Merge pull request #211 from wiidev/master

Update wolfSSL and improve formatting
This commit is contained in:
Fledge68 2020-10-19 08:41:57 -05:00 committed by GitHub
commit da479654ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 736 additions and 600 deletions

View File

@ -9,7 +9,7 @@
#include "memory/memory.h" #include "memory/memory.h"
#include "identify.h" #include "identify.h"
static inline bool apply_patch(char *name, const u8 *old, const u8 *patch, u32 size) static inline bool apply_patch(__attribute__((unused)) char *name, const u8 *old, const u8 *patch, u32 size)
{ {
u8 i; u8 i;
u32 found = 0; u32 found = 0;

View File

@ -1634,14 +1634,14 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, const byte* buf,
word32 sz); word32 sz);
WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
word32 sz); word32 sz);
WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
byte* buf, word32 sz); byte* buf, word32 sz);
WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
byte* buf, word32 sz); const byte* buf, word32 sz);
WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl); WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
#endif #endif
#endif #endif
@ -4167,6 +4167,8 @@ struct WOLFSSL {
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
void* ocspIOCtx; void* ocspIOCtx;
byte ocspProducedDate[MAX_DATE_SZ];
int ocspProducedDateFormat;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
byte* ocspResp; byte* ocspResp;
int ocspRespSz; int ocspRespSz;

Binary file not shown.

View File

@ -354,10 +354,12 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
int ivSz; int ivSz;
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
byte* gcmDecryptBuffer; byte* gcmBuffer;
int gcmDecryptBufferLen; int gcmBufferLen;
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
int authTagSz; int authTagSz;
byte* gcmAuthIn;
int gcmAuthInSz;
#endif #endif
#endif #endif
}; };

View File

@ -743,7 +743,7 @@ typedef int (*wc_dtls_export)(WOLFSSL* ssl,
#define WOLFSSL_DTLS_EXPORT_TYPES #define WOLFSSL_DTLS_EXPORT_TYPES
#endif /* WOLFSSL_DTLS_EXPORT_TYPES */ #endif /* WOLFSSL_DTLS_EXPORT_TYPES */
WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf,
unsigned int sz); unsigned int sz);
WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
wc_dtls_export func); wc_dtls_export func);
@ -3735,6 +3735,16 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
#endif #endif
#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)
WOLFSSL_API int wolfSSL_get_ocsp_producedDate(
WOLFSSL *ssl,
byte *producedDate,
size_t producedDate_space,
int *producedDateFormat);
WOLFSSL_API int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl,
struct tm *produced_tm);
#endif
#if defined(OPENSSL_ALL) \ #if defined(OPENSSL_ALL) \
|| defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_HAPROXY) \

View File

@ -62,6 +62,9 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#include <libwolfssl/wolfcrypt/port/st/stm32.h> #include <libwolfssl/wolfcrypt/port/st/stm32.h>
#endif #endif
#ifdef WOLFSSL_IMXRT_DCP
#include "fsl_dcp.h"
#endif
#ifdef WOLFSSL_XILINX_CRYPT #ifdef WOLFSSL_XILINX_CRYPT
#include "xsecure_aes.h" #include "xsecure_aes.h"
@ -225,6 +228,9 @@ struct Aes {
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
TSIP_AES_CTX ctx; TSIP_AES_CTX ctx;
#endif
#if defined(WOLFSSL_IMXRT_DCP)
dcp_handle_t handle;
#endif #endif
void* heap; /* memory hint to use */ void* heap; /* memory hint to use */
}; };

View File

@ -538,7 +538,9 @@ enum Extensions_Sum {
POLICY_CONST_OID = 150, POLICY_CONST_OID = 150,
ISSUE_ALT_NAMES_OID = 132, ISSUE_ALT_NAMES_OID = 132,
TLS_FEATURE_OID = 92, /* id-pe 24 */ TLS_FEATURE_OID = 92, /* id-pe 24 */
NETSCAPE_CT_OID = 753 /* 2.16.840.1.113730.1.1 */ NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */
OCSP_NOCHECK_OID = 121 /* 1.3.6.1.5.5.7.48.1.5
id-pkix-ocsp-nocheck */
}; };
enum CertificatePolicy_Sum { enum CertificatePolicy_Sum {
@ -909,6 +911,9 @@ struct DecodedCert {
byte weOwnAltNames : 1; /* altNames haven't been given to copy */ byte weOwnAltNames : 1; /* altNames haven't been given to copy */
byte extKeyUsageSet : 1; byte extKeyUsageSet : 1;
byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ byte extExtKeyUsageSet : 1; /* Extended Key Usage set */
#ifdef HAVE_OCSP
byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */
#endif
byte extCRLdistSet : 1; byte extCRLdistSet : 1;
byte extAuthInfoSet : 1; byte extAuthInfoSet : 1;
byte extBasicConstSet : 1; byte extBasicConstSet : 1;

