mirror of https://github.com/wolfSSL/wolfssl.git
David Garske
GitHub
commit
b4c6140b64
34
configure.ac
34
configure.ac
|
|
@ -911,6 +911,7 @@ AC_ARG_ENABLE([mcast],
|
|||
# WOLFSSL_MYSQL_COMPATIBLE
|
||||
# web server (--enable-webserver) HAVE_WEBSERVER
|
||||
# net-snmp (--enable-net-snmp)
|
||||
# krb (--enable-krb) WOLFSSL_KRB
|
||||
|
||||
|
||||
# Bind DNS compatibility Build
|
||||
|
|
@ -1033,6 +1034,14 @@ AC_ARG_ENABLE([net-snmp],
|
|||
[ ENABLED_NETSNMP=no ]
|
||||
)
|
||||
|
||||
# kerberos 5 Build
|
||||
AC_ARG_ENABLE([krb],
|
||||
[AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])],
|
||||
[ ENABLED_KRB=$enableval ],
|
||||
[ ENABLED_KRB=no ]
|
||||
)
|
||||
|
||||
|
||||
#IP alternative name Support
|
||||
AC_ARG_ENABLE([ip-alt-name],
|
||||
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
|
||||
|
|
@ -1104,7 +1113,8 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
|
|||
test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \
|
||||
test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \
|
||||
test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
|
||||
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes"
|
||||
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
|
||||
test "$ENABLED_KRB" = "yes"
|
||||
then
|
||||
ENABLED_OPENSSLALL="yes"
|
||||
fi
|
||||
|
|
@ -3249,7 +3259,7 @@ AC_ARG_ENABLE([des3],
|
|||
[ ENABLED_DES3=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes"
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes"
|
||||
then
|
||||
ENABLED_DES3="yes"
|
||||
fi
|
||||
|
|
@ -3267,7 +3277,7 @@ then
|
|||
fi
|
||||
|
||||
# ARC4
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
|
||||
then
|
||||
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
|
||||
test "$enable_arc4" = "" && enable_arc4=yes
|
||||
|
|
@ -3824,7 +3834,8 @@ AC_ARG_ENABLE([crl],
|
|||
)
|
||||
|
||||
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
|
||||
test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes"
|
||||
test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
|
||||
test "x$ENABLED_KRB" = "xyes"
|
||||
then
|
||||
ENABLED_CRL=yes
|
||||
fi
|
||||
|
|
@ -4713,6 +4724,17 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_KRB" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT"
|
||||
|
||||
# Requires PKCS7
|
||||
if test "x$ENABLED_PKCS7" = "xno"
|
||||
then
|
||||
ENABLED_PKCS7="yes"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$ENABLED_SIGNAL" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
||||
|
|
@ -5158,7 +5180,7 @@ AC_ARG_ENABLE([md4],
|
|||
if test "$ENABLED_MD4" = "no"
|
||||
then
|
||||
#turn on MD4 if using stunnel
|
||||
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno"
|
||||
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes"
|
||||
then
|
||||
ENABLED_MD4="yes"
|
||||
else
|
||||
|
|
@ -6809,7 +6831,7 @@ then
|
|||
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
|
||||
AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS"
|
||||
AM_CFLAGS="-DWOLFSSL_AKID_NAME -DHAVE_CTS $AM_CFLAGS"
|
||||
fi
|
||||
|
||||
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
|
||||
|
|
|
|||
277
src/ssl.c
277
src/ssl.c
|
|
@ -99,6 +99,7 @@
|
|||
#include <wolfssl/openssl/ecdsa.h>
|
||||
#include <wolfssl/openssl/ecdh.h>
|
||||
#include <wolfssl/openssl/err.h>
|
||||
#include <wolfssl/openssl/modes.h>
|
||||
#include <wolfssl/openssl/opensslv.h>
|
||||
#include <wolfssl/openssl/rc4.h>
|
||||
#include <wolfssl/openssl/stack.h>
|
||||
|
|
@ -21091,6 +21092,57 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk)
|
|||
wolfSSL_sk_free(sk);
|
||||
}
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void)
|
||||
{
|
||||
WOLFSSL_STACK* s = wolfSSL_sk_new_node(NULL);
|
||||
if (s != NULL)
|
||||
s->type = STACK_TYPE_X509_CRL;
|
||||
return s;
|
||||
}
|
||||
|
||||
void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
|
||||
void (*f) (WOLFSSL_X509_CRL*))
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_pop_free");
|
||||
wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
|
||||
}
|
||||
|
||||
void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk)
|
||||
{
|
||||
wolfSSL_sk_X509_CRL_pop_free(sk, NULL);
|
||||
}
|
||||
|
||||
/* return 1 on success 0 on fail */
|
||||
int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push");
|
||||
|
||||
if (sk == NULL || crl == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return wolfSSL_sk_push(sk, crl);
