├── .gitignore ├── COPYING ├── ChangeLog.md ├── INSTALL ├── Makefile.am ├── README.md ├── SCRIPTS-LIST ├── autogen.sh ├── bench.c ├── certs ├── ca-cert.pem ├── ecc-key.pem ├── server-cert.pem ├── server-ecc.pem └── server-key.pem ├── commit-tests.sh ├── configure.ac ├── coverage.sh ├── engine.conf ├── examples ├── README.md ├── conf_example.c ├── engine_by_id_example.c └── include.am ├── include ├── include.am └── wolfengine │ ├── we_fips.h │ ├── we_internal.h │ ├── we_logging.h │ ├── we_openssl_bc.h │ ├── we_visibility.h │ └── we_wolfengine.h ├── m4 ├── ax_append_compile_flags.m4 ├── ax_append_flag.m4 ├── ax_append_link_flags.m4 ├── ax_check_compile_flag.m4 ├── ax_check_link_flag.m4 ├── ax_debug.m4 ├── ax_harden_compiler_flags.m4 ├── ax_pthread.m4 ├── ax_require_defined.m4 ├── ax_vcs_checkout.m4 ├── m4_ax_check_openssl.m4 ├── m4_ax_check_wolfssl.m4 └── wolfengine_coverage.m4 ├── openssl_patches ├── 1.0.2h │ └── tests │ │ ├── clienthellotest_102h.patch │ │ ├── dhtest_102h.patch │ │ ├── ecdhtest_102h.patch │ │ ├── ecdsatest_102h.patch │ │ ├── evp_extra_test_102h.patch │ │ ├── evp_test_102h.patch │ │ ├── fips │ │ ├── ecdhtest_102h.patch │ │ └── ecdsatest_102h.patch │ │ ├── hmactest_102h.patch │ │ ├── randtest_102h.patch │ │ ├── rsa_test_102h.patch │ │ ├── sha1test_102h.patch │ │ ├── sha256t_102h.patch │ │ ├── sha512t_102h.patch │ │ ├── ssltest_102h.patch │ │ └── verify_extra_test_102h.patch └── 1.1.1b │ └── tests │ ├── 12-ct.conf.in_111b.patch │ ├── 14-curves.conf.in_111b.patch │ ├── 20-cert-select.conf.in_111b.patch │ ├── apps_111b.patch │ ├── dhtest_111b.patch │ ├── drbgtest_111b.patch │ ├── ecdsatest_111b.patch │ ├── evp_extra_test_111b.patch │ ├── evp_test_111b.patch │ ├── evpcase.txt_111b.patch │ ├── evpciph.txt_111b.patch │ ├── evpkdf.txt_111b.patch │ ├── evpmac.txt_111b.patch │ ├── evppkey.txt_111b.patch │ ├── evppkey_ecc.txt_111b.patch │ ├── fips │ ├── 14-curves.conf.in_111b.patch │ ├── 80-test_cms.t_111b.patch │ ├── 80-test_ssl_old.t_111b.patch │ └── evppkey.txt_111b.patch │ ├── hmactest_111b.patch │ ├── main_111b.patch │ ├── mksmime_certs.txt_111b.patch │ ├── ocspapitest_111b.patch │ ├── openssl_111b.patch │ ├── pkey_meth_kdf_test_111b.patch │ ├── rsa_test_111b.patch │ └── test_cms.txt_11b.patch ├── pre-commit.sh ├── rpm ├── include.am └── spec.in ├── scripts ├── build-openssl-wolfengine.sh ├── curl-tests.sh ├── include.am ├── interop-tests.sh ├── nginx-tests.sh ├── openssh-tests.sh ├── openssl-unit-tests.sh ├── patches │ ├── nginx │ │ ├── 1.19.10_ossl102h.patch │ │ └── 1.19.10_ossl111b.patch │ └── stunnel-5.59 │ │ └── 5.59.patch ├── stunnel-tests.sh ├── test-sanity.sh ├── utils-general.sh ├── utils-openssl.sh ├── utils-wolfengine.sh ├── utils-wolfssl.sh ├── valgrind-test.sh └── we-cs-test.sh ├── src ├── include.am ├── we_aes_block.c ├── we_aes_cbc_hmac.c ├── we_aes_ccm.c ├── we_aes_ctr.c ├── we_aes_gcm.c ├── we_des3_cbc.c ├── we_dh.c ├── we_digest.c ├── we_ecc.c ├── we_fips.c ├── we_hkdf.c ├── we_internal.c ├── we_logging.c ├── we_mac.c ├── we_openssl_bc.c ├── we_pbe.c ├── we_random.c ├── we_rsa.c ├── we_tls_prf.c └── we_wolfengine.c ├── test-openssl-version.sh ├── test ├── include.am ├── test_aestag.c ├── test_cipher.c ├── test_cmac.c ├── test_dh.c ├── test_digest.c ├── test_ecc.c ├── test_hkdf.c ├── test_hmac.c ├── test_logging.c ├── test_pbe.c ├── test_pkey.c ├── test_rand.c ├── test_rsa.c ├── test_tls1_prf.c ├── unit.c └── unit.h ├── user_settings.h └── windows ├── README.md ├── fips_140_2 └── user_settings.h ├── fips_140_3 └── user_settings.h ├── fips_ready └── user_settings.h ├── include.am ├── non_fips └── user_settings.h ├── props ├── base.props ├── base_test.props ├── base_wolfengine.props ├── debug.props ├── debug_fips.props ├── debug_fips_test.props ├── debug_fips_wolfengine.props ├── debug_non_fips.props ├── debug_non_fips_test.props ├── debug_non_fips_wolfengine.props ├── debug_test.props ├── debug_wolfengine.props ├── dll.props ├── dll_debug_fips_test.props ├── dll_debug_fips_wolfengine.props ├── dll_debug_non_fips_test.props ├── dll_debug_non_fips_wolfengine.props ├── dll_release_fips_test.props ├── dll_release_fips_wolfengine.props ├── dll_release_non_fips_test.props ├── dll_release_non_fips_wolfengine.props ├── fips_140_2.props ├── fips_140_3.props ├── fips_ready.props ├── non_fips.props ├── release.props ├── release_fips.props ├── release_fips_test.props ├── release_fips_wolfengine.props ├── release_non_fips.props ├── release_non_fips_test.props ├── release_non_fips_wolfengine.props ├── release_test.props ├── release_wolfengine.props ├── static_debug_fips_test.props ├── static_debug_non_fips_test.props ├── static_release_fips_test.props ├── static_release_non_fips_test.props └── static_test.props ├── resource.h ├── test.vcxproj ├── test.vcxproj.filters ├── test.vcxproj.user ├── wolfEngine.rc ├── wolfEngine.sln ├── wolfEngine.vcxproj ├── wolfEngine.vcxproj.filters └── wolfEngine.vcxproj.user /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | 3 | # Ignore all things produced by autoreconf 4 | /Makefile.in 5 | /aclocal.m4 6 | /autom4te.cache/ 7 | /compile 8 | /config.guess 9 | /config.sub 10 | /configure 11 | /depcomp 12 | /install-sh 13 | /ltmain.sh 14 | /missing 15 | /config.log 16 | /.libs 17 | /Makefile 18 | /.deps 19 | /include/config.h.in 20 | /include/config.h 21 | /include/config.h.in~ 22 | /config.status 23 | /include.am 24 | /libtool 25 | /include/stamp-h1 26 | /libwolfengine.la 27 | /wolfengine.lo 28 | /openssl_bc.lo 29 | /test-driver 30 | /*.log 31 | /*.trs 32 | /m4/libtool.m4 33 | /m4/lt*.m4 34 | /bench.o 35 | /bench 36 | /build-aux 37 | /src/*.o 38 | /src/*.lo 39 | /src/*.lo 40 | /src/.deps 41 | /src/.libs 42 | /src/.dirstamp 43 | /test/*.o 44 | /test/.deps 45 | /test/.libs 46 | /test/.dirstamp 47 | /test/unit.test 48 | /test/unit.log 49 | /test/unit.trs 50 | /scripts/*.log 51 | *.gcno 52 | *.gcda 53 | *.swp 54 | 55 | # Visual Studio files to ignore 56 | .vs 57 | x64 58 | Release 59 | DLL Release 60 | Debug 61 | DLL Debug 62 | test.aps 63 | 64 | # Eclipse files to ignore 65 | .autotools 66 | .cproject 67 | .project 68 | .settings 69 | 70 | rpm/spec 71 | 72 | openssl-install/ 73 | openssl-source/ 74 | wolfssl-install/ 75 | wolfssl-source/ 76 | wolfengine-install/ 77 | -------------------------------------------------------------------------------- /ChangeLog.md: -------------------------------------------------------------------------------- 1 | # wolfEngine Release 1.4.0 (November 2, 2023) 2 | * Added Call to PRIVATE_KEY_UNLOCK() and PRIVATE_KEY_LOCK() as needed. 3 | * Allow user to override weak entropy source. 4 | 5 | # wolfEngine Release 1.3.0 (January 16, 2023) 6 | * Added RPM package support 7 | * Added support and tests for OpenSSL HMAC to be called with -1 key length 8 | * Updated examples to support use with OpenSSL 1.0.2 9 | 10 | # wolfEngine Release 1.2.0 (September 29, 2022) 11 | * ChangeLog.md is now shipped with releases. 12 | * Random number generation now mixes in some additional weak entropy (e.g. PID) 13 | to ensure unique numbers, even if the RNG state is copied into a forked process. 14 | * Using wolfEngine with the wolfSSL FIPS 140-3 candidate code will now work as 15 | intended in multi-threaded Windows applications. This was accomplished by adding 16 | a `DllMain` function that calls `wolfCrypt_SetPrivateKeyReadEnable_fips` on new 17 | thread creation. 18 | * The RSA code now supports the `rsa_keygen_pubexp` control command string. 19 | * The RSA code now has a `verify_recover` function. 20 | * The automake code was adjusted to support builds not in the project root. This 21 | is particularly useful for Yocto builds. 22 | * The Visual Studio solution now has configurations to support the wolfSSL FIPS 23 | 140-3 candidate code. 24 | * The random bytes function will now return success and do nothing if the 25 | provided length is 0. 26 | * Fixed a potential seg fault in `we_dh_compute_key_int` if `DH_get0_priv_key` 27 | returned NULL. 28 | * The DH code now supports the `dh_paramgen_prime_len` control command string. 29 | * Attempting to use the control command `EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR` 30 | will now return an error, as wolfCrypt doesn't support setting the generator for 31 | DH. 32 | 33 | # wolfEngine Release 1.1.0 (May 16, 2022) 34 | * Updated README.md to refer to new wolfSSL configure flag `--enable-engine`. 35 | * Fixed a double free bug in certain error cases in the ECC code. 36 | * Added examples/ and engine.conf to the distribution. 37 | * Fixed a bug in the AES-CTR implementation where partial block data from a 38 | previous operation would leak into the current operation, even when the IV was 39 | changed between operations. 40 | * Added support for X9.31 padding with RSA signatures. 41 | 42 | # wolfEngine Release 1.0.0 (March 7, 2022) 43 | * Added the examples/ directory. 44 | * Added logic to openssl-unit-tests.sh to support macOS. 45 | * Reworked the AES-GCM implementation to support all OpenSSL use cases. Added a 46 | unit test to exercise AES-GCM with the `EVP_Cipher()` API. 47 | * Made some error return codes in the ECC code consistent with OpenSSL. 48 | * Fixed some OpenSSL version gates in the ECC code. 49 | * Adjusted wolfEngine initialization code to support FIPS v5 (140-3). 50 | * Added control commands for enabling wolfSSL debug logging and setting the 51 | wolfSSL debug log callback. 52 | * Added a FIPS integrity check callback so that if the check fails, it's 53 | reported to the user, along with the necessary hash value. 54 | * Improved Visual Studio support. 55 | * Added some additional HMAC functions that were needed when running the OpenSSL 56 | 1.1.1m unit tests with wolfEngine. 57 | 58 | # wolfEngine Release 0.9.0 (November 12, 2021) 59 | 60 | This is the first official release of wolfEngine. Please refer to README.md for 61 | more information. 62 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | SUFFIXES = 2 | TESTS = 3 | noinst_PROGRAMS = 4 | noinst_HEADERS = 5 | check_PROGRAMS = 6 | dist_noinst_SCRIPTS = 7 | DISTCLEANFILES = 8 | pkginclude_HEADERS = 9 | EXTRA_DIST = 10 | 11 | ACLOCAL_AMFLAGS = -I m4 12 | 13 | AM_CPPFLAGS = -I$(top_srcdir)/include 14 | 15 | lib_LTLIBRARIES = libwolfengine.la 16 | 17 | include src/include.am 18 | include include/include.am 19 | include test/include.am 20 | include scripts/include.am 21 | include windows/include.am 22 | include examples/include.am 23 | include rpm/include.am 24 | 25 | noinst_PROGRAMS += bench 26 | bench_SOURCES = bench.c 27 | bench_LDADD = libwolfengine.la 28 | DISTCLEANFILES += .libs/bench 29 | 30 | test: check 31 | 32 | # By default, make distcheck will only add wolfEngine/ as an include directory. 33 | # So, for example, a file like unit.h that has #include 34 | # won't be able to find we_logging.h, because 35 | # wolfEngine/include isn't an include directory. We add it here. 36 | # 37 | # The OpenSSL lib and include directories won't be visible to make distcheck 38 | # either because make distcheck runs ./configure with no other options. If 39 | # OpenSSL isn't installed in a standard location, this naked configure command 40 | # will fail to find it. We tell it where to find the include and lib directory 41 | # for OpenSSL here. 42 | # 43 | # The '--with-wolfssl' doesn't get propagated during a distcheck either, but it 44 | # is necessary when they are installed somewhere other than /usr/local. 45 | AM_DISTCHECK_CONFIGURE_FLAGS=CPPFLAGS="-I@abs_top_srcdir@/include" --with-openssl=@OPENSSL_INSTALL_DIR@ --with-wolfssl=@WOLFSSL_INSTALL_DIR@ 46 | 47 | EXTRA_DIST += README.md \ 48 | engine.conf \ 49 | ChangeLog.md 50 | -------------------------------------------------------------------------------- /SCRIPTS-LIST: -------------------------------------------------------------------------------- 1 | 2 | pre-commit.sh - Development, git 3 | Pre commit hook, saves current state before running commit tests to allow a 4 | restore back to current state 5 | 6 | commit-tests.sh - Development, git 7 | Commit tests, must pass before a commit is accepted. 8 | Use -n (--no-verify) to disable. 9 | 10 | test-openssl-version.sh - Testing 11 | Builds against different versions of OpenSSL. 12 | Set OPENSSL_VER_DIR to a directory containing builds. 13 | Alternatively set ENV variable for each version: 14 | - OPENSSL300_DIR for OpensSL 3.0.0 15 | - OPENSSL111_DIR for OpensSL 1.1.1 16 | - OPENSSL110_DIR for OpensSL 1.1.0 17 | - OPENSSL102_DIR for OpensSL 1.0.2 18 | 19 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # autogen.sh 4 | # 5 | # Create configure and makfile stuff... 6 | # 7 | 8 | # Git hooks must be setup before autoreconf 9 | if [ -d .git ]; then 10 | if [ ! -d .git/hooks ]; then 11 | mkdir .git/hooks 12 | fi 13 | ln -s -f ../../pre-commit.sh .git/hooks/pre-commit 14 | fi 15 | 16 | autoreconf --install --force --verbose 17 | 18 | -------------------------------------------------------------------------------- /certs/ca-cert.