diff --git a/configure.ac b/configure.ac index 5099ec39c..22ef42453 100644 --- a/configure.ac +++ b/configure.ac @@ -164,6 +164,7 @@ then enable_aesgcm=yes enable_aesccm=yes enable_aesctr=yes + enable_aescfb=yes enable_camellia=yes enable_ripemd=yes enable_sha512=yes @@ -813,6 +814,19 @@ then fi +# AES-CFB +AC_ARG_ENABLE([aescfb], + [AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])], + [ ENABLED_AESCFB=$enableval ], + [ ENABLED_AESCFB=no ] + ) + +if test "$ENABLED_AESCFB" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB" +fi + + # AES-ARM AC_ARG_ENABLE([armasm], [AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])], diff --git a/src/ssl.c b/src/ssl.c index 9c4e2a104..f20574976 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6986,6 +6986,15 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, } +/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. + * + * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL + * in DER buffer to convert + * inSz size of in buffer + * + * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL + * on fail + */ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, long inSz) { @@ -15127,23 +15136,25 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) * * bio WOLFSSL_BIO to write to. * x509 Certificate to write. + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_X509_print"); if (bio == NULL || x509 == NULL) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, "Certificate:\n", sizeof("Certificate:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, " Data:\n", sizeof(" Data:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* print version of cert */ @@ -15153,15 +15164,15 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if ((version = wolfSSL_X509_version(x509)) <= 0) { WOLFSSL_MSG("Error getting X509 version"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, " Version: ", sizeof(" Version: ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp), "%d\n", version); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15172,13 +15183,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) XMEMSET(serial, 0, sz); if (wolfSSL_X509_get_serial_number(x509, serial, &sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting x509 serial number"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, " Serial Number: ", sizeof(" Serial Number: ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* if serial can fit into byte than print on the same line */ @@ -15186,7 +15197,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) char tmp[17]; XSNPRINTF(tmp, sizeof(tmp), "%d (0x%x)\n", serial[0],serial[0]); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } else { @@ -15199,7 +15210,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) /* serial is larger than int size so print off hex values */ if (wolfSSL_BIO_write(bio, "\n ", sizeof("\n ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } tmp[0] = '\0'; for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) { @@ -15211,7 +15222,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) val[3] = '\0'; /* make sure is null terminated */ XSTRNCAT(tmp, val, valSz); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } } @@ -15223,18 +15234,18 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) { WOLFSSL_MSG("Error getting x509 signature type"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", sizeof(" Signature Algorithm: ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } sig = GetSigName(oid); if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15257,21 +15268,21 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (issuer != NULL) { if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15281,33 +15292,33 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, " Validity\n", sizeof(" Validity\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, " Not Before: ", sizeof(" Not Before: ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (GetTimeString(x509->notBefore + 2, ASN_UTC_TIME, - tmp, sizeof(tmp)) != SSL_SUCCESS) { + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting not before date"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_BIO_write(bio, "\n Not After : ", sizeof("\n Not After : ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (GetTimeString(x509->notAfter + 2,ASN_UTC_TIME, - tmp, sizeof(tmp)) != SSL_SUCCESS) { + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting not before date"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15330,14 +15341,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) #ifdef WOLFSSL_SMALL_STACK XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (subject != NULL) { if (wolfSSL_BIO_write(bio, subject, (int)XSTRLEN(subject)) <= 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } #ifdef WOLFSSL_SMALL_STACK @@ -15348,7 +15359,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) /* get and print public key */ if (wolfSSL_BIO_write(bio, "\n Subject Public Key Info:\n", sizeof("\n Subject Public Key Info:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } { char tmp[100]; @@ -15359,14 +15370,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, " Public Key Algorithm: RSA\n", sizeof(" Public Key Algorithm: RSA\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } #ifdef HAVE_USER_RSA if (wolfSSL_BIO_write(bio, " Build without user RSA to print key\n", sizeof(" Build without user RSA to print key\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } #else { @@ -15379,23 +15390,23 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wc_InitRsaKey(&rsa, NULL) != 0) { WOLFSSL_MSG("wc_InitRsaKey failure"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wc_RsaPublicKeyDecode(x509->pubKey.buffer, &idx, &rsa, x509->pubKey.length) != 0) { WOLFSSL_MSG("Error decoding RSA key"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if ((sz = wc_RsaEncryptSize(&rsa)) < 0) { WOLFSSL_MSG("Error getting RSA key size"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", " ", "Public-Key", 8 * sz, " Modulus:"); tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* print out modulus */ @@ -15411,7 +15422,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) DYNAMIC_TYPE_TMP_BUFFER); if (rawKey == NULL) { WOLFSSL_MSG("Memory error"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } mp_to_unsigned_bin(&rsa.n, rawKey); for (idx = 0; idx < (word32)rawLen; idx++) { @@ -15426,7 +15437,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, ":\n "); @@ -15444,7 +15455,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15452,7 +15463,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) rawLen = mp_unsigned_bin_size(&rsa.e); if (rawLen < 0) { WOLFSSL_MSG("Error getting exponent size"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if ((word32)rawLen < sizeof(word32)) { @@ -15462,7 +15473,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) DYNAMIC_TYPE_TMP_BUFFER); if (rawKey == NULL) { WOLFSSL_MSG("Memory error"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XMEMSET(rawKey, 0, rawLen); mp_to_unsigned_bin(&rsa.e, rawKey); @@ -15473,7 +15484,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) "\n Exponent: %d\n", idx); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -15490,16 +15501,16 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, " Public Key Algorithm: EC\n", sizeof(" Public Key Algorithm: EC\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wc_ecc_init_ex(&ecc, x509->heap, INVALID_DEVID) != 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wc_ecc_import_x963(x509->pubKey.buffer, x509->pubKey.length, &ecc) != 0) { wc_ecc_free(&ecc); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", " ", "Public-Key", @@ -15508,7 +15519,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1," "); for (i = 0; i < x509->pubKey.length; i++) { @@ -15524,7 +15535,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, ":\n "); @@ -15544,7 +15555,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", @@ -15552,7 +15563,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) ecc.dp->name); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(&ecc); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } wc_ecc_free(&ecc); } @@ -15560,14 +15571,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) #endif /* HAVE_ECC */ default: WOLFSSL_MSG("Unknown key type"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } /* print out extensions */ if (wolfSSL_BIO_write(bio, " X509v3 extensions:\n", sizeof(" X509v3 extensions:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* print subject key id */ @@ -15583,7 +15594,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) " X509v3 Subject Key Identifier:\n", sizeof(" X509v3 Subject Key Identifier:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, " "); @@ -15594,7 +15605,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) XSNPRINTF(val, valSz - 1, "%02X\n", x509->subjKeyId[i]); XSTRNCAT(tmp, val, valSz); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15610,7 +15621,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) " X509v3 Authority Key Identifier:\n", sizeof(" X509v3 Authority Key Identifier:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); @@ -15618,7 +15629,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) /* check if buffer is almost full */ if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } tmp[0] = '\0'; } @@ -15626,7 +15637,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) XSTRNCAT(tmp, val, valSz); } if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* print issuer */ @@ -15648,21 +15659,21 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (issuer != NULL) { if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } } @@ -15675,13 +15686,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) "\n X509v3 Basic Constraints:\n", sizeof("\n X509v3 Basic Constraints:\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp), " CA:%s\n", (x509->isCa)? "TRUE": "FALSE"); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } @@ -15696,22 +15707,22 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", sizeof(" Signature Algorithm: ")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1,"%s\n", GetSigName(sigOid)); tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } sigSz = (int)x509->sig.length; sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL || sigSz <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) { XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1," "); tmp[sizeof(tmp) - 1] = '\0'; @@ -15727,7 +15738,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, ":\n "); @@ -15745,17 +15756,17 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } } /* done with print out */ if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { - return SSL_FAILURE; + return WOLFSSL_FAILURE; } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif /* XSNPRINTF */ #endif /* OPENSSL_EXTRA */ @@ -17351,6 +17362,14 @@ int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) } +/* Converts an internal structure to a DER buffer + * + * x509 structure to get DER buffer from + * out buffer to hold result. If NULL then *out is NULL then a new buffer is + * created. + * + * returns the size of the DER result on success + */ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) { const unsigned char* der; @@ -18123,7 +18142,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap) XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); pkey->heap = heap; pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; +#ifndef HAVE_FIPS ret = wc_InitRng_ex(&(pkey->rng), heap, INVALID_DEVID); +#else + ret = wc_InitRng(&(pkey->rng)); +#endif if (ret != 0){ wolfSSL_EVP_PKEY_free(pkey); WOLFSSL_MSG("memory falure"); @@ -19328,6 +19351,7 @@ void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes, } +/* Sets the parity of the DES key for use */ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) { word32 i; @@ -19582,8 +19606,8 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, unsigned char* iv, int* num, const int enc) { -#ifndef HAVE_AES_CFB - WOLFSSL_MSG("CFB mode not enabled please use macro HAVE_AES_CFB"); +#ifndef WOLFSSL_AES_CFB + WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB"); (void)in; (void)out; (void)len; @@ -19624,7 +19648,7 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, /* store number of left over bytes to num */ *num = (aes->left)? AES_BLOCK_SIZE - aes->left : 0; -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ } #endif /* NO_AES */ @@ -22317,7 +22341,11 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, #if defined(WC_RSA_BLINDING) && !defined(HAVE_USER_RSA) rng = key->rng; #else - if (wc_InitRng_ex(rng, key->heap) != 0) { +#ifndef HAVE_FIPS + if (wc_InitRng_ex(rng, key->heap, INVALID_DEVID) != 0) { +#else + if (wc_InitRng(rng) != 0) { +#endif WOLFSSL_MSG("Error with random number"); return SSL_FATAL_ERROR; } @@ -26304,7 +26332,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) /* needed SetName function from asn.c is wrapped by NO_RSA */ - /* helper function for CopyX509NameToCertName() */ + + /* helper function for CopyX509NameToCertName() + * + * returns WOLFSSL_SUCCESS on success + */ static int CopyX509NameEntry(char* out, int max, char* in, int inLen) { if (inLen > max) { @@ -26319,10 +26351,15 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) /* make sure is null terminated */ out[max-1] = '\0'; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } + /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to + * a CertName structure. + * + * returns WOLFSSL_SUCCESS on success and a negative error value on failure + */ static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) { DecodedName* dn = NULL; @@ -26409,7 +26446,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return BUFFER_E; } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c7fcd8c63..66a939351 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -232,7 +232,7 @@ static const bench_alg bench_cipher_opt[] = { #ifdef WOLFSSL_AES_XTS { "-aes-xts", BENCH_AES_XTS }, #endif -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB { "-aes-cfb", BENCH_AES_CFB }, #endif #ifdef WOLFSSL_AES_COUNTER @@ -1081,7 +1081,7 @@ static void* benchmarks_do(void* args) if (bench_all || (bench_cipher_algs & BENCH_AES_XTS)) bench_aesxts(); #endif -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB if (bench_all || (bench_cipher_algs & BENCH_AES_CFB)) bench_aescfb(); #endif @@ -1914,7 +1914,7 @@ void bench_aesecb(int doAsync) } #endif /* WOLFSSL_AES_DIRECT */ -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB static void bench_aescfb_internal(const byte* key, word32 keySz, const byte* iv, const char* label) { @@ -1948,7 +1948,7 @@ void bench_aescfb(void) bench_aescfb_internal(bench_key, 24, bench_iv, "AES-192-CFB"); bench_aescfb_internal(bench_key, 32, bench_iv, "AES-256-CFB"); } -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_XTS diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 32c5ccaa0..2cfdcaec3 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1828,7 +1828,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) #ifndef WOLFSSL_STM32_CUBEMX ByteReverseWords(rk, rk, keylen); #endif - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -1901,7 +1901,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -1917,7 +1917,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -1944,7 +1944,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) if (rk == NULL) return BAD_FUNC_ARG; - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -1987,7 +1987,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->rounds = keylen/4 + 6; ret = nrf51_aes_set_key(userKey); - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -2016,7 +2016,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) #ifdef WOLFSSL_AESNI aes->use_aesni = 0; #endif /* WOLFSSL_AESNI */ - #if defined(HAVE_AES_CFB) || defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) aes->left = 0; #endif @@ -2209,7 +2209,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) checkAESNI = 1; } if (haveAESNI) { - #if defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) aes->left = 0; #endif /* WOLFSSL_AES_COUNTER */ aes->use_aesni = 1; @@ -3058,8 +3058,17 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #endif /* AES-CBC block */ #endif /* HAVE_AES_CBC */ -#ifdef HAVE_AES_CFB -/* CFB 128 */ +#ifdef WOLFSSL_AES_CFB +/* CFB 128 + * + * aes structure holding key to use for encryption + * out buffer to hold result of encryption (must be at least as large as input + * buffer) + * in buffer to encrypt + * sz size of input buffer + * + * returns 0 on success and negative error values on failure + */ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp = NULL; @@ -3111,6 +3120,16 @@ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #ifdef HAVE_AES_DECRYPT +/* CFB 128 + * + * aes structure holding key to use for decryption + * out buffer to hold result of decryption (must be at least as large as input + * buffer) + * in buffer to decrypt + * sz size of input buffer + * + * returns 0 on success and negative error values on failure + */ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp; @@ -3161,7 +3180,7 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return 0; } #endif /* HAVE_AES_DECRYPT */ -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ #ifdef HAVE_AES_ECB #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 26d0243cd..378980e72 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4267,7 +4267,7 @@ int des3_test(void) #ifndef NO_AES -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/ static int aescfb_test(void) { @@ -4508,7 +4508,7 @@ int des3_test(void) return ret; } -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ static int aes_key_size_test(void) { @@ -5647,7 +5647,7 @@ int aes192_test(void) #endif /* HAVE_AES_CBC */ -#if defined(HAVE_AES_CFB) +#if defined(WOLFSSL_AES_CFB) ret = aescfb_test(); if (ret != 0) return ret; @@ -10417,7 +10417,7 @@ static int openssl_aes_test(void) } #endif /* HAVE_AES_COUNTER */ -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB { AES_KEY enc; AES_KEY dec; @@ -10476,7 +10476,7 @@ static int openssl_aes_test(void) if (num != 0) return -3331; } -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ return 0; } #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ @@ -10699,10 +10699,9 @@ int openssl_test(void) #endif /* NO_DES3 */ - #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) +#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) if (openssl_aes_test() != 0) return -3429; - #endif { /* evp_cipher test: EVP_aes_128_cbc */ EVP_CIPHER_CTX ctx; @@ -10840,7 +10839,6 @@ int openssl_test(void) #define OPENSSL_TEST_ERROR (-10000) -#ifndef NO_AES #ifdef WOLFSSL_AES_DIRECT /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ { diff --git a/wolfssl/openssl/rc4.h b/wolfssl/openssl/rc4.h index 3f1fbffd2..3d981029e 100644 --- a/wolfssl/openssl/rc4.h +++ b/wolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2016 wolfSSL Inc. + * Copyright (C) 2006-2017 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index a39c4ffb2..c2fa854b9 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -97,7 +97,7 @@ typedef struct Aes { word32 asyncIv[AES_BLOCK_SIZE/sizeof(word32)]; /* raw IV */ WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) word32 left; /* unused bytes left from last call */ #endif #ifdef WOLFSSL_XILINX_CRYPT @@ -145,14 +145,14 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); -#ifdef HAVE_AES_CFB +#ifdef WOLFSSL_AES_CFB WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); #ifdef HAVE_AES_DECRYPT WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); #endif /* HAVE_AES_DECRYPT */ -#endif /* HAVE_AES_CFB */ +#endif /* WOLFSSL_AES_CFB */ #ifdef HAVE_AES_ECB WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out, diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index ad4eee37a..efdaa502b 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -327,6 +327,11 @@ /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when debugging is turned on */ #ifndef USE_WINDOWS_API + #if defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + /* case where stdio is not included else where but is needed for + * snprintf */ + #include + #endif #define XSNPRINTF snprintf #else #define XSNPRINTF _snprintf