|
||||
}
|
||||
|
||||
WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value(WOLF_STACK_OF(WOLFSSL_X509)* sk,
|
||||
int i)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_value");
|
||||
if (sk)
|
||||
return (WOLFSSL_X509_CRL*)wolfSSL_sk_value(sk, i);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_num");
|
||||
if (sk)
|
||||
return wolfSSL_sk_num(sk);
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_CRL */
|
||||
|
||||
#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
|
|
@ -21250,6 +21302,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
case STACK_TYPE_X509_OBJ:
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
case STACK_TYPE_X509_CRL:
|
||||
default:
|
||||
/* All other types are pointers */
|
||||
if (!sk->data.generic) {
|
||||
|
|
@ -21309,6 +21362,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
case STACK_TYPE_X509_OBJ:
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
case STACK_TYPE_X509_CRL:
|
||||
default:
|
||||
/* All other types are pointers */
|
||||
node->data.generic = sk->data.generic;
|
||||
|
|
@ -21981,6 +22035,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
case STACK_TYPE_X509_OBJ:
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
case STACK_TYPE_X509_CRL:
|
||||
default:
|
||||
sk->hash = sk->hash_fn(sk->data.generic);
|
||||
break;
|
||||
|
|
@ -22005,6 +22060,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
case STACK_TYPE_X509_OBJ:
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
case STACK_TYPE_X509_CRL:
|
||||
default:
|
||||
return sk->data.generic;
|
||||
}
|
||||
|
|
@ -30392,7 +30448,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
|
|||
return;
|
||||
}
|
||||
|
||||
if (enc == AES_ENCRYPT) {
|
||||
if (enc) {
|
||||
if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
|
||||
WOLFSSL_MSG("Error with AES CBC encrypt");
|
||||
}
|
||||
|
|
@ -30509,6 +30565,86 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
|
|||
#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
|
||||
#endif /* NO_AES */
|
||||
|
||||
#ifdef HAVE_CTS
|
||||
/*
|
||||
* Ciphertext stealing interface compatible with RFC2040 and RFC3962.
|
||||
*/
|
||||
size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
|
||||
unsigned char *out, size_t len, const void *key,
|
||||
unsigned char *iv, WOLFSSL_CBC128_CB cbc)
|
||||
{
|
||||
byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ];
|
||||
int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ;
|
||||
WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_encrypt");
|
||||
|
||||
if (in == NULL || out == NULL || len < WOLFSSL_CTS128_BLOCK_SZ ||
|
||||
cbc == NULL) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (lastBlkLen == 0)
|
||||
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
|
||||
|
||||
/* Encrypt data up to last block */
|
||||
(*cbc)(in, out, len - lastBlkLen, key, iv, 1);
|
||||
|
||||
/* Move to last block */
|
||||
in += len - lastBlkLen;
|
||||
out += len - lastBlkLen;
|
||||
|
||||
/* RFC2040: Pad Pn with zeros at the end to create P of length BB. */
|
||||
XMEMCPY(lastBlk, in, lastBlkLen);
|
||||
XMEMSET(lastBlk + lastBlkLen, 0, WOLFSSL_CTS128_BLOCK_SZ - lastBlkLen);
|
||||
/* RFC2040: Select the first Ln bytes of En-1 to create Cn */
|
||||
XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
|
||||
(*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ,
|
||||
key, iv, 1);
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
|
||||
unsigned char *out, size_t len, const void *key,
|
||||
unsigned char *iv, WOLFSSL_CBC128_CB cbc)
|
||||
{
|
||||
byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ];
|
||||
byte prevBlk[WOLFSSL_CTS128_BLOCK_SZ];
|
||||
int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ;
|
||||
WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_decrypt");
|
||||
|
||||
if (in == NULL || out == NULL || len <= WOLFSSL_CTS128_BLOCK_SZ ||
|
||||
cbc == NULL) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (lastBlkLen == 0)
|
||||
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
|
||||
|
||||
/* Decrypt up to last two blocks */
|
||||
(*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
|
||||
|
||||
/* Move to last two blocks */
|
||||
in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ;
|
||||
out += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ;
|
||||
|
||||
/* RFC2040: Decrypt Cn-1 to create Dn.