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 12309252214903945037 (0xaad33fac180a374d) 5 | Signature Algorithm: sha256WithRSAEncryption 6 | Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com 7 | Validity 8 | Not Before: Feb 10 19:49:52 2021 GMT 9 | Not After : Nov 7 19:49:52 2023 GMT 10 | Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (2048 bit) 14 | Modulus: 15 | 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: 16 | f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: 17 | de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: 18 | 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: 19 | 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: 20 | 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: 21 | a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: 22 | a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: 23 | 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: 24 | 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: 25 | 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: 26 | 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: 27 | de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: 28 | cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: 29 | b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: 30 | 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: 31 | ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: 32 | 36:79 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Subject Key Identifier: 36 | 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 37 | X509v3 Authority Key Identifier: 38 | keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 39 | DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com 40 | serial:AA:D3:3F:AC:18:0A:37:4D 41 | 42 | X509v3 Basic Constraints: 43 | CA:TRUE 44 | X509v3 Subject Alternative Name: 45 | DNS:example.com, IP Address:127.0.0.1 46 | X509v3 Extended Key Usage: 47 | TLS Web Server Authentication, TLS Web Client Authentication 48 | Signature Algorithm: sha256WithRSAEncryption 49 | 62:98:c8:58:cf:56:03:86:5b:1b:71:49:7d:05:03:5d:e0:08: 50 | 86:ad:db:4a:de:ab:22:96:a8:c3:59:68:c1:37:90:40:df:bd: 51 | 89:d0:bc:da:8e:ef:87:b2:c2:62:52:e1:1a:29:17:6a:96:99: 52 | c8:4e:d8:32:fe:b8:d1:5c:3b:0a:c2:3c:5f:a1:1e:98:7f:ce: 53 | 89:26:21:1f:64:9c:15:7a:9c:ef:fb:1d:85:6a:fa:98:ce:a8: 54 | a9:ab:c3:a2:c0:eb:87:ed:bc:21:df:f3:07:5b:ae:fd:40:d4: 55 | ae:20:d0:76:8a:31:0a:a2:62:7c:61:0d:ce:5d:9a:1e:e4:20: 56 | 88:51:49:fb:77:a9:cd:4d:c6:bf:54:99:33:ef:4b:a0:73:70: 57 | 6d:2e:d9:3d:08:f6:12:39:31:68:c6:61:5c:41:b5:1b:f4:38: 58 | 7d:fc:be:73:66:2d:f7:ca:5b:2c:5b:31:aa:cf:f6:7f:30:e4: 59 | 12:2c:8e:d6:38:51:e6:45:ee:d5:da:c3:83:d6:ed:5e:ec:d6: 60 | b6:14:b3:93:59:e1:55:4a:7f:04:df:ce:65:d4:df:18:4f:dd: 61 | b4:45:7f:a6:56:30:c4:05:44:98:9d:4f:26:6d:84:80:a0:5e: 62 | ed:23:d1:48:87:0e:05:06:91:3b:b0:3c:bb:8c:8f:3c:7b:4c: 63 | 4f:a1:ca:98 64 | -----BEGIN CERTIFICATE----- 65 | MIIE6TCCA9GgAwIBAgIJAKrTP6wYCjdNMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD 66 | VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G 67 | A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 68 | dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe 69 | Fw0yMTAyMTAxOTQ5NTJaFw0yMzExMDcxOTQ5NTJaMIGUMQswCQYDVQQGEwJVUzEQ 70 | MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 71 | dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns 72 | LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI 73 | hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D 74 | mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx 75 | i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J 76 | XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc 77 | /hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI 78 | /pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATow 79 | ggE2MB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+ 80 | gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO 81 | BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv 82 | b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j 83 | b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCq0z+sGAo3TTAM 84 | BgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1Ud 85 | JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAYpjI 86 | WM9WA4ZbG3FJfQUDXeAIhq3bSt6rIpaow1lowTeQQN+9idC82o7vh7LCYlLhGikX 87 | apaZyE7YMv640Vw7CsI8X6EemH/OiSYhH2ScFXqc7/sdhWr6mM6oqavDosDrh+28 88 | Id/zB1uu/UDUriDQdooxCqJifGENzl2aHuQgiFFJ+3epzU3Gv1SZM+9LoHNwbS7Z 89 | PQj2EjkxaMZhXEG1G/Q4ffy+c2Yt98pbLFsxqs/2fzDkEiyO1jhR5kXu1drDg9bt 90 | XuzWthSzk1nhVUp/BN/OZdTfGE/dtEV/plYwxAVEmJ1PJm2EgKBe7SPRSIcOBQaR 91 | O7A8u4yPPHtMT6HKmA== 92 | -----END CERTIFICATE----- 93 | -------------------------------------------------------------------------------- /certs/ecc-key.pem: -------------------------------------------------------------------------------- 1 | ASN1 OID: prime256v1 2 | -----BEGIN EC PARAMETERS----- 3 | BggqhkjOPQMBBw== 4 | -----END EC PARAMETERS----- 5 | -----BEGIN EC PRIVATE KEY----- 6 | MHcCAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49 7 | AwEHoUQDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKT 8 | mjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2A== 9 | -----END EC PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /certs/server-ecc.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 3 (0x3) 5 | Signature Algorithm: ecdsa-with-SHA256 6 | Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com 7 | Validity 8 | Not Before: Feb 10 19:49:53 2021 GMT 9 | Not After : Nov 7 19:49:53 2023 GMT 10 | Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: id-ecPublicKey 13 | Public-Key: (256 bit) 14 | pub: 15 | 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: 16 | 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: 17 | 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: 18 | 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 19 | 0b:80:34:89:d8 20 | ASN1 OID: prime256v1 21 | NIST CURVE: P-256 22 | X509v3 extensions: 23 | X509v3 Subject Key Identifier: 24 | 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 25 | X509v3 Authority Key Identifier: 26 | keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 27 | 28 | X509v3 Basic Constraints: critical 29 | CA:FALSE 30 | X509v3 Key Usage: critical 31 | Digital Signature, Key Encipherment, Key Agreement 32 | X509v3 Extended Key Usage: 33 | TLS Web Server Authentication 34 | Netscape Cert Type: 35 | SSL Server 36 | Signature Algorithm: ecdsa-with-SHA256 37 | 30:45:02:20:61:6f:e8:b9:ad:cc:c9:1a:81:17:02:64:07:c3: 38 | 18:44:01:81:76:18:9d:6d:3d:7d:cb:c1:5a:76:4a:ad:71:55: 39 | 02:21:00:cd:22:35:04:19:c2:23:21:02:88:4b:51:da:db:51: 40 | ab:54:8c:cb:38:ac:8e:bb:ee:18:07:bf:88:36:88:ff:d5 41 | -----BEGIN CERTIFICATE----- 42 | MIICoTCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR 43 | BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv 44 | bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz 45 | bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjEwMjEw 46 | MTk0OTUzWhcNMjMxMTA3MTk0OTUzWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM 47 | Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx 48 | DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI 49 | hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD 50 | QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih 51 | f/DPGNqREQI0huggWDMLgDSJ2KOBiTCBhjAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr 52 | SiUCI++yiTAwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0T 53 | AQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJ 54 | YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0gAMEUCIGFv6LmtzMkagRcCZAfD 55 | GEQBgXYYnW09fcvBWnZKrXFVAiEAzSI1BBnCIyECiEtR2ttRq1SMyzisjrvuGAe/ 56 | iDaI/9U= 57 | -----END CERTIFICATE----- 58 | -------------------------------------------------------------------------------- /certs/server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 3 | qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf 4 | P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj 5 | xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk 6 | wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC 7 | Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv 8 | n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd 9 | x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y 10 | oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz 11 | 0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB 12 | QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD 13 | LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 14 | ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 15 | yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT 16 | 3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N 17 | zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB 18 | hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv 19 | VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB 20 | qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf 21 | H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza 22 | 1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ 23 | c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe 24 | 9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY 25 | dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n 26 | WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /commit-tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # commit-tests.sh 4 | # 5 | # Tests executed on each commit 6 | 7 | # WOLFENGINE_OPENSSL_INSTALL - environment variable that when set will use 8 | # the specified OpenSSL installation path for commit tests, setting the path 9 | # with --with-openssl=WOLFENGINE_OPENSSL_INSTALL at configure time. 10 | 11 | # make sure current config is ok 12 | echo -e "\n\nTesting current config...\n\n" 13 | make clean; make -j 8 test; 14 | RESULT=$? 15 | [ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1 16 | 17 | # allow developer to set OpenSSL installation path using env variable 18 | if test -n "$WOLFENGINE_OPENSSL_INSTALL"; then 19 | WITH_OPENSSL="--with-openssl=$WOLFENGINE_OPENSSL_INSTALL" 20 | echo -e "WOLFENGINE_OPENSSL_INSTALL is set: $WOLFENGINE_OPENSSL_INSTALL" 21 | export LD_LIBRARY_PATH=$WOLFENGINE_OPENSSL_INSTALL/lib:$LD_LIBRARY_PATH 22 | else 23 | WITH_OPENSSL="" 24 | echo -e "WOLFENGINE_OPENSSL_INSTALL not set." 25 | fi 26 | 27 | # make sure default config is ok 28 | echo -e "\n\nTesting default config:\n" 29 | ./configure $WITH_OPENSSL 30 | RESULT=$? 31 | [ $RESULT -ne 0 ] && echo -e "\n\nDefault config ./configure failed" && exit 1 32 | 33 | make -j 8 test 34 | RESULT=$? 35 | [ $RESULT -ne 0 ] && echo -e "\n\nDefault config make test failed" && exit 1 36 | 37 | # make sure config with all features is ok 38 | echo -e "\n\nTesting config with all features...\n\n" 39 | ./configure $WITH_OPENSSL --enable-sha3 --enable-aesgcm --enable-aesccm 40 | RESULT=$? 41 | [ $RESULT -ne 0 ] && echo -e "\n\nConfig with all features ./configure --enable-sha3 --enable-aesgcm --enable-aesccm failed" && exit 1 42 | 43 | make -j 8 test 44 | RESULT=$? 45 | [ $RESULT -ne 0 ] && echo -e "\n\nConfig with all features make test failed" && exit 1 46 | 47 | # make sure static engine config is ok 48 | echo -e "\n\nTesting static engine config...\n\n" 49 | ./configure $WITH_OPENSSL --enable-static --disable-dynamic-engine 50 | RESULT=$? 51 | [ $RESULT -ne 0 ] && echo -e "\n\nStatic engine config ./configure --enable-static --disable-dynamic-engine failed" && exit 1 52 | 53 | make -j 8 test 54 | RESULT=$? 55 | [ $RESULT -ne 0 ] && echo -e "\n\nStatic engine config make test failed" && exit 1 56 | 57 | exit 0 58 | -------------------------------------------------------------------------------- /coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Creates the coverage output for the library. 3 | # Runs the tests for the current configuration. 4 | # Must be run on Linux and have lcov installed. 5 | # The configuration must have used --enable-coverage. 6 | # 7 | 8 | WOLFENGINE_PATH=`realpath $0` 9 | WOLFENGINE_PATH=`dirname $WOLFENGINE_PATH` 10 | COVERAGE_HTML=../coverage 11 | COVERAGE_INFO=../coverage.info 12 | 13 | export WOLFENGINE_OPENSSL_TEST=y 14 | 15 | which lcov >/dev/null 2>&1 16 | LCOV=$? 17 | which genhtml >/dev/null 2>&1 18 | GENHTML=$? 19 | if [ $LCOV -ne 0 -o $GENHTML -ne 0 ]; then 20 | echo 'Please install lcov on this system.' 21 | echo 22 | return 1 23 | fi 24 | 25 | grep -- '--enable-coverage' config.status >/dev/null 2>&1 26 | if [ $? -ne 0 ]; then 27 | echo 'Not configured for coverage!' 28 | echo 29 | echo 'Configure with option:\n --enable-coverage' 30 | echo 31 | return 1 32 | fi 33 | 34 | if [ ! -d "$COVERAGE_HTML" ]; then 35 | mkdir $COVERAGE_HTML 36 | fi 37 | 38 | make clean 39 | find . -name '*.gcda' | xargs rm -f 40 | find . -name '*.gcno' | xargs rm -f 41 | make test 42 | 43 | lcov --rc lcov_branch_coverage=1 --capture --list-full-path --directory src --directory include --output-file $COVERAGE_INFO 44 | 45 | genhtml --rc lcov_branch_coverage=1 --prefix $WOLFENGINE_PATH --branch-coverage $COVERAGE_INFO --output-directory $COVERAGE_HTML 46 | 47 | OUTDIR=`readlink -m $PWD/$COVERAGE_HTML` 48 | echo 49 | echo 'Coverage results:' 50 | echo " $OUTDIR/index.html" 51 | echo 52 | 53 | -------------------------------------------------------------------------------- /engine.conf: -------------------------------------------------------------------------------- 1 | # This is an example of how to use the OpenSSL configuration file to instruct 2 | # OpenSSL to use wolfEngine. 3 | 4 | openssl_conf = openssl_init 5 | 6 | [openssl_init] 7 | engines = engine_section 8 | 9 | [engine_section] 10 | wolfSSL = wolfssl_section 11 | 12 | [wolfssl_section] 13 | # If using OpenSSL <= 1.0.2, change engine_id to wolfengine (drop the "lib"). 14 | engine_id = libwolfengine 15 | dynamic_path = .libs/libwolfengine.so 16 | init = 1 17 | # Use wolfEngine as the default for all algorithms it provides. 18 | default_algorithms = ALL 19 | # Only enable when debugging application - produces large amounts of output. 20 | enable_debug = 1 21 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | # wolfEngine Examples 2 | 3 | This directory contains example programs using wolfEngine on Linux. See below for more on each. Each program is also documented in its source code. 4 | 5 | ## Setting up wolfEngine 6 | 7 | See README.md in the root source code directory for instructions on building wolfEngine. Configure wolfEngine with `--enable-debug` (or `-DWOLFENGINE_DEBUG` if not using the configure script) to see debug output from wolfEngine during execution. 