From 9c9978ce9f7e56eb24daee462aecc4eac322834d Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 2 Oct 2017 18:07:49 +0900 Subject: [PATCH] OpenSSL Compatibility functions on PR#942. --- examples/echoclient/echoclient.h | 1 - src/internal.c | 7 +- src/ssl.c | 413 ++++++++++++++++++++++++++++++- tests/api.c | 268 +++++++++++++++++++- wolfcrypt/src/asn.c | 374 +--------------------------- wolfcrypt/src/evp.c | 24 ++ wolfcrypt/src/srp.c | 1 - wolfcrypt/src/wc_port.c | 206 +++++++++++++++ wolfssl/internal.h | 10 + wolfssl/openssl/bn.h | 5 +- wolfssl/openssl/evp.h | 9 + wolfssl/openssl/ssl.h | 11 + wolfssl/ssl.h | 24 +- wolfssl/wolfcrypt/asn.h | 3 + wolfssl/wolfcrypt/srp.h | 4 + wolfssl/wolfcrypt/wc_port.h | 134 ++++++++++ 16 files changed, 1106 insertions(+), 388 deletions(-) diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 2ad1d721a..146fd6a39 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -26,6 +26,5 @@ void echoclient_test(void* args); - #endif /* WOLFSSL_ECHOCLIENT_H */ diff --git a/src/internal.c b/src/internal.c index 11040556b..8786b6bb6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -39,6 +39,9 @@ #define WOLFSSL_MISC_INCLUDED #include #endif +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA) + #include +#endif #ifdef HAVE_LIBZ #include "zlib.h" @@ -2752,8 +2755,10 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) if (name->dynamicName) XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); #ifdef OPENSSL_EXTRA - if (name->fullName.fullName != NULL) + if (name->fullName.fullName != NULL){ XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509); + name->fullName.fullName = NULL; + } #endif /* OPENSSL_EXTRA */ } (void)heap; diff --git a/src/ssl.c b/src/ssl.c index 0edef2155..11d1297e5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -87,6 +87,11 @@ #ifdef WOLFSSL_SHA512 #include #endif + #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ + && !defined(WC_NO_RNG) + #include + #include + #endif #endif #ifdef NO_ASN @@ -249,7 +254,6 @@ int wolfSSL_send_session(WOLFSSL* ssl) static volatile int initRefCount = 0; static wolfSSL_Mutex count_mutex; /* init ref count mutex */ - /* Create a new WOLFSSL_CTX struct and return the pointer to created struct. WOLFSSL_METHOD pointer passed in is given to ctx to manage. This function frees the passed in WOLFSSL_METHOD struct on failure and on @@ -284,12 +288,24 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) wolfSSL_CTX_free(ctx); ctx = NULL; } + +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ + && !defined(NO_SHA256) && !defined(WC_NO_RNG) + ctx->srp = (Srp*) XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP); + if (ctx->srp == NULL){ + WOLFSSL_MSG("Init CTX failed"); + wolfSSL_CTX_free(ctx); + return NULL; + } + XMEMSET(ctx->srp, 0, sizeof(Srp)); +#endif } else { WOLFSSL_MSG("Alloc CTX failed, method freed"); XFREE(method, heap, DYNAMIC_TYPE_METHOD); } + WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0); return ctx; } @@ -309,8 +325,19 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) { WOLFSSL_ENTER("SSL_CTX_free"); +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ +&& !defined(NO_SHA256) && !defined(WC_NO_RNG) + if (ctx->srp != NULL){ + if (ctx->srp_password != NULL){ + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + } + wc_SrpTerm(ctx->srp); + XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); + } +#endif if (ctx) FreeSSL_Ctx(ctx); + WOLFSSL_LEAVE("SSL_CTX_free", 0); } @@ -11020,6 +11047,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return s->ca_names; } + #if !defined(NO_RSA) && !defined(NO_CERTS) WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname) { WOLFSSL_STACK *list = NULL; @@ -11070,6 +11098,53 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return list; } + int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) + { + WOLFSSL_STACK *node = NULL; + WOLFSSL_X509_NAME *subjectName = NULL; + + WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); + + if (ctx == NULL || x509 == NULL){ + WOLFSSL_MSG("Bad argument"); + return SSL_FAILURE; + } + + subjectName = wolfSSL_X509_get_subject_name(x509); + if (subjectName == NULL){ + WOLFSSL_MSG("invalid x509 data"); + return SSL_FAILURE; + } + + /* Alloc stack struct */ + node = (WOLF_STACK_OF(WOLFSSL_X509_NAME)*)XMALLOC( + sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)), + NULL, DYNAMIC_TYPE_OPENSSL); + if (node == NULL){ + WOLFSSL_MSG("memory allocation error"); + return SSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME))); + + /* Alloc and copy WOLFSSL_X509_NAME */ + node->data.name = (WOLFSSL_X509_NAME*)XMALLOC( + sizeof(WOLFSSL_X509_NAME), + NULL, DYNAMIC_TYPE_OPENSSL); + if (node->data.name == NULL) { + XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); + WOLFSSL_MSG("memory allocation error"); + return SSL_FAILURE; + } + XMEMCPY(node->data.name, subjectName, sizeof(WOLFSSL_X509_NAME)); + XMEMSET(subjectName, 0, sizeof(WOLFSSL_X509_NAME)); + + /* push new node onto head of stack */ + node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1; + node->next = ctx->ca_names; + ctx->ca_names = node; + return SSL_SUCCESS; + } + #endif int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) { @@ -11078,6 +11153,154 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_NOT_IMPLEMENTED; } + #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ + && !defined(WC_NO_RNG) + static const byte srp_N[] = { + 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, + 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, + 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6, + 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13, + 0xD6, 0x92, 0xC6, 0xE0, 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, + 0xE4, 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7, + 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 0xAD, 0x69, + 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, + 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, 0x68, 0xED, 0xBC, + 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, + 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, + 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 + }; + static const