|
||||
* Use 0 buffer as IV to do straight decryption.
|
||||
* This places the Cn-1 block at lastBlk */
|
||||
XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
|
||||
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0);
|
||||
/* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
|
||||
* to create En. */
|
||||
XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
|
||||
/* Cn and Cn-1 can now be decrypted */
|
||||
(*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
|
||||
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
|
||||
XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
|
||||
return len;
|
||||
}
|
||||
#endif /* HAVE_CTS */
|
||||
|
||||
#ifndef NO_ASN_TIME
|
||||
#ifndef NO_BIO
|
||||
int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
|
||||
|
|
@ -30788,6 +30924,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i)
|
|||
return (void*)sk->data.x509_obj;
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
return (void*)sk->data.dp;
|
||||
case STACK_TYPE_X509_CRL:
|
||||
return (void*)sk->data.crl;
|
||||
default:
|
||||
return (void*)sk->data.generic;
|
||||
}
|
||||
|
|
@ -30876,6 +31014,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
case STACK_TYPE_X509_OBJ:
|
||||
case STACK_TYPE_DIST_POINT:
|
||||
case STACK_TYPE_X509_CRL:
|
||||
default:
|
||||
WOLFSSL_MSG("Unsupported stack type");
|
||||
goto error;
|
||||
|
|
@ -31002,6 +31141,11 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
|
|||
case STACK_TYPE_BY_DIR_hash:
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
||||
func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free;
|
||||
#endif
|
||||
break;
|
||||
case STACK_TYPE_X509_CRL:
|
||||
#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
|
||||
func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free;
|
||||
#endif
|
||||
break;
|
||||
case STACK_TYPE_CIPHER:
|
||||
|
|
@ -44385,6 +44529,21 @@ err:
|
|||
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
|
||||
}
|
||||
|
||||
WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
|
||||
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
|
||||
pem_password_cb* cb, void* u)
|
||||
{
|
||||
WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
|
||||
WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read");
|
||||
if (fileBio != NULL) {
|
||||
ret = wolfSSL_PEM_X509_INFO_read_bio(fileBio, sk, cb, u);
|
||||
wolfSSL_BIO_free(fileBio);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* bio WOLFSSL_BIO to read certificates from
|
||||
* sk possible stack to push more X509_INFO structs to. Can be NULL
|
||||
|
|
@ -47233,15 +47392,7 @@ WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)*
|
|||
int i)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
|
||||
|
||||
for (; sk != NULL && i > 0; i--) {
|
||||
sk = sk->next;
|
||||
}
|
||||
|
||||
if (i != 0 || sk == NULL)
|
||||
return NULL;
|
||||
|
||||
return sk->data.name;
|
||||
return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i);
|
||||
}
|
||||
|
||||
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
||||
|
|
@ -47282,21 +47433,8 @@ void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
|||
/* Free only the sk structure, NOT X509_NAME members */
|
||||
void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
||||
{
|
||||
WOLFSSL_STACK* node;
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free");
|
||||
|
||||
if (sk == NULL)
|
||||
return;
|
||||
|
||||
node = sk->next;
|
||||
while (sk->num > 1) {
|
||||
WOLFSSL_STACK* tmp = node;
|
||||
node = node->next;
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
sk->num -= 1;
|
||||
}
|
||||
|
||||
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
wolfSSL_sk_free(sk);
|
||||
}
|
||||
|
||||
int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||
|
|
@ -52762,11 +52900,10 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
|
|||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* WOLFSSL_SUCCESS on ok */
|
||||
int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = WOLFSSL_FAILURE;
|
||||
int len;
|
||||
int initTmpRng = 0;
|
||||
WC_RNG* rng = NULL;
|
||||
|
|
@ -52839,6 +52976,44 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
|
|||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* N = length of range input var
|
||||
* Generate N-bit length numbers until generated number is less than range
|
||||
* @param r Output number
|
||||
* @param range The upper limit of generated output
|
||||
* @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
|
||||
*/
|
||||
int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range)
|
||||
{
|
||||
int n;
|
||||
int iter = 0;
|
||||
WOLFSSL_MSG("wolfSSL_BN_rand_range");
|
||||
|
||||
if (r == NULL || range == NULL) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
n = wolfSSL_BN_num_bits(range);
|
||||
|
||||
if (n <= 1) {
|
||||
wolfSSL_BN_zero(r);
|
||||
}
|
||||
else {
|
||||
do {
|
||||
if (iter >= 100) {
|
||||
WOLFSSL_MSG("wolfSSL_BN_rand_range too many iterations");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
iter++;
|
||||
if (wolfSSL_BN_pseudo_rand(r, n, -1, 0) == WOLFSSL_FAILURE) {
|
||||
WOLFSSL_MSG("wolfSSL_BN_rand error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
} while(wolfSSL_BN_cmp(r, range) >= 0);
|
||||
}
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/* WOLFSSL_SUCCESS on ok
|
||||
* code is same as wolfSSL_BN_rand except for how top and bottom is handled.