8 | 9 | ## Building 10 | 11 | To compile an example, run 12 | 13 | ``` 14 | gcc -I -L -o example -lcrypto -g3 -O0 15 | ``` 16 | 17 | Replacing the <> placeholders with values appropriate to your system. Then, run it with 18 | 19 | ``` 20 | LD_LIBRARY_PATH=/path/to/openssl/lib ./example 21 | ``` 22 | 23 | ## Examples 24 | 25 | ### conf_example.c 26 | 27 | This example shows how to set up an application to use wolfEngine using a configuration file. The user must set the `OPENSSL_CONF` environment variable to their configuration file for this to work. See engine.conf in the directory above for an example configuration file. Make sure the configuration file has `enable_debug = 1` to produce debug messages. 28 | 29 | ### engine_by_id_example.c 30 | 31 | This example shows how to set up an application to use wolfEngine without a configuration file, using the `ENGINE_by_id` OpenSSL function. The user must set the `OPENSSL_ENGINES` environment variable to the directory containing `libwolfengine.so` for this to work. 32 | -------------------------------------------------------------------------------- /examples/conf_example.c: -------------------------------------------------------------------------------- 1 | /* conf_example.c 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | /* From https://www.openssl.org/docs/man3.0/man3/EVP_MD_CTX_new.html: 27 | * 28 | * The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to 29 | * EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. 30 | */ 31 | #if OPENSSL_VERSION_NUMBER < 0x10100000L 32 | #define EVP_MD_CTX_new EVP_MD_CTX_create 33 | #define EVP_MD_CTX_free EVP_MD_CTX_destroy 34 | #endif 35 | 36 | int main() 37 | { 38 | unsigned char someData[] = {0xDE, 0xAD, 0xBE, 0xEF}; 39 | unsigned char digest[SHA256_DIGEST_LENGTH]; 40 | unsigned int digestBufLen = sizeof(digest); 41 | EVP_MD_CTX* ctx; 42 | const EVP_MD* sha256 = EVP_sha256(); 43 | const EVP_MD* md5 = EVP_md5(); 44 | 45 | /* 46 | * Load the configuration file (pointed to by environment variable 47 | * OPENSSL_CONF). This will load wolfEngine and make it the default engine 48 | * for all the algorithms it provides. See wolfEngine.conf for more. 49 | */ 50 | #if OPENSSL_VERSION_NUMBER < 0x10100000 51 | OPENSSL_config(NULL); 52 | #else 53 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | 54 | OPENSSL_INIT_ADD_ALL_DIGESTS | 55 | OPENSSL_INIT_LOAD_CONFIG, NULL); 56 | #endif 57 | 58 | /* 59 | * Compute a digest/hash over the data in the "someData" buffer. wolfEngine 60 | * provides SHA-256, and since it's the default engine for everything it 61 | * provides, we should see wolfEngine debug messages print out. If you 62 | * don't see those messages, make sure wolfEngine was built with 63 | * --enable-debug (-DWOLFENGINE_DEBUG). 64 | */ 65 | if ((ctx = EVP_MD_CTX_new()) == NULL) { 66 | fprintf(stderr, "EVP_MD_CTX_new SHA-256 failed.\n"); 67 | return -1; 68 | } 69 | if (EVP_DigestInit(ctx, sha256) != 1) { 70 | fprintf(stderr, "EVP_DigestInit SHA-256 failed.\n"); 71 | return -1; 72 | } 73 | if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) { 74 | fprintf(stderr, "EVP_DigestUpdate SHA-256 failed.\n"); 75 | return -1; 76 | } 77 | if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) { 78 | fprintf(stderr, "EVP_DigestFinal_ex SHA-256 failed.\n"); 79 | return -1; 80 | } 81 | 82 | EVP_MD_CTX_free(ctx); 83 | 84 | /* 85 | * MD5 is not considered a secure hash algorithm and isn't FIPS-approved. 86 | * wolfEngine doesn't provide support for it. The digest computation below 87 | * shouldn't print any wolfEngine debug messages. It will be handled by 88 | * OpenSSL's non-FIPS-verified MD5 implementation. 89 | */ 90 | if ((ctx = EVP_MD_CTX_new()) == NULL) { 91 | fprintf(stderr, "EVP_MD_CTX_new MD5 failed.\n"); 92 | return -1; 93 | } 94 | if (EVP_DigestInit(ctx, md5) != 1) { 95 | fprintf(stderr, "EVP_DigestInit MD5 failed.\n"); 96 | return -1; 97 | } 98 | if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) { 99 | fprintf(stderr, "EVP_DigestUpdate MD5 failed.\n"); 100 | return -1; 101 | } 102 | if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) { 103 | fprintf(stderr, "EVP_DigestFinal_ex MD5 failed.\n"); 104 | return -1; 105 | } 106 | 107 | EVP_MD_CTX_free(ctx); 108 | 109 | printf("Everything worked!\n"); 110 | 111 | return 0; 112 | } 113 | -------------------------------------------------------------------------------- /examples/engine_by_id_example.c: -------------------------------------------------------------------------------- 1 | /* engine_by_id_example.c 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #include 23 | 24 | #include 25 | 26 | /* From https://www.openssl.org/docs/man3.0/man3/EVP_MD_CTX_new.html: 27 | * 28 | * The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to 29 | * EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. 30 | */ 31 | #if OPENSSL_VERSION_NUMBER < 0x10100000L 32 | #define EVP_MD_CTX_new EVP_MD_CTX_create 33 | #define EVP_MD_CTX_free EVP_MD_CTX_destroy 34 | #endif 35 | 36 | int main() 37 | { 38 | ENGINE* wolfEngine = NULL; 39 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L 40 | const char* engineID = "libwolfengine"; 41 | #else 42 | const char* engineID = "wolfengine"; 43 | #endif 44 | unsigned char someData[] = {0xDE, 0xAD, 0xBE, 0xEF}; 45 | unsigned char digest[SHA256_DIGEST_LENGTH]; 46 | unsigned int digestBufLen = sizeof(digest); 47 | EVP_MD_CTX *ctx; 48 | const EVP_MD* sha256 = EVP_sha256(); 49 | const EVP_MD* md5 = EVP_md5(); 50 | 51 | /* 52 | * Load OpenSSL's "dynamic" engine. This is an engine that loads other 53 | * engines at runtime. It's used implicitly below to load wolfEngine. 54 | */ 55 | ENGINE_load_dynamic(); 56 | 57 | /* 58 | * Load wolfEngine. libwolfengine.so must be located in the directory 59 | * pointed to by environment variable OPENSSL_ENGINES for this to succeed. 60 | * For example, if you just ran "make" in the wolfEngine source code 61 | * directory, .libs/ should contain libwolfengine.so. 62 | */ 63 | wolfEngine = ENGINE_by_id(engineID); 64 | if (wolfEngine == NULL) { 65 | fprintf(stderr, "ENGINE_by_id failed.\n"); 66 | return -1; 67 | } 68 | 69 | /* 70 | * Turn on wolfEngine debug messages. These will print to stderr. 71 | */ 72 | if (ENGINE_ctrl_cmd(wolfEngine, "enable_debug", 1, NULL, NULL, 0) != 1) { 73 | fprintf(stderr, "ENGINE_ctrl_cmd enable_debug failed.\n"); 74 | return -1; 75 | } 76 | 77 | /* 78 | * Make wolfEngine the default engine for all algorithms it supports. 79 | */ 80 | ENGINE_set_default(wolfEngine, ENGINE_METHOD_ALL); 81 | 82 | /* 83 | * Compute a digest/hash over the data in the "someData" buffer. wolfEngine 84 | * provides SHA-256, and since it's the default engine for everything it 85 | * provides, we should see wolfEngine debug messages print out. If you 86 | * don't see those messages, make sure wolfEngine was built with 87 | * --enable-debug (-DWOLFENGINE_DEBUG). 88 | */ 89 | if ((ctx = EVP_MD_CTX_new()) == NULL) { 90 | fprintf(stderr, "EVP_MD_CTX_new SHA-256 failed.\n"); 91 | return -1; 92 | } 93 | if (EVP_DigestInit(ctx, sha256) != 1) { 94 | fprintf(stderr, "EVP_DigestInit SHA-256 failed.\n"); 95 | return -1; 96 | } 97 | if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) { 98 | fprintf(stderr, "EVP_DigestUpdate SHA-256 failed.\n"); 99 | return -1; 100 | } 101 | if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) { 102 | fprintf(stderr, "EVP_DigestFinal_ex SHA-256 failed.\n"); 103 | return -1; 104 | } 105 | 106 | EVP_MD_CTX_free(ctx); 107 | 108 | /* 109 | * MD5 is not considered a secure hash algorithm and isn't FIPS-approved. 110 | * wolfEngine doesn't provide support for it. The digest computation below 111 | * shouldn't print any wolfEngine debug messages. It will be handled by 112 | * OpenSSL's non-FIPS-verified MD5 implementation. 113 | */ 114 | if ((ctx = EVP_MD_CTX_new()) == NULL) { 115 | fprintf(stderr, "EVP_MD_CTX_new MD5 failed.\n"); 116 | return -1; 117 | } 118 | if (EVP_DigestInit(ctx, md5) != 1) { 119 | fprintf(stderr, "EVP_DigestInit MD5 failed.\n"); 120 | return -1; 121 | } 122 | if (EVP_DigestUpdate(ctx, someData, sizeof(someData)) != 1) { 123 | fprintf(stderr, "EVP_DigestUpdate MD5 failed.\n"); 124 | return -1; 125 | } 126 | if (EVP_DigestFinal_ex(ctx, digest, &digestBufLen) != 1) { 127 | fprintf(stderr, "EVP_DigestFinal_ex MD5 failed.\n"); 128 | return -1; 129 | } 130 | 131 | EVP_MD_CTX_free(ctx); 132 | 133 | ENGINE_free(wolfEngine); 134 | 135 | printf("Everything worked!\n"); 136 | 137 | return 0; 138 | } 139 | 140 | -------------------------------------------------------------------------------- /examples/include.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST += examples/conf_example.c \ 2 | examples/engine_by_id_example.c \ 3 | examples/README.md 4 | -------------------------------------------------------------------------------- /include/include.am: -------------------------------------------------------------------------------- 1 | # vim:ft=automake 2 | # All paths should be given relative to the root 3 | # 4 | 5 | noinst_HEADERS += include/wolfengine/we_internal.h \ 6 | include/wolfengine/we_openssl_bc.h 7 | 8 | pkginclude_HEADERS += include/wolfengine/we_wolfengine.h \ 9 | include/wolfengine/we_logging.h \ 10 | include/wolfengine/we_fips.h \ 11 | include/wolfengine/we_visibility.h 12 | -------------------------------------------------------------------------------- /include/wolfengine/we_fips.h: -------------------------------------------------------------------------------- 1 | /* we_fips.h 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #ifndef WE_FIPS_H 23 | #define WE_FIPS_H 24 | 25 | #ifdef WOLFENGINE_USER_SETTINGS 26 | #include "user_settings.h" 27 | #else 28 | #include 29 | #endif 30 | 31 | #include 32 | 33 | 34 | enum wolfEngine_FipsCheck { 35 | /* check that RSA key size is valid */ 36 | WE_FIPS_CHECK_RSA_KEY_SIZE = 0x0001, 37 | /* check that P-192 usage is valid */ 38 | WE_FIPS_CHECK_P192 = 0x0002, 39 | /* check that RSA signature with SHA-1 digest is valid */ 40 | WE_FIPS_CHECK_RSA_SHA1 = 0x0004, 41 | 42 | /* default FIPS checks (all with wolfCrypt FIPS, none without) */ 43 | #if defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION) 44 | WE_FIPS_CHECKS_DEFAULT = (WE_FIPS_CHECK_RSA_KEY_SIZE 45 | | WE_FIPS_CHECK_P192 46 | | WE_FIPS_CHECK_RSA_SHA1) 47 | #else 48 | WE_FIPS_CHECKS_DEFAULT = 0 49 | #endif /* HAVE_FIPS || HAVE_FIPS_VERSION */ 50 | }; 51 | 52 | /* Set FIPS checks, bitmask of wolfEngine_FipsCheck. */ 53 | WOLFENGINE_API void wolfEngine_SetFipsChecks(long checksMask); 54 | /* Get FIPS checks mask. */ 55 | WOLFENGINE_API long wolfEngine_GetFipsChecks(void); 56 | 57 | #endif /* WE_FIPS_H */ 58 | -------------------------------------------------------------------------------- /include/wolfengine/we_visibility.h: -------------------------------------------------------------------------------- 1 | /* we_visibility.h 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #ifndef WE_VISIBILITY_H 23 | #define WE_VISIBILITY_H 24 | 25 | #if defined(BUILDING_WOLFENGINE) 26 | #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ 27 | defined(_WIN32_WCE) 28 | #if defined(WOLFENGINE_DLL) 29 | #define WOLFENGINE_API __declspec(dllexport) 30 | #else 31 | #define WOLFENGINE_API 32 | #endif 33 | #define WOLFENGINE_LOCAL 34 | #elif defined(HAVE_VISIBILITY) && HAVE_VISIBILITY 35 | #define WOLFENGINE_API __attribute__ ((visibility("default"))) 36 | #define WOLFENGINE_LOCAL __attribute__ ((visibility("hidden"))) 37 | #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550) 38 | #define WOLFENGINE_API __global 39 | #define WOLFENGINE_LOCAL __hidden 40 | #else 41 | #define WOLFENGINE_API 42 | #define WOLFENGINE_LOCAL 43 | #endif /* HAVE_VISIBILITY */ 44 | #else /* BUILDING_WOLFENGINE */ 45 | #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ 46 | defined(_WIN32_WCE) 47 | #if defined(WOLFENGINE_DLL) 48 | #define WOLFENGINE_API __declspec(dllimport) 49 | #else 50 | #define WOLFENGINE_API 51 | #endif 52 | #define WOLFENGINE_LOCAL 53 | #else 54 | #define WOLFENGINE_API 55 | #define WOLFENGINE_LOCAL 56 | #endif 57 | #endif /* BUILDING_WOLFENGINE */ 58 | 59 | #endif /* WE_VISIBILITY_H */ 60 | -------------------------------------------------------------------------------- /include/wolfengine/we_wolfengine.h: -------------------------------------------------------------------------------- 1 | /* we_wolfengine.h 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #ifndef WOLFENGINE_H 23 | #define WOLFENGINE_H 24 | 25 | #ifdef WOLFENGINE_USER_SETTINGS 26 | #include "user_settings.h" 27 | #endif 28 | 29 | #include 30 | 31 | /* OpenSSL 3.0.0 has deprecated the ENGINE API. */ 32 | #define OPENSSL_API_COMPAT 10101 33 | 34 | #define WOLFENGINE_SUCCESS 1 35 | #define WOLFENGINE_FAILURE 0 36 | #define WOLFENGINE_FATAL_ERROR -1 37 | 38 | /* Engine id - implementation uses wolfSSL */ 39 | WOLFENGINE_API extern const char *wolfengine_id; 40 | /* Engine name ... or description. */ 41 | WOLFENGINE_API extern const char *wolfengine_name; 42 | 43 | WOLFENGINE_API void ENGINE_load_wolfengine(void); 44 | 45 | #endif /* WOLFENGINE_H */ 46 | -------------------------------------------------------------------------------- /m4/ax_append_compile_flags.m4: -------------------------------------------------------------------------------- 1 | # ============================================================================ 2 | # https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html 3 | # ============================================================================ 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # For every FLAG1, FLAG2 it is checked whether the compiler works with the 12 | # flag. If it does, the flag is added FLAGS-VARIABLE 13 | # 14 | # If FLAGS-VARIABLE is not specified, the current language's flags (e.g. 15 | # CFLAGS) is used. During the check the flag is always added to the 16 | # current language's flags. 