byte srp_g[] = { + 0x02 + }; + + int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username) + { + int r = 0; + int srp_side = 0; + WC_RNG rng; + byte salt[SRP_SALT_SIZE]; + + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_username"); + if (ctx == NULL || ctx->srp == NULL || username==NULL) + return SSL_FAILURE; + + if (ctx->method->side == WOLFSSL_SERVER_END){ + srp_side = SRP_SERVER_SIDE; + } else if (ctx->method->side == WOLFSSL_CLIENT_END){ + srp_side = SRP_CLIENT_SIDE; + } else { + WOLFSSL_MSG("Init CTX failed"); + return SSL_FAILURE; + } + + if (wc_SrpInit(ctx->srp, SRP_TYPE_SHA256, srp_side) < 0){ + WOLFSSL_MSG("Init CTX failed"); + XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); + wolfSSL_CTX_free(ctx); + return SSL_FAILURE; + } + r = wc_SrpSetUsername(ctx->srp, (const byte*)username, + (word32)XSTRLEN(username)); + if (r < 0) { + WOLFSSL_MSG("fail to set srp username."); + return SSL_FAILURE; + } + + /* if wolfSSL_CTX_set_srp_password has already been called, */ + /* execute wc_SrpSetPassword here */ + if (ctx->srp_password != NULL){ + if (wc_InitRng(&rng) < 0){ + WOLFSSL_MSG("wc_InitRng failed"); + return SSL_FAILURE; + } + XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); + if (wc_RNG_GenerateBlock(&rng, salt, + sizeof(salt)/sizeof(salt[0])) < 0){ + WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); + wc_FreeRng(&rng); + return SSL_FAILURE; + } + if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), + srp_g, sizeof(srp_g)/sizeof(srp_g[0]), + salt, sizeof(salt)/sizeof(salt[0])) < 0){ + WOLFSSL_MSG("wc_SrpSetParam failed"); + wc_FreeRng(&rng); + return SSL_FAILURE; + } + r = wc_SrpSetPassword(ctx->srp, + (const byte*)ctx->srp_password, + (word32)XSTRLEN((char *)ctx->srp_password)); + if (r < 0) { + WOLFSSL_MSG("fail to set srp password."); + return SSL_FAILURE; + } + wc_FreeRng(&rng); + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; + } + + return SSL_SUCCESS; + } + + int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) + { + int r; + WC_RNG rng; + byte salt[SRP_SALT_SIZE]; + + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_password"); + if (ctx == NULL || ctx->srp == NULL || password == NULL) + return SSL_FAILURE; + + if (ctx->srp->user != NULL){ + if (wc_InitRng(&rng) < 0){ + WOLFSSL_MSG("wc_InitRng failed"); + return SSL_FAILURE; + } + XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); + if (wc_RNG_GenerateBlock(&rng, salt, + sizeof(salt)/sizeof(salt[0])) < 0){ + WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); + wc_FreeRng(&rng); + return SSL_FAILURE; + } + if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), + srp_g, sizeof(srp_g)/sizeof(srp_g[0]), + salt, sizeof(salt)/sizeof(salt[0])) < 0){ + WOLFSSL_MSG("wc_SrpSetParam failed"); + wc_FreeRng(&rng); + return SSL_FAILURE; + } + r = wc_SrpSetPassword(ctx->srp, (const byte*)password, + (word32)XSTRLEN(password)); + if (r < 0) { + WOLFSSL_MSG("wc_SrpSetPassword failed."); + wc_FreeRng(&rng); + return SSL_FAILURE; + } + if (ctx->srp_password != NULL){ + XFREE(ctx->srp_password,NULL, + DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; + } + wc_FreeRng(&rng); + } else { + /* save password for wolfSSL_set_srp_username */ + if (ctx->srp_password != NULL) + XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP); + + ctx->srp_password = XMALLOC(XSTRLEN(password) + 1, + ctx->heap, + DYNAMIC_TYPE_SRP); + if (ctx->srp_password == NULL){ + WOLFSSL_MSG("memory allocation error"); + return SSL_FAILURE; + } + XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); + } + return SSL_SUCCESS; + } + #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ /* keyblock size in bytes or -1 */ int wolfSSL_get_keyblock_size(WOLFSSL* ssl) @@ -14553,6 +14776,7 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { } XFREE(sk, NULL, DYNAMIC_TYPE_X509); } + #endif /* NO_CERTS && OPENSSL_EXTRA */ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) @@ -16230,7 +16454,16 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->error = 0; ctx->error_depth = 0; ctx->discardSessionCerts = 0; - return WOLFSSL_SUCCESS; +#ifdef OPENSSL_EXTRA + ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), + NULL,DYNAMIC_TYPE_OPENSSL); + if (ctx->param == NULL){ + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed"); + return SSL_FATAL_ERROR; + } +#endif + return SSL_SUCCESS; } return WOLFSSL_FATAL_ERROR; } @@ -16245,6 +16478,11 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) wolfSSL_FreeX509(ctx->current_cert); if (ctx->chain != NULL) wolfSSL_sk_X509_free(ctx->chain); +#ifdef OPENSSL_EXTRA + if (ctx->param != NULL){ + XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); + } +#endif XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); } } @@ -16328,6 +16566,17 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err) (void)err; } +#ifdef OPENSSL_EXTRA +void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, + unsigned long flags, + time_t t) +{ + (void)flags; + + ctx->param->check_time = t; + ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; +} +#endif void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) { @@ -16475,6 +16724,94 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) } #endif /* WOLFSSL_MYSQL_COMPATIBLE */ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ +&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) && !defined(NO_FILESYSTEM) + +WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, + int offset_day, long offset_sec) +{ + const int sec_per_day = 24*60*60; + struct tm* ts = NULL; + struct tm* tmpTime = NULL; + time_t t_adj = 0; + time_t offset_day_sec = 0; + +#if defined(NEED_TMP_TIME) + struct tm tmpTimeStorage; + tmpTime = &tmpTimeStorage; +#else + (void)tmpTime; +#endif + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj"); + + if (s == NULL){ + s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_OPENSSL); + if (s == NULL){ + return NULL; + } + } + + /* compute GMT time with offset */ + offset_day_sec = offset_day * sec_per_day; + t_adj = t + offset_day_sec + offset_sec; + ts = (struct tm *)XGMTIME(&t_adj, tmpTime); + if (ts == NULL){ + WOLFSSL_MSG("failed to get time data."); + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + + /* create ASN1 time notation */ + /* UTC Time */ + if (ts->tm_year >= 50 && ts->tm_year < 150){ + char utc_str[ASN_UTC_TIME_SIZE]; + int utc_year = 0,utc_mon,utc_day,utc_hour,utc_min,utc_sec; + byte *data_ptr = NULL; + + if (ts->tm_year >= 50 && ts->tm_year < 100){ + utc_year = ts->tm_year; + } else if (ts->tm_year >= 100 && ts->tm_year < 150){ + utc_year = ts->tm_year - 100; + } + utc_mon = ts->tm_mon + 1; + utc_day = ts->tm_mday; + utc_hour = ts->tm_hour; + utc_min = ts->tm_min; + utc_sec = ts->tm_sec; + XSNPRINTF((char *)utc_str, ASN_UTC_TIME_SIZE, + "%02d%02d%02d%02d%02d%02dZ", + utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec); + data_ptr = s->data; + *data_ptr = (byte) ASN_UTC_TIME; data_ptr++; + *data_ptr = (byte) ASN_UTC_TIME_SIZE; data_ptr++; + XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE); + /* GeneralizedTime */ + } else { + char gt_str[ASN_GENERALIZED_TIME_SIZE]; + int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; + byte *data_ptr = NULL; + + gt_year = ts->tm_year + 1900; + gt_mon = ts->tm_mon + 1; + gt_day = ts->tm_mday; + gt_hour = ts->tm_hour; + gt_min = ts->tm_min; + gt_sec = ts->tm_sec; + XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_SIZE, + "%4d%02d%02d%02d%02d%02dZ", + gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); + data_ptr = s->data; + *data_ptr = (byte) ASN_GENERALIZED_TIME; data_ptr++; + *data_ptr = (byte) ASN_GENERALIZED_TIME_SIZE; data_ptr++; + XMEMCPY(data_ptr,(byte *)gt_str, ASN_GENERALIZED_TIME_SIZE); + } + + return s; +} +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !USER_TIME */ + /* && !TIME_OVERRIDES && !NO_FILESYSTEM */ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b) @@ -16766,17 +17103,31 @@ WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) return WOLFSSL_FAILURE; } - -/*** TBD ***/ -WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) +#ifdef OPENSSL_EXTRA +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { - (void)s; - (void)type; - WOLFSSL_STUB("wolfSSL_set_tlsext_status_type"); - return WOLFSSL_FAILURE; -} + WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); + + if (s == NULL){ + return BAD_FUNC_ARG; + } + + if (type == TLSEXT_STATUSTYPE_ocsp){ + int r = 0; + r = TLSX_UseCertificateStatusRequest(&s->extensions, type, + 0, s->heap, s->devId); + return (long)r; + } else { + WOLFSSL_MSG( + "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); + return SSL_FAILURE; + } + +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +#endif /* OPENSSL_EXTRA */ -/*** TBD ***/ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; @@ -18786,6 +19137,46 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD"); } + +WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r, + WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *n, + WOLFSSL_BN_CTX *ctx) +{ + WOLFSSL_ENTER("wolfSSL_BN_mod_inverse"); + + /* ctx is not used */ + (void)ctx; + + /* check parameter */ + if (r == NULL) { + r = wolfSSL_BN_new(); + if (r == NULL){ + WOLFSSL_MSG("WolfSSL_BN_new() failed"); + return NULL; + } + } + + if (a == NULL) { + WOLFSSL_MSG("a NULL error"); + return NULL; + } + + if (n == NULL) { + WOLFSSL_MSG("n NULL error"); + return NULL; + } + + /* Compute inverse of a modulo n and return r */ + if (mp_invmod((mp_int *)a->internal,(mp_int *)n->internal, + (mp_int*)r->internal) == MP_VAL){ + WOLFSSL_MSG("mp_invmod() error"); + return NULL; + } + + return r; +} + #ifndef NO_DH static void InitwolfSSL_DH(WOLFSSL_DH* dh) diff --git a/tests/api.c b/tests/api.c index 478f4b342..e81087db6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -154,6 +154,11 @@ #endif #endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ + && !defined(NO_SHA256) && !defined(RC_NO_RNG) + #include +#endif + /* enable testing buffer load functions */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 @@ -304,7 +309,6 @@ static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method) AssertNotNull(method); AssertNotNull(ctx = wolfSSL_CTX_new(method)); - wolfSSL_CTX_free(ctx); } #endif @@ -2392,6 +2396,24 @@ static void test_wolfSSL_PKCS12(void) #endif /* OPENSSL_EXTRA */ } +/* Testing functions dealing with PKCS5 */ +static void test_wolfSSL_PKCS5(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED) + const char *passwd = "pass1234"; + const unsigned char *salt = (unsigned char *)"salt1234"; + unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + int ret = 0; + + AssertNotNull(out); + ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, + (int)XSTRLEN((const char *) salt), 10, + WC_SHA_DIGEST_SIZE,out); + AssertIntEQ(ret, SSL_SUCCESS); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ +} /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. @@ -9946,6 +9968,72 @@ static void test_wolfSSL_X509_LOOKUP_load_file(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } +static void test_wolfSSL_X509_STORE_CTX_set_time(void) +{ + #if defined(OPENSSL_EXTRA) + WOLFSSL_X509_STORE_CTX* ctx; + time_t ctime; + + printf(testingFmt, "wolfSSL_X509_set_time()"); + AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ctime = 365*24*60*60; + wolfSSL_X509_STORE_CTX_set_time(ctx, 0, ctime); + AssertTrue( + (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME); + AssertTrue(ctx->param->check_time == ctime); + wolfSSL_X509_STORE_CTX_free(ctx); + + printf(resultFmt, passed); + #endif /* OPENSSL_EXTRA */ +} + +static void test_wolfSSL_CTX_set_client_CA_list(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names = NULL; + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_list = NULL; + + printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + names = wolfSSL_load_client_CA_file(cliCertFile); + AssertNotNull(names); + wolfSSL_CTX_set_client_CA_list(ctx,names); + AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx)); + wolfSSL_CTX_free(ctx); + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS */ +} + +static void test_wolfSSL_CTX_add_client_CA(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; + WOLFSSL_X509* x509; + WOLFSSL_X509* x509_a; + WOLF_STACK_OF(WOLFSSLX509_NAME)* ca_list; + int ret = 0; + + printf(testingFmt, "wolfSSL_CTX_add_client_CA()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + /* Add client cert */ + AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ret = wolfSSL_CTX_add_client_CA(ctx, x509); + AssertIntEQ(ret ,SSL_SUCCESS); + AssertNotNull(ca_list = wolfSSL_SSL_CTX_get_client_CA_list(ctx)); + /* Add another client cert */ + AssertNotNull(x509_a = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + AssertIntEQ(wolfSSL_CTX_add_client_CA(ctx, x509_a),SSL_SUCCESS); + + wolfSSL_X509_free(x509); + wolfSSL_X509_free(x509_a); + wolfSSL_CTX_free(ctx); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS */ +} static void test_wolfSSL_X509_NID(void) { @@ -10022,6 +10110,64 @@ static void test_wolfSSL_X509_NID(void) #endif } +static void test_wolfSSL_CTX_set_srp_username(void) +{ +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ + && !defined(NO_SHA256) && !defined(WC_NO_RNG) + WOLFSSL_CTX* ctx; + const char *username = "TESTUSER"; + const char *password = "TESTPASSWORD"; + int r; + + printf(testingFmt, "wolfSSL_CTX_set_srp_username()"); + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + AssertNotNull(ctx); + r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); + AssertIntEQ(r,SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + AssertNotNull(ctx); + r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); + AssertIntEQ(r,SSL_SUCCESS); + r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); + AssertIntEQ(r,SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ + /* && !NO_SHA256 && !WC_NO_RNG */ +} + +static void test_wolfSSL_CTX_set_srp_password(void) +{ +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ + && !defined(NO_SHA256) && !defined(WC_NO_RNG) + WOLFSSL_CTX* ctx; + const char *username = "TESTUSER"; + const char *password = "TESTPASSWORD"; + int r; + + printf(testingFmt, "wolfSSL_CTX_set_srp_password()"); + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + AssertNotNull(ctx); + r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); + AssertIntEQ(r,SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + AssertNotNull(ctx); + r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); + AssertIntEQ(r,SSL_SUCCESS); + r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); + AssertIntEQ(r,SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ + /* && !NO_SHA256 && !WC_NO_RNG */ +} static void test_wolfSSL_BN(void) { @@ -10063,6 +10209,14 @@ static void test_wolfSSL_BN(void) AssertIntEQ(BN_bn2bin(d, value), WOLFSSL_SUCCESS); AssertIntEQ((int)(value[0] & 0x04), 4); + /* BN_mod_inverse test */ + value[0] = 0; + BIGNUM *r = BN_new(); + BIGNUM *val = BN_mod_inverse(r,b,c,NULL); + AssertIntEQ(BN_bn2bin(r, value), 1); + AssertIntEQ((int)(value[0] & 0x03), 3); + BN_free(val); + BN_free(a); BN_free(b); BN_free(c); @@ -10130,6 +10284,27 @@ static void test_wolfSSL_set_options(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } +/* Testing wolfSSL_set_tlsext_status_type funciton. + * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. + */ +static void test_wolfSSL_set_tlsext_status_type(void){ + #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + SSL* ssl; + SSL_CTX* ctx; + + printf(testingFmt, "wolfSSL_set_tlsext_status_type()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + AssertTrue(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp) + == SSL_SUCCESS); + SSL_free(ssl); + SSL_CTX_free(ctx); + #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST */ +} + static void test_wolfSSL_PEM_read_bio(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -10355,15 +10530,94 @@ static void test_wolfSSL_DES_ecb_encrypt(void) int ret1 = 0; int ret2 = 0; wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); - ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); + ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret1,0); wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); - ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); + ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret2,0); printf(resultFmt, passed); #endif } + +static void test_wolfSSL_ASN1_TIME_adj(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) \ +&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) + + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int min = 60; + const byte asn_utc_time = 0x17; + const byte asn_gen_time = 0x18; + WOLFSSL_ASN1_TIME *asn_time, *s; + int offset_day; + long offset_sec; + char date_str[20]; + + printf(testingFmt, "wolfSSL_ASN1_TIME_adj()"); + + s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_OPENSSL); + /* UTC notation test */ + /* 2000/2/15 20:30:00 */ + time_t t = (time_t)30 * year + 45 * day + 20 * hour + 30 * min + 7 * day; + offset_day = 7; + offset_sec = 45 * min; + /* offset_sec = -45 * min;*/ + asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); + AssertTrue(asn_time->data[0] == asn_utc_time); + XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); + + /* negative offset */ + offset_sec = -45 * min; + asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); + AssertTrue(asn_time->data[0] == asn_utc_time); + XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); + + XFREE(s,NULL,DYNAMIC_TYPE_OPENSSL); + XMEMSET(date_str, 0, sizeof(date_str)); + + s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_OPENSSL); + /* GeneralizedTime notation test */ + /* 2055/03/01 09:00:00 */ + t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; + offset_day = 12; + offset_sec = 10 * min; + asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); + AssertTrue(asn_time->data[0] == asn_gen_time); + XSTRNCPY(date_str,(const char*) &asn_time->data+2, 15); + AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); + + XFREE(s,NULL,DYNAMIC_TYPE_OPENSSL); + XMEMSET(date_str, 0, sizeof(date_str)); + + /* if WOLFSSL_ASN1_TIME struct is not allocated */ + s = NULL; + + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * min + 15 + 7 * day; + offset_day = 7; + offset_sec = 45 * min; + asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); + AssertTrue(asn_time->data[0] == asn_utc_time); + XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); + + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); + AssertTrue(asn_time->data[0] == asn_utc_time); + XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); + + printf(resultFmt, passed); +#endif +} + /*----------------------------------------------------------------------------* | wolfCrypt ASN *----------------------------------------------------------------------------*/ @@ -10924,6 +11178,7 @@ void ApiTest(void) /* X509 tests */ test_wolfSSL_X509_NAME_get_entry(); test_wolfSSL_PKCS12(); + test_wolfSSL_PKCS5(); /*OCSP Stapling. */ AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS); @@ -10947,11 +11202,18 @@ void ApiTest(void) test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); + test_wolfSSL_X509_STORE_CTX_set_time(); test_wolfSSL_BN(); test_wolfSSL_set_options(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); test_wolfSSL_DES_ecb_encrypt(); + test_wolfSSL_set_tlsext_status_type(); + test_wolfSSL_ASN1_TIME_adj(); + test_wolfSSL_CTX_set_client_CA_list(); + test_wolfSSL_CTX_add_client_CA(); + test_wolfSSL_CTX_set_srp_username(); + test_wolfSSL_CTX_set_srp_password(); AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS); /* wolfCrypt ASN tests */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index da8e3ae82..9e628f748 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -111,357 +111,7 @@ ASN Options: #endif #endif -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ - #pragma warning(disable: 4996) -#endif - -#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } - #ifndef NO_ASN_TIME -#if defined(USER_TIME) - /* Use our gmtime and time_t/struct tm types. - Only needs seconds since EPOCH using XTIME function. - time_t XTIME(time_t * timer) {} - */ - #define WOLFSSL_GMTIME - #define USE_WOLF_TM - #define USE_WOLF_TIME_T - -#elif defined(TIME_OVERRIDES) - /* Override XTIME() and XGMTIME() functionality. - Requires user to provide these functions: - time_t XTIME(time_t * timer) {} - struct tm* XGMTIME(const time_t* timer, struct tm* tmp) {} - */ - #ifndef HAVE_TIME_T_TYPE - #define USE_WOLF_TIME_T - #endif - #ifndef HAVE_TM_TYPE - #define USE_WOLF_TM - #endif - #define NEED_TMP_TIME - -#elif defined(HAVE_RTP_SYS) - /* uses parital structures */ - #define XTIME(tl) (0) - #define XGMTIME(c, t) rtpsys_gmtime((c)) - -#elif defined(MICRIUM) - #include - #include - #define XTIME(t1) micrium_time((t1)) - #define WOLFSSL_GMTIME - -#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) - #include - #define XTIME(t1) pic32_time((t1)) - #define XGMTIME(c, t) gmtime((c)) - -#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - #define XTIME(t1) mqx_time((t1)) - #define HAVE_GMTIME_R - -#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || \ - defined(FREESCALE_KSDK_FREERTOS) - #include - #ifndef XTIME - /*extern time_t ksdk_time(time_t* timer);*/ - #define XTIME(t1) ksdk_time((t1)) - #endif - #define XGMTIME(c, t) gmtime((c)) - -#elif defined(WOLFSSL_ATMEL) - #define XTIME(t1) atmel_get_curr_time_and_date((t1)) - #define WOLFSSL_GMTIME - #define USE_WOLF_TM - #define USE_WOLF_TIME_T - -#elif defined(IDIRECT_DEV_TIME) - /*Gets the timestamp from cloak software owned by VT iDirect - in place of time() from */ - #include - #define XTIME(t1) idirect_time((t1)) - #define XGMTIME(c, t) gmtime((c)) - -#elif defined(_WIN32_WCE) - #include - #define XTIME(t1) windows_time((t1)) - #define WOLFSSL_GMTIME -#else - - /* default */ - /* uses complete facility */ - #include -#endif - - -/* Map default time functions */ -#if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME) - #define XTIME(tl) time((tl)) -#endif -#if !defined(XGMTIME) && !defined(TIME_OVERRIDES) - #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) - #define XGMTIME(c, t) gmtime((c)) - #else - #define XGMTIME(c, t) gmtime_r((c), (t)) - #define NEED_TMP_TIME - #endif -#endif -#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) - #define USE_WOLF_VALIDDATE - #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) -#endif - -/* wolf struct tm and time_t */ -#if defined(USE_WOLF_TM) - struct tm { - int tm_sec; /* seconds after the minute [0-60] */ - int tm_min; /* minutes after the hour [0-59] */ - int tm_hour; /* hours since midnight [0-23] */ - int tm_mday; /* day of the month [1-31] */ - int tm_mon; /* months since January [0-11] */ - int tm_year; /* years since 1900 */ - int tm_wday; /* days since Sunday [0-6] */ - int tm_yday; /* days since January 1 [0-365] */ - int tm_isdst; /* Daylight Savings Time flag */ - long tm_gmtoff; /* offset from CUT in seconds */ - char *tm_zone; /* timezone abbreviation */ - }; -#endif /* USE_WOLF_TM */ -#if defined(USE_WOLF_TIME_T) - typedef long time_t; -#endif - -/* forward declarations */ -#if defined(USER_TIME) - struct tm* gmtime(const time_t* timer); - extern time_t XTIME(time_t * timer); - - #ifdef STACK_TRAP - /* for stack trap tracking, don't call os gmtime on OS X/linux, - uses a lot of stack spce */ - extern time_t time(time_t * timer); - #define XTIME(tl) time((tl)) - #endif /* STACK_TRAP */ - -#elif defined(TIME_OVERRIDES) - extern time_t XTIME(time_t * timer); - extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp); -#elif defined(WOLFSSL_GMTIME) - struct tm* gmtime(const time_t* timer); -#endif - - -#if defined(_WIN32_WCE) -time_t windows_time(time_t* timer) -{ - SYSTEMTIME sysTime; - FILETIME fTime; - ULARGE_INTEGER intTime; - time_t localTime; - - if (timer == NULL) - timer = &localTime; - - GetSystemTime(&sysTime); - SystemTimeToFileTime(&sysTime, &fTime); - - XMEMCPY(&intTime, &fTime, sizeof(FILETIME)); - /* subtract EPOCH */ - intTime.QuadPart -= 0x19db1ded53e8000; - /* to secs */ - intTime.QuadPart /= 10000000; - *timer = (time_t)intTime.QuadPart; - - return *timer; -} -#endif /* _WIN32_WCE */ - -#if defined(WOLFSSL_GMTIME) -struct tm* gmtime(const time_t* timer) -{ - #define YEAR0 1900 - #define EPOCH_YEAR 1970 - #define SECS_DAY (24L * 60L * 60L) - #define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400))) - #define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365) - - static const int _ytab[2][12] = - { - {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, - {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31} - }; - - static struct tm st_time; - struct tm* ret = &st_time; - time_t secs = *timer; - unsigned long dayclock, dayno; - int year = EPOCH_YEAR; - - dayclock = (unsigned long)secs % SECS_DAY; - dayno = (unsigned long)secs / SECS_DAY; - - ret->tm_sec = (int) dayclock % 60; - ret->tm_min = (int)(dayclock % 3600) / 60; - ret->tm_hour = (int) dayclock / 3600; - ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */ - - while(dayno >= (unsigned long)YEARSIZE(year)) { - dayno -= YEARSIZE(year); - year++; - } - - ret->tm_year = year - YEAR0; - ret->tm_yday = (int)dayno; - ret->tm_mon = 0; - - while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) { - dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon]; - ret->tm_mon++; - } - - ret->tm_mday = (int)++dayno; - ret->tm_isdst = 0; - - return ret; -} -#endif /* WOLFSSL_GMTIME */ - - -#if defined(HAVE_RTP_SYS) -#define YEAR0 1900 - -struct tm* rtpsys_gmtime(const time_t* timer) /* has a gmtime() but hangs */ -{ - static struct tm st_time; - struct tm* ret = &st_time; - - DC_RTC_CALENDAR cal; - dc_rtc_time_get(&cal, TRUE); - - ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */ - ret->tm_mon = cal.month - 1; /* gm starts at 0 */ - ret->tm_mday = cal.day; - ret->tm_hour = cal.hour; - ret->tm_min = cal.minute; - ret->tm_sec = cal.second; - - return ret; -} - -#endif /* HAVE_RTP_SYS */ - - -#if defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) - -/* - * time() is just a stub in Microchip libraries. We need our own - * implementation. Use SNTP client to get seconds since epoch. - */ -time_t pic32_time(time_t* timer) -{ -#ifdef MICROCHIP_TCPIP_V5 - DWORD sec = 0; -#else - uint32_t sec = 0; -#endif - time_t localTime; - - if (timer == NULL) - timer = &localTime; - -#ifdef MICROCHIP_MPLAB_HARMONY - sec = TCPIP_SNTP_UTCSecondsGet(); -#else - sec = SNTPGetUTCSeconds(); -#endif - *timer = (time_t) sec; - - return *timer; -} - -#endif /* MICROCHIP_TCPIP || MICROCHIP_TCPIP_V5 */ - - -#if defined(MICRIUM) - -time_t micrium_time(time_t* timer) -{ - CLK_TS_SEC sec; - - Clk_GetTS_Unix(&sec); - - return (time_t) sec; -} - -#endif /* MICRIUM */ - - -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - -time_t mqx_time(time_t* timer) -{ - time_t localTime; - TIME_STRUCT time_s; - - if (timer == NULL) - timer = &localTime; - - _time_get(&time_s); - *timer = (time_t) time_s.SECONDS; - - return *timer; -} - -#endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */ - - -#if defined(WOLFSSL_TIRTOS) - -time_t XTIME(time_t * timer) -{ - time_t sec = 0; - - sec = (time_t) Seconds_get(); - - if (timer != NULL) - *timer = sec; - - return sec; -} - -#endif /* WOLFSSL_TIRTOS */ - - -#if defined(WOLFSSL_XILINX) -#include "xrtcpsu.h" - -time_t XTIME(time_t * timer) -{ - time_t sec = 0; - XRtcPsu_Config* con; - XRtcPsu rtc; - - con = XRtcPsu_LookupConfig(XPAR_XRTCPSU_0_DEVICE_ID); - if (con != NULL) { - if (XRtcPsu_CfgInitialize(&rtc, con, con->BaseAddr) == XST_SUCCESS) { - sec = (time_t)XRtcPsu_GetCurrentTime(&rtc); - } - else { - WOLFSSL_MSG("Unable to initialize RTC"); - } - } - - if (timer != NULL) - *timer = sec; - - return sec; -} - -#endif /* WOLFSSL_TIRTOS */ - - /* two byte date/time, add to value */ static INLINE void GetTime(int* value, const byte* date, int* idx) { @@ -472,26 +122,14 @@ static INLINE void GetTime(int* value, const byte* date, int* idx) *idx = i; } - - -#if defined(IDIRECT_DEV_TIME) - -extern time_t getTimestamp(); - -time_t idirect_time(time_t * timer) -{ - time_t sec = getTimestamp(); - - if (timer != NULL) - *timer = sec; - - return sec; -} - -#endif /* IDIRECT_DEV_TIME */ - #endif /* !NO_ASN_TIME */ +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ + #pragma warning(disable: 4996) +#endif + +#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 5fcd0d201..98d4f01be 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -764,3 +764,27 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, #endif /* WOLFSSL_EVP_INCLUDED */ +#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) && !defined(NO_SHA) +WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, + int saltlen, int iter, + int keylen, unsigned char *out) +{ + const char *nostring = ""; + int ret = 0; + + if (pass == NULL){ + passlen = 0; + pass = nostring; + } else if (passlen == -1){ + passlen = (int)XSTRLEN(pass); + } + + ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, + iter, keylen, WC_SHA); + if (ret == 0) + return SSL_SUCCESS; + else + return SSL_FAILURE; +} +#endif /* OPENSSL_EXTRA && !NO_PWDBASED !NO_SHA*/ diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index d6d73617c..576b6724d 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -269,7 +269,6 @@ void wc_SrpTerm(Srp* srp) if (srp) { mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->auth); mp_clear(&srp->priv); - if (srp->salt) { ForceZero(srp->salt, srp->saltSz); XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 284ed507e..8d10007e9 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1174,6 +1174,212 @@ int wolfSSL_CryptHwMutexUnLock(void) { #endif +#ifndef NO_ASN_TIME +#if defined(_WIN32_WCE) +time_t windows_time(time_t* timer) +{ + SYSTEMTIME sysTime; + FILETIME fTime; + ULARGE_INTEGER intTime; + time_t localTime; + + if (timer == NULL) + timer = &localTime; + + GetSystemTime(&sysTime); + SystemTimeToFileTime(&sysTime, &fTime); + + XMEMCPY(&intTime, &fTime, sizeof(FILETIME)); + /* subtract EPOCH */ + intTime.QuadPart -= 0x19db1ded53e8000; + /* to secs */ + intTime.QuadPart /= 10000000; + *timer = (time_t)intTime.QuadPart; + + return *timer; +} +#endif /* _WIN32_WCE */ + +#if defined(WOLFSSL_GMTIME) +struct tm* gmtime(const time_t* timer) +{ + #define YEAR0 1900 + #define EPOCH_YEAR 1970 + #define SECS_DAY (24L * 60L * 60L) + #define LEAPYEAR(year) (!((year) % 4) && (((year) % 100) || !((year) %400))) + #define YEARSIZE(year) (LEAPYEAR(year) ? 