|
||||
|
|
@ -61662,15 +61837,16 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
|
|||
return (PKCS7*)pkcs7;
|
||||
}
|
||||
|
||||
int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
|
||||
int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
|
||||
{
|
||||
byte* output = NULL;
|
||||
int localBuf = 0;
|
||||
int len;
|
||||
WC_RNG rng;
|
||||
int ret = WOLFSSL_FAILURE;
|
||||
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
|
||||
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
|
||||
|
||||
if (!bio || !p7) {
|
||||
if (!out || !p7) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
|
@ -61688,17 +61864,53 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
if (*out == NULL) {
|
||||
output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (!output) {
|
||||
WOLFSSL_MSG("malloc error");
|
||||
goto cleanup;
|
||||
}
|
||||
localBuf = 1;
|
||||
}
|
||||
else {
|
||||
output = *out;
|
||||
}
|
||||
|
||||
if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) {
|
||||
WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = len;
|
||||
cleanup:
|
||||
if (p7->rng == &rng) {
|
||||
wc_FreeRng(&rng);
|
||||
p7->rng = NULL;
|
||||
}
|
||||
if (ret == WOLFSSL_FAILURE && localBuf && output)
|
||||
XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (ret != WOLFSSL_FAILURE)
|
||||
*out = output;
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
|
||||
{
|
||||
byte* output = NULL;
|
||||
int len;
|
||||
int ret = WOLFSSL_FAILURE;
|
||||
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
|
||||
|
||||
if (!bio || !p7) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) {
|
||||
WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (wolfSSL_BIO_write(bio, output, len) <= 0) {
|
||||
WOLFSSL_MSG("wolfSSL_BIO_write error");
|
||||
goto cleanup;
|
||||
|
|
@ -61706,13 +61918,8 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
|
|||
|
||||
ret = WOLFSSL_SUCCESS;
|
||||
cleanup:
|
||||
if (p7->rng == &rng) {
|
||||
wc_FreeRng(&rng);
|
||||
p7->rng = NULL;
|
||||
}
|
||||
if (output) {
|
||||
if (output)
|
||||
XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
162
tests/api.c
162
tests/api.c
|
|
@ -313,6 +313,7 @@
|
|||
#include <wolfssl/openssl/hmac.h>
|
||||
#include <wolfssl/openssl/objects.h>
|
||||
#include <wolfssl/openssl/rand.h>
|
||||
#include <wolfssl/openssl/modes.h>
|
||||
#ifdef OPENSSL_ALL
|
||||
#include <wolfssl/openssl/txt_db.h>
|
||||
#include <wolfssl/openssl/lhash.h>
|
||||
|
|
@ -34284,7 +34285,7 @@ static void test_wolfSSL_BN(void)
|
|||
/* check result 3*2 */
|
||||
AssertIntEQ(BN_get_word(d), 6);
|
||||
|
||||
/* c/b = */
|
||||
/* c/b => db + a */
|
||||
AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
|
||||
AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
|
||||
|
||||
|
|
@ -34313,6 +34314,14 @@ static void test_wolfSSL_BN(void)
|
|||
AssertIntEQ(BN_get_word(d), 8);
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
AssertIntEQ(BN_set_word(a, 1 << 6), SSL_SUCCESS);
|
||||
AssertIntEQ(BN_rshift(b, a, 6), SSL_SUCCESS);
|
||||
AssertIntEQ(BN_is_zero(b), 0);
|
||||
AssertIntEQ(BN_rshift(b, a, 7), SSL_SUCCESS);
|
||||
AssertIntEQ(BN_is_zero(b), 1);
|
||||
AssertIntEQ(BN_rshift1(b, a), SSL_SUCCESS);
|
||||
AssertIntEQ(BN_is_zero(b), 0);
|
||||
|
||||
/* set b back to 2 */
|
||||
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
|
||||
|
||||
|
|
@ -36802,6 +36811,7 @@ static void test_wolfSSL_BN_rand(void)
|
|||
{
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
BIGNUM* bn;
|
||||
BIGNUM* range;
|
||||
|
||||
printf(testingFmt, "wolfSSL_BN_rand()");
|
||||
|
||||
|
|
@ -36817,6 +36827,13 @@ static void test_wolfSSL_BN_rand(void)
|
|||
AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
|
||||
BN_free(bn);
|
||||
|
||||
AssertNotNull(bn = BN_new());
|
||||
AssertNotNull(range = BN_new());
|
||||
AssertIntEQ(BN_rand(range, 64, 0, 0), SSL_SUCCESS);
|
||||
AssertIntEQ(BN_rand_range(bn, range), SSL_SUCCESS);
|
||||
BN_free(bn);
|
||||
BN_free(range);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
}
|
||||
|
|
@ -37558,6 +37575,7 @@ static void test_wolfSSL_OBJ(void)
|
|||
!defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
|
||||
defined(WOLFSSL_CERT_GEN)
|
||||
ASN1_OBJECT *obj = NULL;
|
||||
ASN1_OBJECT *obj2 = NULL;
|
||||
char buf[50];
|
||||
|
||||
XFILE fp;
|
||||
|
|
@ -37600,7 +37618,10 @@ static void test_wolfSSL_OBJ(void)
|
|||
AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
|
||||
#endif
|
||||
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
|
||||
AssertNotNull(obj2 = OBJ_dup(obj));
|
||||
AssertIntEQ(OBJ_cmp(obj, obj2), 0);
|
||||
ASN1_OBJECT_free(obj);
|
||||
ASN1_OBJECT_free(obj2);
|
||||
|
||||