17 | # 18 | # If EXTRA-FLAGS is defined, it is added to the current language's default 19 | # flags (e.g. CFLAGS) when the check is done. The check is thus made with 20 | # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to 21 | # force the compiler to issue an error when a bad flag is given. 22 | # 23 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE. 24 | # 25 | # NOTE: This macro depends on the AX_APPEND_FLAG and 26 | # AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with 27 | # AX_APPEND_LINK_FLAGS. 28 | # 29 | # LICENSE 30 | # 31 | # Copyright (c) 2011 Maarten Bosmans 32 | # 33 | # This program is free software: you can redistribute it and/or modify it 34 | # under the terms of the GNU General Public License as published by the 35 | # Free Software Foundation, either version 3 of the License, or (at your 36 | # option) any later version. 37 | # 38 | # This program is distributed in the hope that it will be useful, but 39 | # WITHOUT ANY WARRANTY; without even the implied warranty of 40 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 41 | # Public License for more details. 42 | # 43 | # You should have received a copy of the GNU General Public License along 44 | # with this program. If not, see . 45 | # 46 | # As a special exception, the respective Autoconf Macro's copyright owner 47 | # gives unlimited permission to copy, distribute and modify the configure 48 | # scripts that are the output of Autoconf when processing the Macro. You 49 | # need not follow the terms of the GNU General Public License when using 50 | # or distributing such scripts, even though portions of the text of the 51 | # Macro appear in them. The GNU General Public License (GPL) does govern 52 | # all other use of the material that constitutes the Autoconf Macro. 53 | # 54 | # This special exception to the GPL applies to versions of the Autoconf 55 | # Macro released by the Autoconf Archive. When you make and distribute a 56 | # modified version of the Autoconf Macro, you may extend this special 57 | # exception to the GPL to apply to your modified version as well. 58 | 59 | #serial 6 60 | 61 | AC_DEFUN([AX_APPEND_COMPILE_FLAGS], 62 | [AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG]) 63 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) 64 | for flag in $1; do 65 | AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4]) 66 | done 67 | ])dnl AX_APPEND_COMPILE_FLAGS 68 | -------------------------------------------------------------------------------- /m4/ax_append_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_append_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # FLAG is appended to the FLAGS-VARIABLE shell variable, with a space 12 | # added in between. 13 | # 14 | # If FLAGS-VARIABLE is not specified, the current language's flags (e.g. 15 | # CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains 16 | # FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly 17 | # FLAG. 18 | # 19 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. 20 | # 21 | # LICENSE 22 | # 23 | # Copyright (c) 2008 Guido U. Draheim 24 | # Copyright (c) 2011 Maarten Bosmans 25 | # 26 | # This program is free software: you can redistribute it and/or modify it 27 | # under the terms of the GNU General Public License as published by the 28 | # Free Software Foundation, either version 3 of the License, or (at your 29 | # option) any later version. 30 | # 31 | # This program is distributed in the hope that it will be useful, but 32 | # WITHOUT ANY WARRANTY; without even the implied warranty of 33 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 34 | # Public License for more details. 35 | # 36 | # You should have received a copy of the GNU General Public License along 37 | # with this program. If not, see . 38 | # 39 | # As a special exception, the respective Autoconf Macro's copyright owner 40 | # gives unlimited permission to copy, distribute and modify the configure 41 | # scripts that are the output of Autoconf when processing the Macro. You 42 | # need not follow the terms of the GNU General Public License when using 43 | # or distributing such scripts, even though portions of the text of the 44 | # Macro appear in them. The GNU General Public License (GPL) does govern 45 | # all other use of the material that constitutes the Autoconf Macro. 46 | # 47 | # This special exception to the GPL applies to versions of the Autoconf 48 | # Macro released by the Autoconf Archive. When you make and distribute a 49 | # modified version of the Autoconf Macro, you may extend this special 50 | # exception to the GPL to apply to your modified version as well. 51 | 52 | #serial 7 53 | 54 | AC_DEFUN([AX_APPEND_FLAG], 55 | [dnl 56 | AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF 57 | AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])]) 58 | AS_VAR_SET_IF(FLAGS,[ 59 | AS_CASE([" AS_VAR_GET(FLAGS) "], 60 | [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])], 61 | [ 62 | AS_VAR_APPEND(FLAGS,[" $1"]) 63 | AC_RUN_LOG([: FLAGS="$FLAGS"]) 64 | ]) 65 | ], 66 | [ 67 | AS_VAR_SET(FLAGS,[$1]) 68 | AC_RUN_LOG([: FLAGS="$FLAGS"]) 69 | ]) 70 | AS_VAR_POPDEF([FLAGS])dnl 71 | ])dnl AX_APPEND_FLAG 72 | -------------------------------------------------------------------------------- /m4/ax_append_link_flags.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # For every FLAG1, FLAG2 it is checked whether the linker works with the 12 | # flag. If it does, the flag is added FLAGS-VARIABLE 13 | # 14 | # If FLAGS-VARIABLE is not specified, the linker's flags (LDFLAGS) is 15 | # used. During the check the flag is always added to the linker's flags. 16 | # 17 | # If EXTRA-FLAGS is defined, it is added to the linker's default flags 18 | # when the check is done. The check is thus made with the flags: "LDFLAGS 19 | # EXTRA-FLAGS FLAG". This can for example be used to force the linker to 20 | # issue an error when a bad flag is given. 21 | # 22 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE. 23 | # 24 | # NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG. 25 | # Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS. 26 | # 27 | # LICENSE 28 | # 29 | # Copyright (c) 2011 Maarten Bosmans 30 | # 31 | # This program is free software: you can redistribute it and/or modify it 32 | # under the terms of the GNU General Public License as published by the 33 | # Free Software Foundation, either version 3 of the License, or (at your 34 | # option) any later version. 35 | # 36 | # This program is distributed in the hope that it will be useful, but 37 | # WITHOUT ANY WARRANTY; without even the implied warranty of 38 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 39 | # Public License for more details. 40 | # 41 | # You should have received a copy of the GNU General Public License along 42 | # with this program. If not, see . 43 | # 44 | # As a special exception, the respective Autoconf Macro's copyright owner 45 | # gives unlimited permission to copy, distribute and modify the configure 46 | # scripts that are the output of Autoconf when processing the Macro. You 47 | # need not follow the terms of the GNU General Public License when using 48 | # or distributing such scripts, even though portions of the text of the 49 | # Macro appear in them. The GNU General Public License (GPL) does govern 50 | # all other use of the material that constitutes the Autoconf Macro. 51 | # 52 | # This special exception to the GPL applies to versions of the Autoconf 53 | # Macro released by the Autoconf Archive. When you make and distribute a 54 | # modified version of the Autoconf Macro, you may extend this special 55 | # exception to the GPL to apply to your modified version as well. 56 | 57 | #serial 6 58 | 59 | AC_DEFUN([AX_APPEND_LINK_FLAGS], 60 | [AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) 61 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) 62 | for flag in $1; do 63 | AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4]) 64 | done 65 | ])dnl AX_APPEND_LINK_FLAGS 66 | -------------------------------------------------------------------------------- /m4/ax_check_compile_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Check whether the given FLAG works with the current language's compiler 12 | # or gives an error. (Warnings, however, are ignored) 13 | # 14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on 15 | # success/failure. 16 | # 17 | # If EXTRA-FLAGS is defined, it is added to the current language's default 18 | # flags (e.g. CFLAGS) when the check is done. The check is thus made with 19 | # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to 20 | # force the compiler to issue an error when a bad flag is given. 21 | # 22 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE. 23 | # 24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this 25 | # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. 26 | # 27 | # LICENSE 28 | # 29 | # Copyright (c) 2008 Guido U. Draheim 30 | # Copyright (c) 2011 Maarten Bosmans 31 | # 32 | # This program is free software: you can redistribute it and/or modify it 33 | # under the terms of the GNU General Public License as published by the 34 | # Free Software Foundation, either version 3 of the License, or (at your 35 | # option) any later version. 36 | # 37 | # This program is distributed in the hope that it will be useful, but 38 | # WITHOUT ANY WARRANTY; without even the implied warranty of 39 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 40 | # Public License for more details. 41 | # 42 | # You should have received a copy of the GNU General Public License along 43 | # with this program. If not, see . 44 | # 45 | # As a special exception, the respective Autoconf Macro's copyright owner 46 | # gives unlimited permission to copy, distribute and modify the configure 47 | # scripts that are the output of Autoconf when processing the Macro. You 48 | # need not follow the terms of the GNU General Public License when using 49 | # or distributing such scripts, even though portions of the text of the 50 | # Macro appear in them. The GNU General Public License (GPL) does govern 51 | # all other use of the material that constitutes the Autoconf Macro. 52 | # 53 | # This special exception to the GPL applies to versions of the Autoconf 54 | # Macro released by the Autoconf Archive. When you make and distribute a 55 | # modified version of the Autoconf Macro, you may extend this special 56 | # exception to the GPL to apply to your modified version as well. 57 | 58 | #serial 5 59 | 60 | AC_DEFUN([AX_CHECK_COMPILE_FLAG], 61 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF 62 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl 63 | AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ 64 | ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS 65 | _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" 66 | AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], 67 | [AS_VAR_SET(CACHEVAR,[yes])], 68 | [AS_VAR_SET(CACHEVAR,[no])]) 69 | _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) 70 | AS_VAR_IF(CACHEVAR,yes, 71 | [m4_default([$2], :)], 72 | [m4_default([$3], :)]) 73 | AS_VAR_POPDEF([CACHEVAR])dnl 74 | ])dnl AX_CHECK_COMPILE_FLAGS 75 | -------------------------------------------------------------------------------- /m4/ax_check_link_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Check whether the given FLAG works with the linker or gives an error. 12 | # (Warnings, however, are ignored) 13 | # 14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on 15 | # success/failure. 16 | # 17 | # If EXTRA-FLAGS is defined, it is added to the linker's default flags 18 | # when the check is done. The check is thus made with the flags: "LDFLAGS 19 | # EXTRA-FLAGS FLAG". This can for example be used to force the linker to 20 | # issue an error when a bad flag is given. 21 | # 22 | # INPUT gives an alternative input source to AC_LINK_IFELSE. 23 | # 24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this 25 | # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. 26 | # 27 | # LICENSE 28 | # 29 | # Copyright (c) 2008 Guido U. Draheim 30 | # Copyright (c) 2011 Maarten Bosmans 31 | # 32 | # This program is free software: you can redistribute it and/or modify it 33 | # under the terms of the GNU General Public License as published by the 34 | # Free Software Foundation, either version 3 of the License, or (at your 35 | # option) any later version. 36 | # 37 | # This program is distributed in the hope that it will be useful, but 38 | # WITHOUT ANY WARRANTY; without even the implied warranty of 39 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 40 | # Public License for more details. 41 | # 42 | # You should have received a copy of the GNU General Public License along 43 | # with this program. If not, see . 44 | # 45 | # As a special exception, the respective Autoconf Macro's copyright owner 46 | # gives unlimited permission to copy, distribute and modify the configure 47 | # scripts that are the output of Autoconf when processing the Macro. You 48 | # need not follow the terms of the GNU General Public License when using 49 | # or distributing such scripts, even though portions of the text of the 50 | # Macro appear in them. The GNU General Public License (GPL) does govern 51 | # all other use of the material that constitutes the Autoconf Macro. 52 | # 53 | # This special exception to the GPL applies to versions of the Autoconf 54 | # Macro released by the Autoconf Archive. When you make and distribute a 55 | # modified version of the Autoconf Macro, you may extend this special 56 | # exception to the GPL to apply to your modified version as well. 57 | 58 | #serial 5 59 | 60 | AC_DEFUN([AX_CHECK_LINK_FLAG], 61 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF 62 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl 63 | AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ 64 | ax_check_save_flags=$LDFLAGS 65 | LDFLAGS="$LDFLAGS $4 $1" 66 | AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], 67 | [AS_VAR_SET(CACHEVAR,[yes])], 68 | [AS_VAR_SET(CACHEVAR,[no])]) 69 | LDFLAGS=$ax_check_save_flags]) 70 | AS_VAR_IF(CACHEVAR,yes, 71 | [m4_default([$2], :)], 72 | [m4_default([$3], :)]) 73 | AS_VAR_POPDEF([CACHEVAR])dnl 74 | ])dnl AX_CHECK_LINK_FLAGS 75 | -------------------------------------------------------------------------------- /m4/ax_debug.