View File

@ -79,7 +79,7 @@ typedef struct ChaCha {
byte extra[12]; byte extra[12];
#endif #endif
word32 left; /* number of bytes leftover */ word32 left; /* number of bytes leftover */
#ifdef USE_INTEL_CHACHA_SPEEDUP #if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM)
word32 over[CHACHA_CHUNK_WORDS]; word32 over[CHACHA_CHUNK_WORDS];
#endif #endif
} ChaCha; } ChaCha;

View File

@ -471,6 +471,10 @@ ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
mp_int* modulus, mp_digit mp); mp_int* modulus, mp_digit mp);
WOLFSSL_LOCAL
int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
#endif #endif
WOLFSSL_API WOLFSSL_API

View File

@ -305,6 +305,7 @@ MP_API int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
MP_API void mp_zero (mp_int * a); MP_API void mp_zero (mp_int * a);
MP_API void mp_clamp (mp_int * a); MP_API void mp_clamp (mp_int * a);
MP_API void mp_exch (mp_int * a, mp_int * b); MP_API void mp_exch (mp_int * a, mp_int * b);
MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m);
MP_API void mp_rshd (mp_int * a, int b); MP_API void mp_rshd (mp_int * a, int b);
MP_API void mp_rshb (mp_int * a, int b); MP_API void mp_rshb (mp_int * a, int b);
MP_API int mp_mod_2d (mp_int * a, int b, mp_int * c); MP_API int mp_mod_2d (mp_int * a, int b, mp_int * c);

View File

@ -0,0 +1,77 @@
/* dcp_port.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _DCP_PORT_H_
#define _DCP_PORT_H_
#include <libwolfssl/wolfcrypt/settings.h>
#ifdef USE_FAST_MATH
#include <libwolfssl/wolfcrypt/tfm.h>
#elif defined WOLFSSL_SP_MATH
#include <libwolfssl/wolfcrypt/sp_int.h>
#else
#include <libwolfssl/wolfcrypt/integer.h>
#endif
#include <libwolfssl/wolfcrypt/aes.h>
#include <libwolfssl/wolfcrypt/error-crypt.h>
#include "fsl_device_registers.h"
#include "fsl_debug_console.h"
#include "fsl_dcp.h"
int wc_dcp_init(void);
#ifndef NO_AES
int DCPAesInit(Aes* aes);
void DCPAesFree(Aes *aes);
int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
int dir);
int DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
int DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
#endif
#ifdef HAVE_AES_ECB
int DCPAesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
int DCPAesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
#endif
#ifndef NO_SHA256
typedef struct wc_Sha256_DCP {
dcp_handle_t handle;
dcp_hash_ctx_t ctx;
} wc_Sha256;
#define WC_SHA256_TYPE_DEFINED
void DCPSha256Free(wc_Sha256 *sha256);
#endif
#ifndef NO_SHA
typedef struct wc_Sha_DCP {
dcp_handle_t handle;
dcp_hash_ctx_t ctx;
} wc_Sha;
#define WC_SHA_TYPE_DEFINED
void DCPShaFree(wc_Sha *sha);
#endif
#endif

View File

@ -1091,7 +1091,9 @@ extern void uITRON4_free(void *p) ;
/* random seed */ /* random seed */
#define NO_OLD_RNGNAME #define NO_OLD_RNGNAME
#if defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0) #if defined(FREESCALE_NO_RNG)
/* nothing to define */
#elif defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
#define FREESCALE_KSDK_2_0_TRNG #define FREESCALE_KSDK_2_0_TRNG
#elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0) #elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
#ifdef FREESCALE_KSDK_1_3 #ifdef FREESCALE_KSDK_1_3
@ -1621,6 +1623,12 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif #endif
/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */
#if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED)
#undef WOLFSSL_CRYPT_HW_MUTEX
#define WOLFSSL_CRYPT_HW_MUTEX 1
#endif
#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \ #if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
!defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
!defined(XMALLOC_OVERRIDE) !defined(XMALLOC_OVERRIDE)
@ -2124,11 +2132,19 @@ extern void uITRON4_free(void *p) ;
#define SIZEOF_LONG 8 #define SIZEOF_LONG 8
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#define CHAR_BIT 8 #define CHAR_BIT 8
#ifndef WOLFSSL_SP_DIV_64
#define WOLFSSL_SP_DIV_64 #define WOLFSSL_SP_DIV_64
#endif
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF #define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef SP_HALF_SIZE
#define SP_HALF_SIZE 32 #define SP_HALF_SIZE 32
#endif
#ifndef SP_HALF_MAX
#define SP_HALF_MAX 4294967295U #define SP_HALF_MAX 4294967295U
#endif #endif
#endif
/* Place any other flags or defines here */ /* Place any other flags or defines here */