366 : 365) + + static const int _ytab[2][12] = + { + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31} + }; + + static struct tm st_time; + struct tm* ret = &st_time; + time_t secs = *timer; + unsigned long dayclock, dayno; + int year = EPOCH_YEAR; + + dayclock = (unsigned long)secs % SECS_DAY; + dayno = (unsigned long)secs / SECS_DAY; + + ret->tm_sec = (int) dayclock % 60; + ret->tm_min = (int)(dayclock % 3600) / 60; + ret->tm_hour = (int) dayclock / 3600; + ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */ + + while(dayno >= (unsigned long)YEARSIZE(year)) { + dayno -= YEARSIZE(year); + year++; + } + + ret->tm_year = year - YEAR0; + ret->tm_yday = (int)dayno; + ret->tm_mon = 0; + + while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) { + dayno -= _ytab[LEAPYEAR(year)][ret->tm_mon]; + ret->tm_mon++; + } + + ret->tm_mday = (int)++dayno; + ret->tm_isdst = 0; + + return ret; +} +#endif /* WOLFSSL_GMTIME */ + + +#if defined(HAVE_RTP_SYS) +#define YEAR0 1900 + +struct tm* rtpsys_gmtime(const time_t* timer) /* has a gmtime() but hangs */ +{ + static struct tm st_time; + struct tm* ret = &st_time; + + DC_RTC_CALENDAR cal; + dc_rtc_time_get(&cal, TRUE); + + ret->tm_year = cal.year - YEAR0; /* gm starts at 1900 */ + ret->tm_mon = cal.month - 1; /* gm starts at 0 */ + ret->tm_mday = cal.day; + ret->tm_hour = cal.hour; + ret->tm_min = cal.minute; + ret->tm_sec = cal.second; + + return ret; +} + +#endif /* HAVE_RTP_SYS */ + + +#if defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) + +/* + * time() is just a stub in Microchip libraries. We need our own + * implementation. Use SNTP client to get seconds since epoch. + */ +time_t pic32_time(time_t* timer) +{ +#ifdef MICROCHIP_TCPIP_V5 + DWORD sec = 0; +#else + uint32_t sec = 0; +#endif + time_t localTime; + + if (timer == NULL) + timer = &localTime; + +#ifdef MICROCHIP_MPLAB_HARMONY + sec = TCPIP_SNTP_UTCSecondsGet(); +#else + sec = SNTPGetUTCSeconds(); +#endif + *timer = (time_t) sec; + + return *timer; +} + +#endif /* MICROCHIP_TCPIP || MICROCHIP_TCPIP_V5 */ + +#if defined(MICRIUM) + +time_t micrium_time(time_t* timer) +{ + CLK_TS_SEC sec; + + Clk_GetTS_Unix(&sec); + + return (time_t) sec; +} + +#endif /* MICRIUM */ + +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + +time_t mqx_time(time_t* timer) +{ + time_t localTime; + TIME_STRUCT time_s; + + if (timer == NULL) + timer = &localTime; + + _time_get(&time_s); + *timer = (time_t) time_s.SECONDS; + + return *timer; +} + +#endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */ + + +#if defined(WOLFSSL_TIRTOS) + +time_t XTIME(time_t * timer) +{ + time_t sec = 0; + + sec = (time_t) Seconds_get(); + + if (timer != NULL) + *timer = sec; + + return sec; +} + +#endif /* WOLFSSL_TIRTOS */ + +#if defined(WOLFSSL_XILINX) +#include "xrtcpsu.h" + +time_t XTIME(time_t * timer) +{ + time_t sec = 0; + XRtcPsu_Config* con; + XRtcPsu rtc; + + con = XRtcPsu_LookupConfig(XPAR_XRTCPSU_0_DEVICE_ID); + if (con != NULL) { + if (XRtcPsu_CfgInitialize(&rtc, con, con->BaseAddr) == XST_SUCCESS) { + sec = (time_t)XRtcPsu_GetCurrentTime(&rtc); + } + else { + WOLFSSL_MSG("Unable to initialize RTC"); + } + } + + if (timer != NULL) + *timer = sec; + + return sec; +} + +#endif /* WOLFSSL_XILINX */ +#endif /* !NO_ASN_TIME */ #if defined(WOLFSSL_TI_CRYPT) || defined(WOLFSSL_TI_HASH) #include /* initialize and Mutex for TI Crypt Engine */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e12b8ebf2..dabe6d491 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -178,6 +178,12 @@ #include #endif +#ifdef OPENSSL_EXTRA + #ifdef WOLFCRYPT_HAVE_SRP + #include + #endif +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -2417,6 +2423,10 @@ struct WOLFSSL_CTX { int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); #endif +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) + Srp* srp; /* TLS Secure Remote Password Protocol*/ + byte* srp_password; +#endif }; diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 1b03e21db..d105b7526 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -84,7 +84,8 @@ WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx); - +WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx); typedef WOLFSSL_BIGNUM BIGNUM; typedef WOLFSSL_BN_CTX BN_CTX; typedef WOLFSSL_BN_GENCB BN_GENCB; @@ -144,6 +145,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_CTX_get wolfSSL_BN_CTX_get #define BN_CTX_start wolfSSL_BN_CTX_start +#define BN_mod_inverse wolfSSL_BN_mod_inverse + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 963876194..5e3b528c3 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -51,6 +51,7 @@ #ifdef HAVE_IDEA #include #endif +#include #ifdef __cplusplus extern "C" { @@ -351,6 +352,12 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, i WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher); + +WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen, + const unsigned char * salt, + int saltlen, int iter, + int keylen, unsigned char *out); + #define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER #define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE #define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE @@ -479,6 +486,8 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher +#define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 + #ifndef EVP_MAX_MD_SIZE #define EVP_MAX_MD_SIZE 64 /* sha512 */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 43f20552f..f144653a9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -337,6 +337,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print +#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get @@ -550,6 +551,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_write_filename wolfSSL_BIO_write_filename #define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return +#define TLSEXT_STATUSTYPE_ocsp 1 + #define SSL_set_options wolfSSL_set_options #define SSL_get_options wolfSSL_get_options #define SSL_set_tmp_dh wolfSSL_set_tmp_dh @@ -617,6 +620,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL +#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME +#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME + #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) #include @@ -805,6 +811,11 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time +#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA +#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password +#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e69b127af..8c0522094 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -160,6 +160,7 @@ typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; +typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; @@ -220,6 +221,15 @@ struct WOLFSSL_X509_STORE { #endif }; +#ifdef OPENSSL_EXTRA +#define WOLFSSL_USE_CHECK_TIME 0x2 +#define WOLFSSL_NO_CHECK_TIME 0x200000 +struct WOLFSSL_X509_VERIFY_PARAM { + time_t check_time; + unsigned long flags; +}; +#endif + typedef struct WOLFSSL_ALERT { int code; int level; @@ -252,6 +262,9 @@ typedef struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* stunnel dereference */ WOLFSSL_STACK* chain; +#ifdef OPENSSL_EXTRA + WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ +#endif char* domain; /* subject CN domain name */ void* ex_data; /* external data, for fortress build */ void* userCtx; /* user ctx */ @@ -778,7 +791,9 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); - +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*, + unsigned long flags, + time_t t); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( WOLFSSL_X509_REVOKED*,int); @@ -794,6 +809,8 @@ WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, + int, long); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( @@ -850,6 +867,9 @@ WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( WOLFSSL_CTX*, void* arg); +WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); +WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); @@ -864,7 +884,7 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); -WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); +WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 3aa95a424..63544348c 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -87,6 +87,9 @@ enum ASN_Tags { ASN_LONG_LENGTH = 0x80 }; +#define ASN_UTC_TIME_SIZE 14 +#define ASN_GENERALIZED_TIME_SIZE 16 + enum ASN_Flags { ASN_CONSTRUCTED = 0x20, ASN_CONTEXT_SPECIFIC = 0x80 diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index 0b74b7ecf..1bf6280a5 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -54,6 +54,9 @@ /* Set the minimum number of bits acceptable for private keys (RFC 5054) */ #define SRP_PRIVATE_KEY_MIN_BITS 256 +/* salt size for SRP password */ +#define SRP_SALT_SIZE 16 + /** * SRP side, client or server. */ @@ -72,6 +75,7 @@ typedef enum { SRP_TYPE_SHA512 = 4, } SrpType; + /** * SRP hash struct. */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index ff7a07d19..c8875910c 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -322,6 +322,140 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* max */ #endif /* USE_WINDOWS_API */ +/* Time functions */ +#ifndef NO_ASN_TIME +#if defined(USER_TIME) + /* Use our gmtime and time_t/struct tm types. + Only needs seconds since EPOCH using XTIME function. + time_t XTIME(time_t * timer) {} + */ + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T + +#elif defined(TIME_OVERRIDES) + /* Override XTIME() and XGMTIME() functionality. + Requires user to provide these functions: + time_t XTIME(time_t * timer) {} + struct tm* XGMTIME(const time_t* timer, struct tm* tmp) {} + */ + #ifndef HAVE_TIME_T_TYPE + #define USE_WOLF_TIME_T + #endif + #ifndef HAVE_TM_TYPE + #define USE_WOLF_TM + #endif + #define NEED_TMP_TIME + +#elif defined(HAVE_RTP_SYS) + /* uses parital structures */ + #define XTIME(tl) (0) + #define XGMTIME(c, t) rtpsys_gmtime((c)) + +#elif defined(MICRIUM) + #include + #include + #define XTIME(t1) micrium_time((t1)) + #define WOLFSSL_GMTIME + +#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) + #include + #define XTIME(t1) pic32_time((t1)) + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #define XTIME(t1) mqx_time((t1)) + #define HAVE_GMTIME_R + +#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS) + #include + #ifndef XTIME + /*extern time_t ksdk_time(time_t* timer);*/ + #define XTIME(t1) ksdk_time((t1)) + #endif + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(WOLFSSL_ATMEL) + #define XTIME(t1) atmel_get_curr_time_and_date((t1)) + #define WOLFSSL_GMTIME + #define USE_WOLF_TM + #define USE_WOLF_TIME_T + +#elif defined(IDIRECT_DEV_TIME) + /*Gets the timestamp from cloak software owned by VT iDirect + in place of time() from */ + #include + #define XTIME(t1) idirect_time((t1)) + #define XGMTIME(c, t) gmtime((c)) + +#elif defined(_WIN32_WCE) + #include + #define XTIME(t1) windows_time((t1)) + #define WOLFSSL_GMTIME + +#else + /* default */ + /* uses complete facility */ + #include +#endif + + +/* Map default time functions */ +#if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME) + #define XTIME(tl) time((tl)) +#endif +#if !defined(XGMTIME) && !defined(TIME_OVERRIDES) + #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) + #define XGMTIME(c, t) gmtime((c)) + #else + #define XGMTIME(c, t) gmtime_r((c), (t)) + #define NEED_TMP_TIME + #endif +#endif +#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) + #define USE_WOLF_VALIDDATE + #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) +#endif + +/* wolf struct tm and time_t */ +#if defined(USE_WOLF_TM) + struct tm { + int tm_sec; /* seconds after the minute [0-60] */ + int tm_min; /* minutes after the hour [0-59] */ + int tm_hour; /* hours since midnight [0-23] */ + int tm_mday; /* day of the month [1-31] */ + int tm_mon; /* months since January [0-11] */ + int tm_year; /* years since 1900 */ + int tm_wday; /* days since Sunday [0-6] */ + int tm_yday; /* days since January 1 [0-365] */ + int tm_isdst; /* Daylight Savings Time flag */ + long tm_gmtoff; /* offset from CUT in seconds */ + char *tm_zone; /* timezone abbreviation */ + }; +#endif /* USE_WOLF_TM */ +#if defined(USE_WOLF_TIME_T) + typedef long time_t; +#endif + +/* forward declarations */ +#if defined(USER_TIME) + struct tm* gmtime(const time_t* timer); + extern time_t XTIME(time_t * timer); + + #ifdef STACK_TRAP + /* for stack trap tracking, don't call os gmtime on OS X/linux, + uses a lot of stack spce */ + extern time_t time(time_t * timer); + #define XTIME(tl) time((tl)) + #endif /* STACK_TRAP */ + +#elif defined(TIME_OVERRIDES) + extern time_t XTIME(time_t * timer); + extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp); +#elif defined(WOLFSSL_GMTIME) + struct tm* gmtime(const time_t* timer); +#endif +#endif /* NO_ASN_TIME */ #ifdef __cplusplus } /* extern "C" */