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://github.com/BrianAker/ddm4/ 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_DEBUG() 8 | # 9 | # DESCRIPTION 10 | # 11 | # --enable-debug 12 | # 13 | # LICENSE 14 | # 15 | # Copyright (C) 2012 Brian Aker 16 | # All rights reserved. 17 | # 18 | # Redistribution and use in source and binary forms, with or without 19 | # modification, are permitted provided that the following conditions are 20 | # met: 21 | # 22 | # * Redistributions of source code must retain the above copyright 23 | # notice, this list of conditions and the following disclaimer. 24 | # 25 | # * Redistributions in binary form must reproduce the above 26 | # copyright notice, this list of conditions and the following disclaimer 27 | # in the documentation and/or other materials provided with the 28 | # distribution. 29 | # 30 | # * The names of its contributors may not be used to endorse or 31 | # promote products derived from this software without specific prior 32 | # written permission. 33 | # 34 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 35 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 36 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 37 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 38 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 39 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 40 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 41 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 42 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 43 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 44 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 45 | 46 | #serial 6.1 47 | 48 | AC_DEFUN([AX_DEBUG], 49 | [AC_PREREQ([2.63])dnl 50 | AC_ARG_ENABLE([debug], 51 | [AS_HELP_STRING([--enable-debug], 52 | [Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])], 53 | [ax_enable_debug=$enableval], 54 | [ax_enable_debug=no]) 55 | 56 | AS_IF([test "x$ax_enable_debug" = xyes], 57 | [AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])], 58 | [AC_SUBST([MCHECK]) 59 | AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])]) 60 | 61 | AC_MSG_CHECKING([for debug]) 62 | AC_MSG_RESULT([$ax_enable_debug]) 63 | AM_CONDITIONAL([DEBUG],[test "x${ax_enable_debug}" = xyes])]) 64 | -------------------------------------------------------------------------------- /m4/ax_require_defined.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_require_defined.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_REQUIRE_DEFINED(MACRO) 8 | # 9 | # DESCRIPTION 10 | # 11 | # AX_REQUIRE_DEFINED is a simple helper for making sure other macros have 12 | # been defined and thus are available for use. This avoids random issues 13 | # where a macro isn't expanded. Instead the configure script emits a 14 | # non-fatal: 15 | # 16 | # ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found 17 | # 18 | # It's like AC_REQUIRE except it doesn't expand the required macro. 19 | # 20 | # Here's an example: 21 | # 22 | # AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) 23 | # 24 | # LICENSE 25 | # 26 | # Copyright (c) 2014 Mike Frysinger 27 | # 28 | # Copying and distribution of this file, with or without modification, are 29 | # permitted in any medium without royalty provided the copyright notice 30 | # and this notice are preserved. This file is offered as-is, without any 31 | # warranty. 32 | 33 | #serial 2 34 | 35 | AC_DEFUN([AX_REQUIRE_DEFINED], [dnl 36 | m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) 37 | ])dnl AX_REQUIRE_DEFINED 38 | -------------------------------------------------------------------------------- /m4/ax_vcs_checkout.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # http:// 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_VCS_CHECKOUT 8 | # 9 | # DESCRIPTION 10 | # 11 | # Discover whether or not we are operating with a tree which 12 | # has been checked out of a version control system. 13 | # 14 | # 15 | # LICENSE 16 | # 17 | # Copyright (C) 2012 Brian Aker 18 | # All rights reserved. 19 | # 20 | # Redistribution and use in source and binary forms, with or without 21 | # modification, are permitted provided that the following conditions are 22 | # met: 23 | # 24 | # * Redistributions of source code must retain the above copyright 25 | # notice, this list of conditions and the following disclaimer. 26 | # 27 | # * Redistributions in binary form must reproduce the above 28 | # copyright notice, this list of conditions and the following disclaimer 29 | # in the documentation and/or other materials provided with the 30 | # distribution. 31 | # 32 | # * The names of its contributors may not be used to endorse or 33 | # promote products derived from this software without specific prior 34 | # written permission. 35 | # 36 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 37 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 38 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 39 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 40 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 42 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 43 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 44 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 45 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 46 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 47 | 48 | #serial 6.1 49 | # 50 | # Added tweak for git. The base repo's .git is a directory. Any worktree's 51 | # .git is a file. Use -e to check for either dir or file. 52 | 53 | AC_DEFUN([AX_VCS_SYSTEM], 54 | [AC_PREREQ([2.63])dnl 55 | AC_CACHE_CHECK([for vcs system], [ac_cv_vcs_system], 56 | [ac_cv_vcs_system="none" 57 | AS_IF([test -d ".bzr"],[ac_cv_vcs_system="bazaar"]) 58 | AS_IF([test -d ".svn"],[ac_cv_vcs_system="svn"]) 59 | AS_IF([test -d ".hg"],[ac_cv_vcs_system="mercurial"]) 60 | AS_IF([test -e ".git"],[ac_cv_vcs_system="git"]) 61 | ]) 62 | AC_DEFINE_UNQUOTED([VCS_SYSTEM],["$ac_cv_vcs_system"],[VCS system]) 63 | ]) 64 | 65 | AC_DEFUN([AX_VCS_CHECKOUT], 66 | [AC_PREREQ([2.63])dnl 67 | AC_REQUIRE([AX_VCS_SYSTEM]) 68 | AC_CACHE_CHECK([for vcs checkout],[ac_cv_vcs_checkout], 69 | [AS_IF([test "x$ac_cv_vcs_system" != "xnone"], 70 | [ac_cv_vcs_checkout=yes], 71 | [ac_cv_vcs_checkout=no]) 72 | ]) 73 | 74 | AM_CONDITIONAL([IS_VCS_CHECKOUT],[test "x$ac_cv_vcs_checkout" = "xyes"]) 75 | AS_IF([test "x$ac_cv_vcs_checkout" = "xyes"], 76 | [AC_DEFINE([VCS_CHECKOUT],[1],[Define if the code was built from VCS.])], 77 | [AC_DEFINE([VCS_CHECKOUT],[0],[Define if the code was built from VCS.])]) 78 | ]) 79 | -------------------------------------------------------------------------------- /m4/m4_ax_check_openssl.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_check_openssl.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Look for OpenSSL in a number of default spots, or in a user-selected 12 | # spot (via --with-openssl). Sets 13 | # 14 | # OPENSSL_INCLUDES to the include directives required 15 | # OPENSSL_LIBS to the -l directives required 16 | # OPENSSL_LDFLAGS to the -L or -R flags required 17 | # 18 | # and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately 19 | # 20 | # This macro sets OPENSSL_INCLUDES such that source files should use the 21 | # openssl/ directory in include directives: 22 | # 23 | # #include 24 | # 25 | # LICENSE 26 | # 27 | # Copyright (c) 2009,2010 Zmanda Inc. 28 | # Copyright (c) 2009,2010 Dustin J. Mitchell 29 | # 30 | # Copying and distribution of this file, with or without modification, are 31 | # permitted in any medium without royalty provided the copyright notice 32 | # and this notice are preserved. This file is offered as-is, without any 33 | # warranty. 34 | 35 | #serial 11 36 | 37 | AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL]) 38 | AC_DEFUN([AX_CHECK_OPENSSL], [ 39 | found=false 40 | AC_ARG_WITH([openssl], 41 | [AS_HELP_STRING([--with-openssl=DIR], 42 | [root of the OpenSSL directory])], 43 | [ 44 | case "$withval" in 45 | "" | y | ye | yes | n | no) 46 | AC_MSG_ERROR([Invalid --with-openssl value]) 47 | ;; 48 | *) ssldirs="$withval" 49 | ;; 50 | esac 51 | ], [ 52 | # if pkg-config is installed and openssl has installed a .pc file, 53 | # then use that information and don't search ssldirs 54 | AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) 55 | if test x"$PKG_CONFIG" != x""; then 56 | OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` 57 | if test $? = 0; then 58 | OPENSSL_INSTALL_DIR=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`"/.." 59 | OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` 60 | OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` 61 | found=true 62 | fi 63 | fi 64 | 65 | # no such luck; use some default ssldirs 66 | if ! $found; then 67 | ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" 68 | fi 69 | ] 70 | ) 71 | 72 | 73 | # note that we #include , so the OpenSSL headers have to be in 74 | # an 'openssl' subdirectory 75 | 76 | if ! $found; then 77 | OPENSSL_INCLUDES= 78 | for ssldir in $ssldirs; do 79 | AC_MSG_CHECKING([for include/openssl/ssl.h in $ssldir]) 80 | if test -f "$ssldir/include/openssl/ssl.h"; then 81 | OPENSSL_INSTALL_DIR="$ssldir" 82 | OPENSSL_INCLUDES="-I$ssldir/include" 83 | OPENSSL_LDFLAGS="-L$ssldir/lib" 84 | OPENSSL_LIBS="-lssl -lcrypto" 85 | 86 | OPENSSL_VERSION=$(perl -nle'print $& while m{(?<=define OPENSSL_VERSION_NUMBER)\s+0x[[0-9a-fA-F]]+}g' $ssldir/include/openssl/opensslv.h) 87 | OPENSSL_VERSION_DEC=$(printf "%d" $OPENSSL_VERSION) 88 | OPENSSL_110_DEC=$(printf "%d" 0x10100000) 89 | OPENSSL_111_DEC=$(printf "%d" 0x10101000) 90 | if test $OPENSSL_VERSION_DEC -lt $OPENSSL_110_DEC; then 91 | OPENSSL_110_PLUS=no 92 | else 93 | OPENSSL_110_PLUS=yes 94 | fi 95 | 96 | if test $OPENSSL_VERSION_DEC -lt $OPENSSL_111_DEC; then 97 | OPENSSL_111_PLUS=no 98 | else 99 | OPENSSL_111_PLUS=yes 100 | fi 101 | 102 | found=true 103 | AC_MSG_RESULT([yes]) 104 | break 105 | else 106 | AC_MSG_RESULT([no]) 107 | fi 108 | done 109 | fi 110 | 111 | if $found; then 112 | AC_MSG_RESULT([yes]) 113 | $1 114 | else 115 | AC_MSG_RESULT([no]) 116 | $2 117 | fi 118 | 119 | AC_SUBST([OPENSSL_INSTALL_DIR]) 120 | AC_SUBST([OPENSSL_INCLUDES]) 121 | AC_SUBST([OPENSSL_LIBS]) 122 | AC_SUBST([OPENSSL_LDFLAGS]) 123 | ]) 124 | -------------------------------------------------------------------------------- /m4/m4_ax_check_wolfssl.m4: -------------------------------------------------------------------------------- 1 | # SYNOPSIS 2 | # 3 | # AX_CHECK_WOLFSSL([action-if-found[, action-if-not-found]]) 4 | # 5 | # DESCRIPTION 6 | # 7 | # Look for wolfSSL in a number of default spots, or in a user-selected 8 | # spot (via --with-wolfssl). Sets 9 | # 10 | # WOLFSSL_INCLUDES to the include directives required 11 | # WOLFSSL_LIBS to the -l directives required 12 | # WOLFSSL_LDFLAGS to the -L or -R flags required 13 | # 14 | # and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately 15 | # 16 | # This macro sets WOLFSSL_INCLUDES such that source files should use the 17 | # wolfssl/ directory in include directives: 18 | # 19 | # #include 20 | # 21 | # LICENSE 22 | # 23 | # Copyright (c) 2023 wolfSSL 24 | # 25 | # Copying and distribution of this file, with or without modification, are 26 | # permitted in any medium without royalty provided the copyright notice 27 | # and this notice are preserved. This file is offered as-is, without any 28 | # warranty. 29 | 30 | #serial 1 31 | 32 | AU_ALIAS([CHECK_SSL], [AX_CHECK_WOLFSSL]) 33 | AC_DEFUN([AX_CHECK_WOLFSSL], [ 34 | found=false 35 | AC_ARG_WITH([wolfssl], 36 | [AS_HELP_STRING([--with-wolfssl=DIR], 37 | [root of the wolfSSL directory])], 38 | [ 39 | case "$withval" in 40 | "" | y | ye | yes | n | no) 41 | AC_MSG_ERROR([Invalid --with-wolfssl value]) 42 | ;; 43 | *) wolfssldirs="$withval" 44 | ;; 45 | esac 46 | ], [ 47 | # if pkg-config is installed and wolfssl has installed a .pc file, 48 | # then use that information and don't search wolfssldirs 49 | AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) 50 | if test x"$PKG_CONFIG" != x""; then 51 | WOLFSSL_INSTALL_DIR=`$PKG_CONFIG wolfssl --cflags-only-I 2>/dev/null`"/.." 52 | WOLFSSL_LDFLAGS=`$PKG_CONFIG wolfssl --libs-only-L 2>/dev/null` 53 | if test $? = 0; then 54 | WOLFSSL_LIBS=`$PKG_CONFIG wolfssl --libs-only-l 2>/dev/null` 55 | WOLFSSL_INCLUDES=`$PKG_CONFIG wolfssl --cflags-only-I 2>/dev/null` 56 | found=true 57 | fi 58 | fi 59 | 60 | # no such luck; use some default wolfssldirs 61 | if ! $found; then 62 | wolfssldirs="/usr/local /usr/lib /usr" 63 | fi 64 | ] 65 | ) 66 | 67 | 68 | # note that we #include , so the wolfSSL headers have to be 69 | # in an 'wolfssl' subdirectory 70 | 71 | if ! $found; then 72 | WOLFSSL_INCLUDES= 73 | for wolfssldir in $wolfssldirs; do 74 | AC_MSG_CHECKING([for include/wolfssl/ssl.h in $wolfssldir]) 75 | if test -f "$wolfssldir/include/wolfssl/ssl.h"; then 76 | WOLFSSL_INSTALL_DIR="$wolfssldir" 77 | WOLFSSL_INCLUDES="-I$wolfssldir/include" 78 | WOLFSSL_LDFLAGS="-L$wolfssldir/lib" 79 | WOLFSSL_LIBS="-lwolfssl" 80 | 81 | WOLFSSL_VERSION=$(perl -nle'print $& while m{(?<=define LIBWOLFSSL_VERSION_HEX)\s+0x[[0-9a-fA-F]]+}g' $wolfssldir/include/wolfssl/version.h) 82 | WOLFSSL_VERSION_DEC=$(printf "%d" $WOLFSSL_VERSION) 83 | 84 | found=true 85 | AC_MSG_RESULT([yes]) 86 | break 87 | else 88 | AC_MSG_RESULT([no]) 89 | fi 90 | done 91 | fi 92 | 93 | if $found; then 94 | AC_MSG_RESULT([yes]) 95 | $1 96 | else 97 | AC_MSG_RESULT([no]) 98 | $2 99 | fi 100 | 101 | AC_SUBST([WOLFSSL_INSTALL_DIR]) 102 | AC_SUBST([WOLFSSL_INCLUDES]) 103 | AC_SUBST([WOLFSSL_LIBS]) 104 | AC_SUBST([WOLFSSL_LDFLAGS]) 105 | ]) 106 | -------------------------------------------------------------------------------- /m4/wolfengine_coverage.