for (i = 0; f[i] != NULL; i++)
|
||||
{
|
||||
|
|
@ -41791,8 +41812,6 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
int keySzN = -1;
|
||||
byte out[AES_BLOCK_SIZE] = {0};
|
||||
byte* outN = NULL;
|
||||
const int enc1 = AES_ENCRYPT;
|
||||
const int enc2 = AES_DECRYPT;
|
||||
|
||||
/* Test vectors retrieved from:
|
||||
* <begin URL>
|
||||
|
|
@ -41828,15 +41847,15 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
#define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
|
||||
|
||||
printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
|
||||
STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
|
||||
STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0);
|
||||
STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
|
||||
STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
|
||||
|
||||
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1);
|
||||
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, 1);
|
||||
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
|
||||
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1);
|
||||
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, 1);
|
||||
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
|
||||
|
||||
STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
|
||||
STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
|
||||
printf(resultFmt, "Stress Tests: passed");
|
||||
|
||||
printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
|
||||
|
|
@ -41860,7 +41879,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
RESET_IV(iv128tmp, iv128);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1);
|
||||
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, 1);
|
||||
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -41872,7 +41891,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
len = sizeof(ct128);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2);
|
||||
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, 0);
|
||||
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -41905,7 +41924,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
RESET_IV(iv192tmp, iv192);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1);
|
||||
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, 1);
|
||||
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -41917,7 +41936,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
XMEMSET(out, 0, AES_BLOCK_SIZE);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2);
|
||||
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, 0);
|
||||
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -41950,7 +41969,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
RESET_IV(iv256tmp, iv256);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1);
|
||||
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, 1);
|
||||
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -41962,7 +41981,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
XMEMSET(out, 0, AES_BLOCK_SIZE);
|
||||
|
||||
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
||||
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2);
|
||||
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, 0);
|
||||
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
|
||||
printf(resultFmt, "passed");
|
||||
|
||||
|
|
@ -42005,6 +42024,90 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_CRYPTO_cts128(void)
|
||||
{
|
||||
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \
|
||||
&& defined(HAVE_CTS)
|
||||
byte tmp[64]; /* Largest vector size */
|
||||
/* Test vectors taken form RFC3962 Appendix B */
|
||||
const testVector vects[] = {
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20",
|
||||
"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
|
||||
"\x97",
|
||||
17, 17
|
||||
},
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
|
||||
"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
|
||||
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
|
||||
31, 31
|
||||
},
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
|
||||
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
|
||||
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
|
||||
32, 32
|
||||
},
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
|
||||
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
|
||||
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
|
||||
"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
|
||||
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
|
||||
47, 47
|
||||
},
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
|
||||
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
|
||||
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
|
||||
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
