PKCS_MAX_KEY_SIZE
#endif
#ifndef MAX_UNICODE_SZ
#define MAX_UNICODE_SZ 256

3
wolfssl/wolfcrypt/settings.h
View File

@ -915,9 +915,6 @@ extern void uITRON4_free(void *p) ;
#ifdef WOLFSSL_GAME_BUILD
#define SIZEOF_LONG_LONG 8
#if defined(__PPU) || defined(__XENON)
#define BIG_ENDIAN_ORDER
#endif
#endif
#ifdef WOLFSSL_LSR

6
wolfssl/wolfcrypt/wc_port.h
View File

@ -882,7 +882,11 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif
#if !defined(XGMTIME) && !defined(TIME_OVERRIDES)
/* Always use gmtime_r if available. */
#if defined(HAVE_GMTIME_R)
#if defined(HAVE_GMTIME_S)
/* reentrant version */
#define XGMTIME(c, t) gmtime_s((c), (t))
#define NEED_TMP_TIME
#elif defined(HAVE_GMTIME_R)
#define XGMTIME(c, t) gmtime_r((c), (t))
#define NEED_TMP_TIME
#else