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://github.com/BrianAker/ddm4/ 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_COVERAGE() 8 | # 9 | # DESCRIPTION 10 | # 11 | # --enable-coverage 12 | # 13 | # LICENSE 14 | # 15 | # Copyright (c) 2023 Sean Parkinson 16 | # 17 | # Copying and distribution of this file, with or without modification, are 18 | # permitted in any medium without royalty provided the copyright notice 19 | # and this notice are preserved. This file is offered as-is, without any 20 | # warranty. 21 | 22 | #serial 1 23 | 24 | AC_DEFUN([AX_COVERAGE], 25 | [AC_PREREQ([2.63])dnl 26 | AC_ARG_ENABLE([coverage], 27 | [AS_HELP_STRING([--enable-coverage], 28 | [Build code to generate coverage statistics (yes|no) @<:@default=no@:>@])], 29 | [ax_enable_coverage=$enableval], 30 | [ax_enable_coverage=no]) 31 | 32 | AS_IF([test "x$ax_enable_coverage" = xyes], 33 | [AC_DEFINE([COVERAGE],[1],[Define to 1 to enable coverage build.])], 34 | [AC_SUBST([MCHECK]) 35 | AC_DEFINE([COVERAGE],[0],[Define to 1 to enable coverage build.])]) 36 | 37 | AC_MSG_CHECKING([for coverage]) 38 | AC_MSG_RESULT([$ax_enable_coverage]) 39 | AM_CONDITIONAL([COVERAGE],[test "x${ax_enable_coverage}" = xyes])]) 40 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/clienthellotest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/ssl/clienthellotest.c b/ssl/clienthellotest.c 2 | index 77517c6..32d09c9 100644 3 | --- a/ssl/clienthellotest.c 4 | +++ b/ssl/clienthellotest.c 5 | @@ -61,6 +61,8 @@ 6 | #include 7 | #include 8 | 9 | +#include 10 | + 11 | 12 | #define CLIENT_VERSION_LEN 2 13 | #define SESSION_ID_LEN_LEN 1 14 | @@ -101,6 +103,20 @@ int main(int argc, char *argv[]) 15 | unsigned int size; 16 | int testresult = 0; 17 | int currtest = 0; 18 | + ENGINE *e = NULL; 19 | + 20 | + ENGINE_load_dynamic(); 21 | + e = ENGINE_by_id("wolfengine"); 22 | + if (e == NULL) { 23 | + printf("Failed to find wolfEngine.\n"); 24 | + return 1; 25 | + } 26 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 27 | + printf("Failed to enable wolfEngine debug logging.\n"); 28 | + return 1; 29 | + } 30 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 31 | + 32 | 33 | SSL_library_init(); 34 | SSL_load_error_strings(); 35 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/dhtest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c 2 | index c5d3d87ea5..342422269a 100644 3 | --- a/crypto/dh/dhtest.c 4 | +++ b/crypto/dh/dhtest.c 5 | @@ -70,6 +70,7 @@ 6 | 7 | #include "../e_os.h" 8 | 9 | +#include 10 | #include 11 | #include 12 | #include 13 | @@ -107,6 +108,19 @@ int main(int argc, char *argv[]) 14 | unsigned char *abuf = NULL, *bbuf = NULL; 15 | int i, alen, blen, aout, bout, ret = 1; 16 | BIO *out; 17 | + ENGINE *e = NULL; 18 | + 19 | + ENGINE_load_dynamic(); 20 | + e = ENGINE_by_id("wolfengine"); 21 | + if (e == NULL) { 22 | + printf("Failed to find wolfEngine.\n"); 23 | + return 1; 24 | + } 25 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 26 | + printf("Failed to enable wolfEngine debug logging.\n"); 27 | + return 1; 28 | + } 29 | + ENGINE_set_default_DH(e); 30 | 31 | CRYPTO_malloc_debug_init(); 32 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); 33 | @@ -124,7 +138,7 @@ int main(int argc, char *argv[]) 34 | BIO_set_fp(out, stdout, BIO_NOCLOSE); 35 | 36 | BN_GENCB_set(&_cb, &cb, out); 37 | - if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, 38 | + if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 1024, 39 | DH_GENERATOR_5, 40 | &_cb)) 41 | goto err; 42 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/evp_test_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c 2 | index d7441ec7b7..1ff3609444 100644 3 | --- a/crypto/evp/evp_test.c 4 | +++ b/crypto/evp/evp_test.c 5 | @@ -60,6 +60,8 @@ 6 | #include 7 | #include 8 | 9 | +#define GCM_NONCE_MAX_SZ 16 10 | + 11 | static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) 12 | { 13 | int n = 0; 14 | @@ -387,6 +389,15 @@ static int test_cipher(const char *cipher, const unsigned char *key, int kn, 15 | if (!c) 16 | return 0; 17 | 18 | + if ((c->nid == NID_aes_128_gcm || 19 | + c->nid == NID_aes_192_gcm || 20 | + c->nid == NID_aes_256_gcm) && 21 | + in > GCM_NONCE_MAX_SZ) { 22 | + printf("IV size %d is greater than wolfEngine GCM_NONCE_MAX_SZ (%d), " 23 | + "skipping test.\n", in, GCM_NONCE_MAX_SZ); 24 | + return 1; 25 | + } 26 | + 27 | test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, tag, tn, 28 | encdec); 29 | 30 | @@ -452,6 +463,7 @@ int main(int argc, char **argv) 31 | { 32 | const char *szTestFile; 33 | FILE *f; 34 | + ENGINE *e = NULL; 35 | 36 | if (argc != 2) { 37 | fprintf(stderr, "%s \n", argv[0]); 38 | @@ -473,8 +485,18 @@ int main(int argc, char **argv) 39 | OpenSSL_add_all_ciphers(); 40 | OpenSSL_add_all_digests(); 41 | #ifndef OPENSSL_NO_ENGINE 42 | - /* Load all compiled-in ENGINEs */ 43 | - ENGINE_load_builtin_engines(); 44 | + ENGINE_load_dynamic(); 45 | + e = ENGINE_by_id("wolfengine"); 46 | + if (e == NULL) { 47 | + printf("Failed to find wolfEngine.\n"); 48 | + return 1; 49 | + } 50 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 51 | + printf("Failed to enable wolfEngine debug logging.\n"); 52 | + return 1; 53 | + } 54 | + ENGINE_set_default_ciphers(e); 55 | + ENGINE_set_default_digests(e); 56 | #endif 57 | #if 0 58 | OPENSSL_config(); 59 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/fips/ecdhtest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c 2 | index 2fe2c66443..b1a8bab26f 100644 3 | --- a/crypto/ecdh/ecdhtest.c 4 | +++ b/crypto/ecdh/ecdhtest.c 5 | @@ -501,7 +501,7 @@ int main(int argc, char *argv[]) 6 | goto err; 7 | 8 | /* NIST PRIME CURVES TESTS */ 9 | - if (!test_ecdh_curve 10 | + if (test_ecdh_curve 11 | (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) 12 | goto err; 13 | if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) 14 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/fips/ecdsatest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c 2 | index 856d042..037ffb8 100644 3 | --- a/crypto/ecdsa/ecdsatest.c 4 | +++ b/crypto/ecdsa/ecdsatest.c 5 | @@ -260,7 +260,7 @@ int x9_62_tests(BIO *out, ENGINE *e) 6 | if (!change_rand()) 7 | goto x962_err; 8 | 9 | - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, 10 | + if (x9_62_test_internal(out, NID_X9_62_prime192v1, 11 | "3342403536405981729393488334694600415596881826869351677613", 12 | "5735822328888155254683894997897571951568553642892029982342", 13 | e)) 14 | @@ -337,8 +337,8 @@ int test_builtin(BIO *out) 15 | if (nid == NID_ipsec4) 16 | continue; 17 | 18 | - /* Only testing curves supported by wolfEngine */ 19 | - if (nid != NID_X9_62_prime192v1 && nid != NID_X9_62_prime256v1) 20 | + /* Only testing curves supported by wolfEngine and wolfCrypt FIPS */ 21 | + if (nid != NID_X9_62_prime256v1) 22 | continue; 23 | 24 | /* create new ecdsa key (== EC_KEY) */ 25 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/hmactest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c 2 | index 5a573950a4..ade854fa31 100644 3 | --- a/crypto/hmac/hmactest.c 4 | +++ b/crypto/hmac/hmactest.c 5 | @@ -69,6 +69,7 @@ int main(int argc, char *argv[]) 6 | return (0); 7 | } 8 | #else 9 | +# include 10 | # include 11 | # ifndef OPENSSL_NO_MD5 12 | # include 13 | @@ -144,6 +145,18 @@ int main(int argc, char *argv[]) 14 | HMAC_CTX ctx, ctx2; 15 | unsigned char buf[EVP_MAX_MD_SIZE]; 16 | unsigned int len; 17 | + ENGINE *e = NULL; 18 | + 19 | + ENGINE_load_dynamic(); 20 | + e = ENGINE_by_id("wolfengine"); 21 | + if (e == NULL) { 22 | + printf("Failed to find engine!\n"); 23 | + return 1; 24 | + } 25 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 26 | + printf("Failed to enable wolfEngine debug logging.\n"); 27 | + return 1; 28 | + } 29 | 30 | # ifdef OPENSSL_NO_MD5 31 | printf("test skipped: MD5 disabled\n"); 32 | @@ -173,7 +186,7 @@ int main(int argc, char *argv[]) 33 | 34 | /* test4 */ 35 | HMAC_CTX_init(&ctx); 36 | - if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { 37 | + if (HMAC_Init_ex(&ctx, NULL, 0, NULL, e)) { 38 | printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); 39 | err++; 40 | goto test5; 41 | @@ -183,7 +196,7 @@ int main(int argc, char *argv[]) 42 | err++; 43 | goto test5; 44 | } 45 | - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { 46 | + if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), e)) { 47 | printf("Should fail to initialise HMAC with empty key (test 4)\n"); 48 | err++; 49 | goto test5; 50 | @@ -197,7 +210,7 @@ int main(int argc, char *argv[]) 51 | test5: 52 | HMAC_CTX_cleanup(&ctx); 53 | HMAC_CTX_init(&ctx); 54 | - if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { 55 | + if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, e)) { 56 | printf("Should fail to initialise HMAC with empty MD (test 5)\n"); 57 | err++; 58 | goto test6; 59 | @@ -207,12 +220,12 @@ test5: 60 | err++; 61 | goto test6; 62 | } 63 | - if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { 64 | + if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), e)) { 65 | printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); 66 | err++; 67 | goto test6; 68 | } 69 | - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { 70 | + if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), e)) { 71 | printf("Failed to initialise HMAC (test 5)\n"); 72 | err++; 73 | goto test6; 74 | @@ -234,12 +247,12 @@ test5: 75 | err++; 76 | goto test6; 77 | } 78 | - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { 79 | + if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), e)) { 80 | printf("Should disallow changing MD without a new key (test 5)\n"); 81 | err++; 82 | goto test6; 83 | } 84 | - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { 85 | + if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), e)) { 86 | printf("Failed to reinitialise HMAC (test 5)\n"); 87 | err++; 88 | goto test6; 89 | @@ -261,7 +274,7 @@ test5: 90 | err++; 91 | goto test6; 92 | } 93 | - if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { 94 | + if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, e)) { 95 | printf("Failed to reinitialise HMAC with key (test 5)\n"); 96 | err++; 97 | goto test6; 98 | @@ -287,7 +300,7 @@ test5: 99 | test6: 100 | HMAC_CTX_cleanup(&ctx); 101 | HMAC_CTX_init(&ctx); 102 | - if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { 103 | + if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), e)) { 104 | printf("Failed to initialise HMAC (test 6)\n"); 105 | err++; 106 | goto end; 107 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/randtest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c 2 | index 91bcac9906..ee85d6ee6c 100644 3 | --- a/crypto/rand/randtest.c 4 | +++ b/crypto/rand/randtest.c 5 | @@ -58,6 +58,7 @@ 6 | 7 | #include 8 | #include 9 | +#include 10 | #include 11 | 12 | #include "../e_os.h" 13 | @@ -76,6 +77,19 @@ int main(int argc, char **argv) 14 | * double d; 15 | */ 16 | long d; 17 | + ENGINE *e = NULL; 18 | + 19 | + ENGINE_load_dynamic(); 20 | + e = ENGINE_by_id("wolfengine"); 21 | + if (e == NULL) { 22 | + printf("Failed to find wolfEngine.\n"); 23 | + return 1; 24 | + } 25 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 26 | + printf("Failed to enable wolfEngine debug logging.\n"); 27 | + return 1; 28 | + } 29 | + ENGINE_set_default_RAND(e); 30 | 31 | i = RAND_pseudo_bytes(buf, 2500); 32 | if (i < 0) { 33 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/rsa_test_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c 2 | index 85c7440b8c..3111e535bf 100644 3 | --- a/crypto/rsa/rsa_test.c 4 | +++ b/crypto/rsa/rsa_test.c 5 | @@ -5,6 +5,7 @@ 6 | 7 | #include "e_os.h" 8 | 9 | +#include 10 | #include 11 | #include 12 | #include 13 | @@ -221,6 +222,20 @@ int main(int argc, char *argv[]) 14 | int clen = 0; 15 | int num; 16 | int n; 17 | + ENGINE *e = NULL; 18 | + int keySize = 0; 19 | + 20 | + ENGINE_load_dynamic(); 21 | + e = ENGINE_by_id("wolfengine"); 22 | + if (e == NULL) { 23 | + printf("Failed to find wolfEngine.\n"); 24 | + return 1; 25 | + } 26 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 27 | + printf("Failed to enable wolfEngine debug logging.\n"); 28 | + return 1; 29 | + } 30 | + ENGINE_set_default_RSA(e); 31 | 32 | CRYPTO_malloc_debug_init(); 33 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); 34 | @@ -246,6 +261,14 @@ int main(int argc, char *argv[]) 35 | if (v / 3 >= 1) 36 | key->flags |= RSA_FLAG_NO_CONSTTIME; 37 | 38 | + keySize = BN_num_bytes(key->n) * 8; 39 | + /* Limit the key sizes tested to those allowed by wolfCrypt FIPS. */ 40 | + if (keySize < 1024 || keySize > 4096) { 41 | + printf("Skipping test because key size %d is too small for " 42 | + "wolfEngine.\n", keySize); 43 | + continue; 44 | + } 45 | + 46 | num = RSA_public_encrypt(plen, ptext_ex, ctext, key, 47 | RSA_PKCS1_PADDING); 48 | if (num != clen) { 49 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/sha1test_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c 2 | index 551a348df3..a956084445 100644 3 | --- a/crypto/sha/sha1test.c 4 | +++ b/crypto/sha/sha1test.c 5 | @@ -62,6 +62,8 @@ 6 | 7 | #include "../e_os.h" 8 | 9 | +#include 10 | + 11 | #ifdef OPENSSL_NO_SHA 12 | int main(int argc, char *argv[]) 13 | { 14 | @@ -111,12 +113,25 @@ int main(int argc, char *argv[]) 15 | char *p, *r; 16 | EVP_MD_CTX c; 17 | unsigned char md[SHA_DIGEST_LENGTH]; 18 | + ENGINE *e = NULL; 19 | 20 | # ifdef CHARSET_EBCDIC 21 | ebcdic2ascii(test[0], test[0], strlen(test[0])); 22 | ebcdic2ascii(test[1], test[1], strlen(test[1])); 23 | # endif 24 | 25 | + ENGINE_load_dynamic(); 26 | + e = ENGINE_by_id("wolfengine"); 27 | + if (e == NULL) { 28 | + printf("Failed to find wolfEngine.