View File

@ -72,6 +72,9 @@
#ifdef WOLFSSL_ESP32WROOM32_CRYPT #ifdef WOLFSSL_ESP32WROOM32_CRYPT
#include <libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h> #include <libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#endif #endif
#ifdef WOLFSSL_IMXRT_DCP
#include <libwolfssl/wolfcrypt/port/nxp/dcp_port.h>
#endif
#if !defined(NO_OLD_SHA_NAMES) #if !defined(NO_OLD_SHA_NAMES)
#define SHA WC_SHA #define SHA WC_SHA

View File

@ -128,6 +128,8 @@ enum {
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_PSOC6_CRYPTO) #elif defined(WOLFSSL_PSOC6_CRYPTO)
#include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h" #include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
#elif defined(WOLFSSL_IMXRT_DCP)
#include <libwolfssl/wolfcrypt/port/nxp/dcp_port.h>
#else #else
/* wc_Sha256 digest */ /* wc_Sha256 digest */

View File

@ -832,6 +832,7 @@ MP_API int mp_lcm(fp_int *a, fp_int *b, fp_int *c);
MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
MP_API int mp_exch(mp_int *a, mp_int *b); MP_API int mp_exch(mp_int *a, mp_int *b);
#endif /* WOLFSSL_KEY_GEN */ #endif /* WOLFSSL_KEY_GEN */
MP_API int mp_cond_swap_ct (mp_int * a, mp_int * b, int c, int m);
MP_API int mp_cnt_lsb(fp_int *a); MP_API int mp_cnt_lsb(fp_int *a);
MP_API int mp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); MP_API int mp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d);

View File

@ -158,8 +158,8 @@
#else /* ! WOLFSSL_LINUXKM */ #else /* ! WOLFSSL_LINUXKM */
#ifdef BUILDING_WOLFSSL #ifdef BUILDING_WOLFSSL
#define SAVE_VECTOR_REGISTERS() ({}) #define SAVE_VECTOR_REGISTERS() do{}while(0)
#define RESTORE_VECTOR_REGISTERS() ({}) #define RESTORE_VECTOR_REGISTERS() do{}while(0)
#endif #endif
#endif /* WOLFSSL_LINUXKM */ #endif /* WOLFSSL_LINUXKM */
@ -836,11 +836,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif #endif
#endif #endif
#if !defined(XGMTIME) && !defined(TIME_OVERRIDES) #if !defined(XGMTIME) && !defined(TIME_OVERRIDES)
#if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) || defined(WOLF_C99) /* Always use gmtime_r if available. */
#define XGMTIME(c, t) gmtime((c)) #if defined(HAVE_GMTIME_R)
#else
#define XGMTIME(c, t) gmtime_r((c), (t)) #define XGMTIME(c, t) gmtime_r((c), (t))
#define NEED_TMP_TIME #define NEED_TMP_TIME
#else
#define XGMTIME(c, t) gmtime((c))
#endif #endif
#endif #endif
#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) #if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)

View File

@ -226,7 +226,8 @@ bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
resp->buflen += rret; resp->buflen += rret;
// Parse the response // Parse the response
resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]); resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]);
if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0) if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len,
resp->headers, &resp->num_headers, prevbuflen)) > 0)
return true; return true;
else if (resp->pret == -1) else if (resp->pret == -1)
{ {
@ -267,11 +268,15 @@ bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *passwo
return false; return false;
if (!(auth = base64(credentials, strlen(credentials), &len))) if (!(auth = base64(credentials, strlen(credentials), &len)))
return false; return false;
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth); len = snprintf(request, sizeof(request),
"CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n",
host, httpinfo->use_https ? 443 : 80, auth);
MEM2_free(auth); MEM2_free(auth);
} }
else else
len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80); len = snprintf(request, sizeof(request),
"CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n",
host, httpinfo->use_https ? 443 : 80);
if (len > 0 && https_write(httpinfo, request, len, true) != len) if (len > 0 && https_write(httpinfo, request, len, true) != len)
return false; return false;
if (get_response(httpinfo, &response, true)) if (get_response(httpinfo, &response, true))
@ -561,7 +566,8 @@ void downloadfile(const char *url, struct download *buffer)
gprintf("Download size: %llu\n", (long long)buffer->size); gprintf("Download size: %llu\n", (long long)buffer->size);
gprintf("------------- HEADERS -------------\n"); gprintf("------------- HEADERS -------------\n");
for (size_t i = 0; i != response.num_headers; ++i) for (size_t i = 0; i != response.num_headers; ++i)
gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name, (int)response.headers[i].value_len, response.headers[i].value); gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name,
(int)response.headers[i].value_len, response.headers[i].value);
gprintf("------------ COMPLETED ------------\n"); gprintf("------------ COMPLETED ------------\n");
#endif #endif
return; return;