|
||||
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
|
||||
48, 48
|
||||
},
|
||||
{
|
||||
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
|
||||
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
|
||||
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
|
||||
"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
|
||||
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
|
||||
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
|
||||
"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
|
||||
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
|
||||
64, 64
|
||||
}
|
||||
};
|
||||
byte keyBytes[AES_128_KEY_SIZE] = {
|
||||
0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
|
||||
0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
|
||||
};
|
||||
size_t i;
|
||||
XMEMSET(tmp, 0, sizeof(tmp));
|
||||
for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
|
||||
AES_KEY encKey;
|
||||
AES_KEY decKey;
|
||||
byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
|
||||
XMEMSET(iv, 0, sizeof(iv));
|
||||
AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0);
|
||||
AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0);
|
||||
AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
|
||||
tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
|
||||
vects[i].outLen);
|
||||
AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
|
||||
XMEMSET(iv, 0, sizeof(iv));
|
||||
AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
|
||||
tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
|
||||
vects[i].inLen);
|
||||
AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
|
||||
}
|
||||
#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_ALL)
|
||||
#if !defined(NO_ASN)
|
||||
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
|
||||
|
|
@ -46120,6 +46223,31 @@ static void test_sk_X509(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
static void test_sk_X509_CRL(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL)
|
||||
X509_CRL* crl;
|
||||
XFILE fp;
|
||||
STACK_OF(X509_CRL)* s;
|
||||
|
||||
printf(testingFmt, "test_sk_X509_CRL");
|
||||
|
||||
fp = XFOPEN("./certs/crl/crl.pem", "rb");
|
||||
AssertTrue((fp != XBADFILE));
|
||||
AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
|
||||
XFCLOSE(fp);
|
||||
|
||||
AssertNotNull(s = sk_X509_CRL_new());
|
||||
AssertIntEQ(sk_X509_CRL_num(s), 0);
|
||||
AssertIntEQ(sk_X509_CRL_push(s, crl), 1);
|
||||
AssertIntEQ(sk_X509_CRL_num(s), 1);
|
||||
AssertPtrEq(sk_X509_CRL_value(s, 0), crl);
|
||||
sk_X509_CRL_free(s);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_X509_get_signature_nid(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
|
||||
|
|
@ -46241,6 +46369,7 @@ static void test_wolfssl_PKCS7(void)
|
|||
BIO* bio;
|
||||
byte key[sizeof(client_key_der_2048)];
|
||||
word32 keySz = (word32)sizeof(key);
|
||||
byte* out = NULL;
|
||||
#endif
|
||||
|
||||
AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
|
||||
|
|
@ -46276,6 +46405,8 @@ static void test_wolfssl_PKCS7(void)
|
|||
pkcs7->hashOID = SHAh;
|
||||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
|
||||
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 644);
|
||||
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
BIO_free(bio);
|
||||
#endif
|
||||
|
||||
|
|
@ -51975,6 +52106,7 @@ void ApiTest(void)
|
|||
test_wolfSSL_DC_cert();
|
||||
test_wolfSSL_DES_ncbc();
|
||||
test_wolfSSL_AES_cbc_encrypt();
|
||||
test_wolfSSL_CRYPTO_cts128();
|
||||
test_wolfssl_EVP_aes_gcm_AAD_2_parts();
|
||||
test_wolfssl_EVP_aes_gcm();
|
||||
test_wolfSSL_PKEY_up_ref();
|
||||
|
|
@ -52109,6 +52241,8 @@ void ApiTest(void)
|
|||
test_ERR_load_crypto_strings();
|
||||
/* OpenSSL sk_X509 API test */
|
||||
test_sk_X509();
|
||||
/* OpenSSL sk_X509_CRL API test */
|
||||
test_sk_X509_CRL();
|
||||
/* OpenSSL X509 API test */
|
||||
test_X509_get_signature_nid();
|
||||
/* OpenSSL X509 REQ API test */
|
||||
|
|
|
|||
|
|
@ -658,6 +658,11 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
|||
int fill;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
|
||||
if (inl == 0 && in == NULL ) {
|
||||
/* Nothing to do in this case. Just return. */
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) {
|
||||
WOLFSSL_MSG("Bad argument");
|
||||
return WOLFSSL_FAILURE;
|
||||
|
|
@ -7245,6 +7250,11 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
|
|||
if (XSTRNCMP(type, "SHA256", 6) == 0) {
|
||||
return WC_SHA256_BLOCK_SIZE;
|
||||
}
|
||||
#ifndef NO_MD4
|
||||
else if (XSTRNCMP(type, "MD4", 3) == 0) {
|
||||
return MD4_BLOCK_SIZE;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
else if (XSTRNCMP(type, "MD5", 3) == 0) {