\n"); 29 | + return 1; 30 | + } 31 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 32 | + printf("Failed to enable wolfEngine debug logging.\n"); 33 | + return 1; 34 | + } 35 | + ENGINE_set_default_digests(e); 36 | + 37 | EVP_MD_CTX_init(&c); 38 | P = test; 39 | R = ret; 40 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/sha256t_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c 2 | index 35dbbc2a96..e7396b4c9b 100644 3 | --- a/crypto/sha/sha256t.c 4 | +++ b/crypto/sha/sha256t.c 5 | @@ -7,6 +7,7 @@ 6 | #include 7 | #include 8 | 9 | +#include 10 | #include 11 | #include 12 | 13 | @@ -65,6 +66,19 @@ int main(int argc, char **argv) 14 | unsigned char md[SHA256_DIGEST_LENGTH]; 15 | int i; 16 | EVP_MD_CTX evp; 17 | + ENGINE *e = NULL; 18 | + 19 | + ENGINE_load_dynamic(); 20 | + e = ENGINE_by_id("wolfengine"); 21 | + if (e == NULL) { 22 | + printf("Failed to find wolfEngine.\n"); 23 | + return 1; 24 | + } 25 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 26 | + printf("Failed to enable wolfEngine debug logging.\n"); 27 | + return 1; 28 | + } 29 | + ENGINE_set_default_digests(e); 30 | 31 | fprintf(stdout, "Testing SHA-256 "); 32 | 33 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/sha512t_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c 2 | index 178882fc76..31ce49240d 100644 3 | --- a/crypto/sha/sha512t.c 4 | +++ b/crypto/sha/sha512t.c 5 | @@ -7,6 +7,7 @@ 6 | #include 7 | #include 8 | 9 | +#include 10 | #include 11 | #include 12 | #include 13 | @@ -84,6 +85,19 @@ int main(int argc, char **argv) 14 | unsigned char md[SHA512_DIGEST_LENGTH]; 15 | int i; 16 | EVP_MD_CTX evp; 17 | + ENGINE *e = NULL; 18 | + 19 | + ENGINE_load_dynamic(); 20 | + e = ENGINE_by_id("wolfengine"); 21 | + if (e == NULL) { 22 | + printf("Failed to find wolfEngine.\n"); 23 | + return 1; 24 | + } 25 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 26 | + printf("Failed to enable wolfEngine debug logging.\n"); 27 | + return 1; 28 | + } 29 | + ENGINE_set_default_digests(e); 30 | 31 | # ifdef OPENSSL_IA32_SSE2 32 | /* 33 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/ssltest_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/ssl/ssltest.c b/ssl/ssltest.c 2 | index 1db84ad..ba68a5e 100644 3 | --- a/ssl/ssltest.c 4 | +++ b/ssl/ssltest.c 5 | @@ -991,6 +991,19 @@ int main(int argc, char *argv[]) 6 | int fips_mode = 0; 7 | #endif 8 | int no_protocol = 0; 9 | + ENGINE *e = NULL; 10 | + 11 | + ENGINE_load_dynamic(); 12 | + e = ENGINE_by_id("wolfengine"); 13 | + if (e == NULL) { 14 | + printf("Failed to find wolfEngine.\n"); 15 | + return 1; 16 | + } 17 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 18 | + printf("Failed to enable wolfEngine debug logging.\n"); 19 | + return 1; 20 | + } 21 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 22 | 23 | verbose = 0; 24 | debug = 0; 25 | diff --git a/test/testenc b/test/testenc 26 | old mode 100644 27 | new mode 100755 28 | -------------------------------------------------------------------------------- /openssl_patches/1.0.2h/tests/verify_extra_test_102h.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/x509/verify_extra_test.c b/crypto/x509/verify_extra_test.c 2 | index 08509f0..8cd5a99 100644 3 | --- a/crypto/x509/verify_extra_test.c 4 | +++ b/crypto/x509/verify_extra_test.c 5 | @@ -61,6 +61,7 @@ 6 | #include 7 | #include 8 | #include 9 | +#include 10 | 11 | static STACK_OF(X509) *load_certs_from_file(const char *filename) 12 | { 13 | @@ -185,6 +186,8 @@ static int test_alt_chains_cert_forgery(void) 14 | 15 | int main(void) 16 | { 17 | + ENGINE* e = NULL; 18 | + 19 | CRYPTO_malloc_debug_init(); 20 | CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 21 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 22 | @@ -192,6 +195,18 @@ int main(void) 23 | ERR_load_crypto_strings(); 24 | OpenSSL_add_all_digests(); 25 | 26 | + ENGINE_load_dynamic(); 27 | + e = ENGINE_by_id("wolfengine"); 28 | + if (e == NULL) { 29 | + printf("Failed to find wolfEngine.\n"); 30 | + return 1; 31 | + } 32 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 33 | + printf("Failed to enable wolfEngine debug logging.\n"); 34 | + return 1; 35 | + } 36 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 37 | + 38 | if (!test_alt_chains_cert_forgery()) { 39 | fprintf(stderr, "Test alt chains cert forgery failed\n"); 40 | return 1; 41 | @@ -201,6 +216,10 @@ int main(void) 42 | CRYPTO_cleanup_all_ex_data(); 43 | ERR_remove_thread_state(NULL); 44 | ERR_free_strings(); 45 | + 46 | + ENGINE_finish(e); 47 | + ENGINE_cleanup(); 48 | + 49 | CRYPTO_mem_leaks_fp(stderr); 50 | 51 | printf("PASS\n"); 52 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/12-ct.conf.in_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in 2 | index 7c030499..74c8800b 100644 3 | --- a/test/ssl-tests/12-ct.conf.in 4 | +++ b/test/ssl-tests/12-ct.conf.in 5 | @@ -28,22 +28,6 @@ our @tests = ( 6 | "ExpectedResult" => "Success", 7 | }, 8 | }, 9 | - { 10 | - name => "ct-permissive-with-scts", 11 | - server => { 12 | - "Certificate" => test_pem("embeddedSCTs1.pem"), 13 | - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 14 | - }, 15 | - client => { 16 | - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 17 | - extra => { 18 | - "CTValidation" => "Permissive", 19 | - }, 20 | - }, 21 | - test => { 22 | - "ExpectedResult" => "Success", 23 | - }, 24 | - }, 25 | { 26 | name => "ct-strict-without-scts", 27 | server => { }, 28 | @@ -57,63 +41,4 @@ our @tests = ( 29 | "ExpectedClientAlert" => "HandshakeFailure", 30 | }, 31 | }, 32 | - { 33 | - name => "ct-strict-with-scts", 34 | - server => { 35 | - "Certificate" => test_pem("embeddedSCTs1.pem"), 36 | - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 37 | - }, 38 | - client => { 39 | - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 40 | - extra => { 41 | - "CTValidation" => "Strict", 42 | - }, 43 | - }, 44 | - test => { 45 | - "ExpectedResult" => "Success", 46 | - }, 47 | - }, 48 | - { 49 | - name => "ct-permissive-resumption", 50 | - server => { 51 | - "Certificate" => test_pem("embeddedSCTs1.pem"), 52 | - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 53 | - }, 54 | - client => { 55 | - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 56 | - extra => { 57 | - "CTValidation" => "Permissive", 58 | - }, 59 | - }, 60 | - test => { 61 | - "HandshakeMode" => "Resume", 62 | - "ResumptionExpected" => "Yes", 63 | - "ExpectedResult" => "Success", 64 | - }, 65 | - }, 66 | - { 67 | - name => "ct-strict-resumption", 68 | - server => { 69 | - "Certificate" => test_pem("embeddedSCTs1.pem"), 70 | - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 71 | - }, 72 | - client => { 73 | - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 74 | - extra => { 75 | - "CTValidation" => "Strict", 76 | - }, 77 | - }, 78 | - # SCTs are not present during resumption, so the resumption 79 | - # should succeed. 80 | - resume_client => { 81 | - extra => { 82 | - "CTValidation" => "Strict", 83 | - }, 84 | - }, 85 | - test => { 86 | - "HandshakeMode" => "Resume", 87 | - "ResumptionExpected" => "Yes", 88 | - "ExpectedResult" => "Success", 89 | - }, 90 | - }, 91 | ); 92 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/14-curves.conf.in_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in 2 | index 2f8077c4..6f656aff 100644 3 | --- a/test/ssl-tests/14-curves.conf.in 4 | +++ b/test/ssl-tests/14-curves.conf.in 5 | @@ -10,14 +10,7 @@ use warnings; 6 | use OpenSSL::Test; 7 | use OpenSSL::Test::Utils qw(anydisabled); 8 | 9 | -my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", 10 | - "sect193r2", "sect233k1", "sect233r1", "sect239k1", 11 | - "sect283k1", "sect283r1", "sect409k1", "sect409r1", 12 | - "sect571k1", "sect571r1", "secp160k1", "secp160r1", 13 | - "secp160r2", "secp192k1", "prime192v1", "secp224k1", 14 | - "secp224r1", "secp256k1", "prime256v1", "secp384r1", 15 | - "secp521r1", "brainpoolP256r1", "brainpoolP384r1", 16 | - "brainpoolP512r1", "X25519", "X448"); 17 | +my @curves = ( "prime192v1", "prime256v1", "secp384r1", "secp521r1"); 18 | 19 | our @tests = (); 20 | 21 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/20-cert-select.conf.in_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in 2 | index bdf53c6e..2038bdf2 100644 3 | --- a/test/ssl-tests/20-cert-select.conf.in 4 | +++ b/test/ssl-tests/20-cert-select.conf.in 5 | @@ -138,28 +138,6 @@ our @tests = ( 6 | "ExpectedResult" => "Success" 7 | }, 8 | }, 9 | - { 10 | - name => "ECDSA with brainpool", 11 | - server => { 12 | - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), 13 | - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), 14 | - "Groups" => "brainpoolP256r1", 15 | - }, 16 | - client => { 17 | - #We don't restrict this to TLSv1.2, although use of brainpool 18 | - #should force this anyway so that this should succeed 19 | - "CipherString" => "aECDSA", 20 | - "RequestCAFile" => test_pem("root-cert.pem"), 21 | - "Groups" => "brainpoolP256r1", 22 | - }, 23 | - test => { 24 | - "ExpectedServerCertType" =>, "brainpoolP256r1", 25 | - "ExpectedServerSignType" =>, "EC", 26 | - # Note: certificate_authorities not sent for TLS < 1.3 27 | - "ExpectedServerCANames" =>, "empty", 28 | - "ExpectedResult" => "Success" 29 | - }, 30 | - }, 31 | { 32 | name => "RSA CipherString Selection", 33 | server => $server, 34 | @@ -784,23 +762,6 @@ my @tests_tls_1_3 = ( 35 | "ExpectedResult" => "Success" 36 | }, 37 | }, 38 | - { 39 | - name => "TLS 1.3 ECDSA with brainpool", 40 | - server => { 41 | - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), 42 | - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), 43 | - "Groups" => "brainpoolP256r1", 44 | - }, 45 | - client => { 46 | - "RequestCAFile" => test_pem("root-cert.pem"), 47 | - "Groups" => "brainpoolP256r1", 48 | - "MinProtocol" => "TLSv1.3", 49 | - "MaxProtocol" => "TLSv1.3" 50 | - }, 51 | - test => { 52 | - "ExpectedResult" => "ServerFail" 53 | - }, 54 | - }, 55 | ); 56 | 57 | push @tests, @tests_tls_1_3 unless disabled("tls1_3"); 58 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/apps_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/apps/apps.c b/apps/apps.c 2 | index 36cb0b27..4b016814 100644 3 | --- a/apps/apps.c 4 | +++ b/apps/apps.c 5 | @@ -1282,6 +1282,7 @@ static ENGINE *try_load_engine(const char *engine) 6 | ENGINE *setup_engine(const char *engine, int debug) 7 | { 8 | ENGINE *e = NULL; 9 | + debug = 1; 10 | 11 | #ifndef OPENSSL_NO_ENGINE 12 | if (engine != NULL) { 13 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/drbgtest_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/drbgtest.c b/test/drbgtest.c 2 | index 0782a7c0..d6c78c0b 100644 3 | --- a/test/drbgtest.c 4 | +++ b/test/drbgtest.c 5 | @@ -968,13 +968,18 @@ static int test_rand_add(void) 6 | return 1; 7 | } 8 | 9 | +extern ENGINE *e; 10 | + 11 | int setup_tests(void) 12 | { 13 | app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); 14 | 15 | ADD_ALL_TESTS(test_kats, OSSL_NELEM(drbg_test)); 16 | ADD_ALL_TESTS(test_error_checks, OSSL_NELEM(drbg_test)); 17 | - ADD_TEST(test_rand_drbg_reseed); 18 | + if (e == NULL) { 19 | + /* RAND_OpenSSL() specific test. */ 20 | + ADD_TEST(test_rand_drbg_reseed); 21 | + } 22 | ADD_TEST(test_rand_seed); 23 | ADD_TEST(test_rand_add); 24 | #if defined(OPENSSL_THREADS) 25 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/ecdsatest_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ecdsatest.c b/test/ecdsatest.c 2 | index 531562ed..cee1fb33 100644 3 | --- a/test/ecdsatest.c 4 | +++ b/test/ecdsatest.c 5 | @@ -245,6 +245,11 @@ static int test_builtin(void) 6 | nid = curves[n].nid; 7 | if (nid == NID_ipsec4 || nid == NID_ipsec3) 8 | continue; 9 | + /* Only test the P-256, P-384, P-521 for FIPS. */ 10 | + if (nid != NID_X9_62_prime256v1 && nid != NID_secp384r1 && 11 | + nid != NID_secp521r1) { 12 | + continue; 13 | + } 14 | /* create new ecdsa key (== EC_KEY) */ 15 | if (!TEST_ptr(eckey = EC_KEY_new()) 16 | || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) 17 | @@ -397,12 +402,16 @@ static int test_builtin(void) 18 | } 19 | #endif 20 | 21 | +extern ENGINE* e; 22 | int setup_tests(void) 23 | { 24 | #ifdef OPENSSL_NO_EC 25 | TEST_note("Elliptic curves are disabled."); 26 | #else 27 | - ADD_TEST(x9_62_tests); 28 | + if (e == NULL) { 29 | + /* Non-FIPS curves. */ 30 | + ADD_TEST(x9_62_tests); 31 | + } 32 | ADD_TEST(test_builtin); 33 | #endif 34 | return 1; 35 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/evp_test_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/evp_test.c b/test/evp_test.c 2 | index 85c1552a..e28e0fba 100644 3 | --- a/test/evp_test.c 4 | +++ b/test/evp_test.c 5 | @@ -17,6 +17,7 @@ 6 | #include 7 | #include 8 | #include 9 | +#include 10 | #include "internal/numbers.h" 11 | #include "testutil.h" 12 | #include "evp_test.h" 13 | @@ -776,6 +777,14 @@ static int cipher_test_run(EVP_TEST *t) 14 | inp_misalign ? "misaligned" : "aligned", 15 | frag ? "" : "not "); 16 | } 17 | + 18 | + if (cdat->aead == EVP_CIPH_GCM_MODE && 19 | + cdat->iv_len > 16) { 20 | + printf("IV size %ld is greater than wolfEngine " 21 | + "GCM_NONCE_MAX_SZ (16), skipping test.