|
||||
return WC_MD5_BLOCK_SIZE;
|
||||
|
|
@ -7309,6 +7319,11 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
|
|||
if (XSTRNCMP(type, "SHA256", 6) == 0) {
|
||||
return WC_SHA256_DIGEST_SIZE;
|
||||
}
|
||||
#ifndef NO_MD4
|
||||
else if (XSTRNCMP(type, "MD4", 3) == 0) {
|
||||
return MD4_DIGEST_SIZE;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
else if (XSTRNCMP(type, "MD5", 3) == 0) {
|
||||
return WC_MD5_DIGEST_SIZE;
|
||||
|
|
|
|||
|
|
@ -3807,7 +3807,8 @@ typedef enum {
|
|||
STACK_TYPE_BY_DIR_entry = 12,
|
||||
STACK_TYPE_BY_DIR_hash = 13,
|
||||
STACK_TYPE_X509_OBJ = 14,
|
||||
STACK_TYPE_DIST_POINT = 15
|
||||
STACK_TYPE_DIST_POINT = 15,
|
||||
STACK_TYPE_X509_CRL = 16,
|
||||
} WOLF_STACK_TYPE;
|
||||
|
||||
struct WOLFSSL_STACK {
|
||||
|
|
@ -3838,6 +3839,7 @@ struct WOLFSSL_STACK {
|
|||
WOLFSSL_BY_DIR_HASH* dir_hash;
|
||||
WOLFSSL_X509_OBJECT* x509_obj;
|
||||
WOLFSSL_DIST_POINT* dp;
|
||||
WOLFSSL_X509_CRL* crl;
|
||||
} data;
|
||||
void* heap; /* memory heap hint */
|
||||
WOLFSSL_STACK* next;
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@
|
|||
#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new
|
||||
#define ASN1_STRING_type wolfSSL_ASN1_STRING_type
|
||||
#define ASN1_STRING_set wolfSSL_ASN1_STRING_set
|
||||
#define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set
|
||||
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
|
||||
|
||||
#define ASN1_get_object wolfSSL_ASN1_get_object
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@ WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
|
|||
|
||||
WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
|
||||
int bottom);
|
||||
WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range);
|
||||
WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
|
||||
WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
|
||||
WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
|
||||
|
|
@ -187,6 +188,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
|
|||
|
||||
#define BN_pseudo_rand wolfSSL_BN_pseudo_rand
|
||||
#define BN_rand wolfSSL_BN_rand
|
||||
#define BN_rand_range wolfSSL_BN_rand_range
|
||||
#define BN_is_bit_set wolfSSL_BN_is_bit_set
|
||||
#define BN_hex2bn wolfSSL_BN_hex2bn
|
||||
|
||||
|
|
@ -213,6 +215,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
|
|||
#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
|
||||
#define BN_print_fp wolfSSL_BN_print_fp
|
||||
#define BN_rshift wolfSSL_BN_rshift
|
||||
#define BN_rshift1(r, a) wolfSSL_BN_rshift((r), (a), 1)
|
||||
#define BN_mod_word wolfSSL_BN_mod_word
|
||||
|
||||
#define BN_CTX_get wolfSSL_BN_CTX_get
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ nobase_include_HEADERS+= \
|
|||
wolfssl/openssl/lhash.h \
|
||||
wolfssl/openssl/md4.h \
|
||||
wolfssl/openssl/md5.h \
|
||||
wolfssl/openssl/modes.h \
|
||||
wolfssl/openssl/ripemd.h \
|
||||
wolfssl/openssl/obj_mac.h \
|
||||
wolfssl/openssl/objects.h \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,45 @@
|
|||
/* modes.h
|
||||
*
|
||||
* Copyright (C) 2006-2021 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
#ifndef WOLFSSL_OPENSSL_MODES_H
|
||||
#define WOLFSSL_OPENSSL_MODES_H
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/openssl/ssl.h>
|
||||
|
||||
typedef void (*WOLFSSL_CBC128_CB) (const unsigned char *in,
|
||||
unsigned char *out, size_t len, const void *key,
|
||||
unsigned char *iv, int enc);
|
||||
|
||||
WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
|
||||
unsigned char *out, size_t len, const void *key,
|
||||
unsigned char *iv, WOLFSSL_CBC128_CB cbc);
|
||||
WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
|
||||
unsigned char *out, size_t len, const void *key,
|
||||
unsigned char *iv, WOLFSSL_CBC128_CB cbc);
|
||||
|
||||
#define WOLFSSL_CTS128_BLOCK_SZ 16
|
||||
|
||||
/* Compatibility layer defines */
|
||||
#define CRYPTO_cts128_encrypt wolfSSL_CRYPTO_cts128_encrypt
|
||||
#define CRYPTO_cts128_decrypt wolfSSL_CRYPTO_cts128_decrypt
|
||||
#define cbc128_f WOLFSSL_CBC128_CB
|
||||
|
||||
#endif /* WOLFSSL_OPENSSL_MODES_H */
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
/* valid version */
|
||||
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
|
||||
defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_RSYSLOG)
|
||||
defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB)
|
||||
/* For Apache httpd, Use 1.1.0 compatibility */
|
||||
#define OPENSSL_VERSION_NUMBER 0x10100003L
|
||||
#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in,
|
|||
int len, byte* content, word32 contentSz);
|
||||
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
|
||||
WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
|
||||
WOLFSSL_API int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out);
|
||||
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
|
||||
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
|
||||
|
|
@ -76,6 +77,7 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont
|
|||
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
|
||||
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
|
||||
#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
|
||||
#define i2d_PKCS7 wolfSSL_i2d_PKCS7
|
||||
#define PKCS7_verify wolfSSL_PKCS7_verify
|
||||
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
|
||||
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7
|
||||
|
|
|
|||
|
|
@ -422,6 +422,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
|
||||
#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
|
||||
#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio
|
||||
#define PEM_X509_INFO_read wolfSSL_PEM_X509_INFO_read
|
||||
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
|
||||
#define i2d_PublicKey wolfSSL_i2d_PublicKey
|
||||
|
||||
|
|
@ -530,6 +531,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||
#define sk_X509_free wolfSSL_sk_X509_free
|
||||
#define X509_chain_up_ref wolfSSL_X509_chain_up_ref
|
||||
|
||||
#define sk_X509_CRL_new wolfSSL_sk_X509_CRL_new
|
||||
#define sk_X509_CRL_pop_free wolfSSL_sk_X509_CRL_pop_free
|
||||
#define sk_X509_CRL_free wolfSSL_sk_X509_CRL_free
|
||||
#define sk_X509_CRL_push wolfSSL_sk_X509_CRL_push
|
||||
#define sk_X509_CRL_value wolfSSL_sk_X509_CRL_value
|
||||
#define sk_X509_CRL_num wolfSSL_sk_X509_CRL_num
|
||||
|
||||
#define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new
|
||||
#define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free
|
||||
#define sk_X509_OBJECT_pop_free wolfSSL_sk_X509_OBJECT_pop_free
|
||||
|
|
@ -823,8 +831,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
|||
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
|
||||
|
||||
#define ASN1_STRING_new wolfSSL_ASN1_STRING_new
|
||||
#define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new
|
||||
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
|
||||
#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
|
||||
#define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp
|
||||
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
|
||||
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data
|
||||
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
|
||||
|
|
@ -1590,6 +1600,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
|||
#define sk_SSL_COMP_free(...)
|
||||
#endif
|
||||
|
||||
#define OBJ_dup wolfSSL_ASN1_OBJECT_dup
|
||||
|
||||
#define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback
|
||||
#define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable
|
||||
typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
|
||||
|
|
|
|||
|
|
@ -1350,8 +1350,19 @@ typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS;
|
|||
|
||||
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||
WOLFSSL_X509* x509);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
|
||||
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509)* sk);
|
||||
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk);
|
||||
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void);
|
||||
WOLFSSL_API void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
|
||||
void (*f) (WOLFSSL_X509_CRL*));
|
||||
WOLFSSL_API void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk);
|
||||
WOLFSSL_API int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
|
||||
WOLFSSL_X509_CRL* crl);
|
||||
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value(
|
||||
WOLF_STACK_OF(WOLFSSL_X509)* sk, int i);
|
||||
WOLFSSL_API int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk);
|
||||
|
||||
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
|
||||
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
|
||||
WOLFSSL_API int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name,
|
||||
|
|
@ -4101,6 +4112,11 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
|
|||
WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u);
|
||||
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
|
||||
(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u);
|
||||
#ifndef NO_FILESYSTEM
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
|
||||
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
|
||||
pem_password_cb* cb, void* u);
|
||||
#endif
|
||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
|
||||
WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
|
||||
wc_pem_password_cb* cb, void* u);
|
||||
|
|
|
|||
Loading…
Reference in New Issue