\n", cdat->iv_len); 22 | + return 1; 23 | + } 24 | + 25 | if (cdat->enc) { 26 | rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); 27 | /* Not fatal errors: return */ 28 | @@ -802,6 +811,8 @@ static int cipher_test_run(EVP_TEST *t) 29 | * lengths so we don't fragment for those 30 | */ 31 | if (cdat->aead == EVP_CIPH_CCM_MODE 32 | + /* wolfengine doesn't support fragmented GCM */ 33 | + || cdat->aead == EVP_CIPH_GCM_MODE 34 | || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE 35 | || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) 36 | break; 37 | @@ -958,17 +969,30 @@ static int mac_test_run(EVP_TEST *t) 38 | size_t got_len; 39 | int i; 40 | 41 | -#ifdef OPENSSL_NO_DES 42 | + /* wolfengine only supports CMAC with AES. */ 43 | if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) { 44 | /* Skip DES */ 45 | t->err = NULL; 46 | goto err; 47 | } 48 | -#endif 49 | 50 | - if (expected->type == EVP_PKEY_CMAC) 51 | + if (expected->type == EVP_PKEY_CMAC) { 52 | +#if 0 53 | key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, 54 | EVP_get_cipherbyname(expected->alg)); 55 | +#else 56 | + ENGINE *e = ENGINE_get_pkey_meth_engine(NID_cmac); 57 | + EVP_PKEY_CTX *pctx; 58 | + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, e); 59 | + EVP_PKEY_keygen_init(pctx); 60 | + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_KEYGEN, 61 | + EVP_PKEY_CTRL_CIPHER, 0, 62 | + (void*)EVP_get_cipherbyname(expected->alg)); 63 | + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_KEYGEN, 64 | + EVP_PKEY_CTRL_SET_MAC_KEY, expected->key_len, expected->key); 65 | + EVP_PKEY_keygen(pctx, &key); 66 | +#endif 67 | + } 68 | else 69 | key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key, 70 | expected->key_len); 71 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/evpcase.txt_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/recipes/30-test_evp_data/evpcase.txt b/test/recipes/30-test_evp_data/evpcase.txt 2 | index 69828eec..23e95557 100644 3 | --- a/test/recipes/30-test_evp_data/evpcase.txt 4 | +++ b/test/recipes/30-test_evp_data/evpcase.txt 5 | @@ -28,12 +28,14 @@ IV = 73BED6B8E3C1743B7116E69E22229516 6 | Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 7 | Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 8 | 9 | -Cipher = aES-128-CTR 10 | -Key = AE6852F8121067CC4BF7A5765577F39E 11 | -IV = 00000030000000000000000000000001 12 | -Operation = ENCRYPT 13 | -Plaintext = 53696E676C6520626C6F636B206D7367 14 | -Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 15 | +# wolfCrypt FIPSv2 does not include fix to AesCtrEncrypt() for this to pass 16 | +# See addition of scratch[] in wolfcrypt/src/aes.c of non-FIPS wolfSSL 17 | +# Cipher = aES-128-CTR 18 | +# Key = AE6852F8121067CC4BF7A5765577F39E 19 | +# IV = 00000030000000000000000000000001 20 | +# Operation = ENCRYPT 21 | +# Plaintext = 53696E676C6520626C6F636B206D7367 22 | +# Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 23 | 24 | Cipher = AES-128-GcM 25 | Key = 00000000000000000000000000000000 26 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/evpkdf.txt_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt 2 | index 9a6cc283..d8b78730 100644 3 | --- a/test/recipes/30-test_evp_data/evpkdf.txt 4 | +++ b/test/recipes/30-test_evp_data/evpkdf.txt 5 | @@ -71,19 +71,20 @@ Result = KDF_DERIVE_ERROR 6 | 7 | Title = HKDF tests (from RFC5869 test vectors) 8 | 9 | -KDF = HKDF 10 | -Ctrl.md = md:SHA256 11 | -Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 12 | -Ctrl.salt = hexsalt:000102030405060708090a0b0c 13 | -Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 14 | -Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 15 | - 16 | -KDF = HKDF 17 | -Ctrl.mode = mode:EXTRACT_ONLY 18 | -Ctrl.md = md:SHA256 19 | -Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 20 | -Ctrl.salt = hexsalt:000102030405060708090a0b0c 21 | -Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 22 | +# wolfSSL FIPS - salt needs to be at least 14. 23 | +#KDF = HKDF 24 | +#Ctrl.md = md:SHA256 25 | +#Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 26 | +#Ctrl.salt = hexsalt:000102030405060708090a0b0c 27 | +#Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 28 | +#Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 29 | + 30 | +#KDF = HKDF 31 | +#Ctrl.mode = mode:EXTRACT_ONLY 32 | +#Ctrl.md = md:SHA256 33 | +#Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 34 | +#Ctrl.salt = hexsalt:000102030405060708090a0b0c 35 | +#Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 36 | 37 | KDF = HKDF 38 | Ctrl.mode = mode:EXPAND_ONLY 39 | @@ -135,19 +136,20 @@ Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb 40 | Ctrl.info = info: 41 | Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 42 | 43 | -KDF = HKDF 44 | -Ctrl.md = md:SHA1 45 | -Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b 46 | -Ctrl.salt = hexsalt:000102030405060708090a0b0c 47 | -Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 48 | -Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 49 | - 50 | -KDF = HKDF 51 | -Ctrl.mode = mode:EXTRACT_ONLY 52 | -Ctrl.md = md:SHA1 53 | -Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b 54 | -Ctrl.salt = hexsalt:000102030405060708090a0b0c 55 | -Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 56 | +# wolfSSL FIPS - salt needs to be at least 14. 57 | +#KDF = HKDF 58 | +#Ctrl.md = md:SHA1 59 | +#Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b 60 | +#Ctrl.salt = hexsalt:000102030405060708090a0b0c 61 | +#Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 62 | +#Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 63 | + 64 | +#KDF = HKDF 65 | +#Ctrl.mode = mode:EXTRACT_ONLY 66 | +#Ctrl.md = md:SHA1 67 | +#Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b 68 | +#Ctrl.salt = hexsalt:000102030405060708090a0b0c 69 | +#Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 70 | 71 | KDF = HKDF 72 | Ctrl.mode = mode:EXPAND_ONLY 73 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/evpmac.txt_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt 2 | index 2bcb3c33..69c86fe6 100644 3 | --- a/test/recipes/30-test_evp_data/evpmac.txt 4 | +++ b/test/recipes/30-test_evp_data/evpmac.txt 5 | @@ -167,11 +167,12 @@ Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 6 | Input = "Hi There" 7 | Output = 9294727a3638bb1c13f48ef8158bfc9d 8 | 9 | -MAC = HMAC 10 | -Algorithm = MD5 11 | -Key = "Jefe" 12 | -Input = "what do ya want for nothing?" 13 | -Output = 750c783e6ab0b503eaa86e310a5db738 14 | +# Key length too small for wolfCrypt FIPSv2 15 | +# MAC = HMAC 16 | +# Algorithm = MD5 17 | +# Key = "Jefe" 18 | +# Input = "what do ya want for nothing?" 19 | +# Output = 750c783e6ab0b503eaa86e310a5db738 20 | 21 | MAC = HMAC 22 | Algorithm = MD5 23 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/fips/14-curves.conf.in_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in 2 | index 6f656affd7..5b4518d56c 100644 3 | --- a/test/ssl-tests/14-curves.conf.in 4 | +++ b/test/ssl-tests/14-curves.conf.in 5 | @@ -10,7 +10,7 @@ use warnings; 6 | use OpenSSL::Test; 7 | use OpenSSL::Test::Utils qw(anydisabled); 8 | 9 | -my @curves = ( "prime192v1", "prime256v1", "secp384r1", "secp521r1"); 10 | +my @curves = ( "prime256v1", "secp384r1", "secp521r1"); 11 | 12 | our @tests = (); 13 | 14 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/fips/80-test_cms.t_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t 2 | index f038bea31d..e81a34d4d4 100644 3 | --- a/test/recipes/80-test_cms.t 4 | +++ b/test/recipes/80-test_cms.t 5 | @@ -108,7 +108,7 @@ my @smime_pkcs7_tests = ( 6 | ], 7 | 8 | [ "signed content S/MIME format, RSA key SHA1", 9 | - [ "-sign", "-in", $smcont, "-md", "sha1", 10 | + [ "-sign", "-in", $smcont, "-md", "sha256", 11 | "-certfile", catfile($smdir, "smroot.pem"), 12 | "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 13 | [ "-verify", "-in", "test.cms", 14 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/fips/80-test_ssl_old.t_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t 2 | index 377bf090ba..ec10448c55 100644 3 | --- a/test/recipes/80-test_ssl_old.t 4 | +++ b/test/recipes/80-test_ssl_old.t 5 | @@ -32,8 +32,8 @@ my $no_anydtls = alldisabled(available_protocols("dtls")); 6 | plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" 7 | if $no_anytls && $no_anydtls; 8 | 9 | -my $digest = "-sha1"; 10 | -my @reqcmd = ("openssl", "req"); 11 | +my $digest = "-sha256"; 12 | +my @reqcmd = ("openssl", "req", $digest); 13 | my @x509cmd = ("openssl", "x509", $digest); 14 | my @verifycmd = ("openssl", "verify"); 15 | my @gendsacmd = ("openssl", "gendsa"); 16 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/hmactest_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/hmactest.c b/test/hmactest.c 2 | index ca775773..236c656d 100644 3 | --- a/test/hmactest.c 4 | +++ b/test/hmactest.c 5 | @@ -23,6 +23,9 @@ 6 | # include 7 | # endif 8 | 9 | +#include 10 | +extern ENGINE *e; 11 | + 12 | #include "testutil.h" 13 | 14 | # ifndef OPENSSL_NO_MD5 15 | @@ -113,9 +116,9 @@ static int test_hmac_bad(void) 16 | ctx = HMAC_CTX_new(); 17 | if (!TEST_ptr(ctx) 18 | || !TEST_ptr_null(HMAC_CTX_get_md(ctx)) 19 | - || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) 20 | + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, e)) 21 | || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len)) 22 | - || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) 23 | + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), e)) 24 | || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len))) 25 | goto err; 26 | 27 | @@ -138,12 +141,12 @@ static int test_hmac_run(void) 28 | 29 | if (!TEST_ptr(ctx) 30 | || !TEST_ptr_null(HMAC_CTX_get_md(ctx)) 31 | - || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) 32 | + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, e)) 33 | || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len)) 34 | - || !TEST_false(HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL))) 35 | + || !TEST_false(HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), e))) 36 | goto err; 37 | 38 | - if (!TEST_true(HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) 39 | + if (!TEST_true(HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), e)) 40 | || !TEST_true(HMAC_Update(ctx, test[4].data, test[4].data_len)) 41 | || !TEST_true(HMAC_Final(ctx, buf, &len))) 42 | goto err; 43 | @@ -152,10 +155,10 @@ static int test_hmac_run(void) 44 | if (!TEST_str_eq(p, (char *)test[4].digest)) 45 | goto err; 46 | 47 | - if (!TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL))) 48 | + if (!TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), e))) 49 | goto err; 50 | 51 | - if (!TEST_true(HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) 52 | + if (!TEST_true(HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), e)) 53 | || !TEST_ptr_eq(HMAC_CTX_get_md(ctx), EVP_sha256()) 54 | || !TEST_true(HMAC_Update(ctx, test[5].data, test[5].data_len)) 55 | || !TEST_true(HMAC_Final(ctx, buf, &len))) 56 | @@ -165,7 +168,7 @@ static int test_hmac_run(void) 57 | if (!TEST_str_eq(p, (char *)test[5].digest)) 58 | goto err; 59 | 60 | - if (!TEST_true(HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) 61 | + if (!TEST_true(HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, e)) 62 | || !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len)) 63 | || !TEST_true(HMAC_Final(ctx, buf, &len))) 64 | goto err; 65 | @@ -207,7 +210,7 @@ static int test_hmac_copy(void) 66 | if (!TEST_ptr(ctx) || !TEST_ptr(ctx2)) 67 | goto err; 68 | 69 | - if (!TEST_true(HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) 70 | + if (!TEST_true(HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), e)) 71 | || !TEST_true(HMAC_Update(ctx, test[7].data, test[7].data_len)) 72 | || !TEST_true(HMAC_CTX_copy(ctx2, ctx)) 73 | || !TEST_true(HMAC_Final(ctx2, buf, &len))) 74 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/main_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/testutil/main.c b/test/testutil/main.c 2 | index d3ccdda3..f2d7591d 100644 3 | --- a/test/testutil/main.c 4 | +++ b/test/testutil/main.c 5 | @@ -13,6 +13,7 @@ 6 | #include "tu_local.h" 7 | 8 | #include 9 | +#include 10 | 11 | static size_t arg_count; 12 | static char **args; 13 | @@ -31,10 +32,24 @@ static void check_arg_usage(void) 14 | test_printf_stderr("Warning arguments %zu and later unchecked\n", i); 15 | } 16 | 17 | +ENGINE *e = NULL; 18 | + 19 | int main(int argc, char *argv[]) 20 | { 21 | int ret = EXIT_FAILURE; 22 | 23 | + ENGINE_load_dynamic(); 24 | + e = ENGINE_by_id("libwolfengine"); 25 | + if (e == NULL) { 26 | + printf("Failed to find wolfEngine.\n"); 27 | + return 1; 28 | + } 29 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 30 | + printf("Failed to enable wolfEngine debug logging.\n"); 31 | + return 1; 32 | + } 33 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 34 | + 35 | test_open_streams(); 36 | 37 | if (!global_init()) { 38 | @@ -54,6 +69,9 @@ int main(int argc, char *argv[]) 39 | 40 | ret = pulldown_test_framework(ret); 41 | test_close_streams(); 42 | + 43 | + ENGINE_finish(e); 44 | + ENGINE_cleanup(); 45 | return ret; 46 | } 47 | 48 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/mksmime_certs.txt_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh 2 | index c98e164b..8fad96c2 3 | --- a/test/smime-certs/mksmime-certs.sh 4 | +++ b/test/smime-certs/mksmime-certs.sh 5 | @@ -9,7 +9,7 @@ 6 | 7 | # Utility to recreate S/MIME certificates 8 | 9 | -OPENSSL=../../apps/openssl 10 | +OPENSSL=openssl 11 | OPENSSL_CONF=./ca.cnf 12 | export OPENSSL_CONF 13 | 14 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/ocspapitest_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/ocspapitest.c b/test/ocspapitest.c 2 | index 43b03e3f..d9d01ac2 100644 3 | --- a/test/ocspapitest.c 4 | +++ b/test/ocspapitest.c 5 | @@ -105,7 +105,7 @@ static int test_resp_signer(void) 6 | || !TEST_ptr(extra_certs) 7 | || !TEST_true(get_cert_and_key(&signer, &key)) 8 | || !TEST_true(sk_X509_push(extra_certs, signer)) 9 | - || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), 10 | + || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha256(), 11 | NULL, OCSP_NOCERTS))) 12 | goto err; 13 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) 14 | @@ -117,7 +117,7 @@ static int test_resp_signer(void) 15 | bs = make_dummy_resp(); 16 | tmp = NULL; 17 | if (!TEST_ptr(bs) 18 | - || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), 19 | + || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha256(), 20 | NULL, 0))) 21 | goto err; 22 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) 23 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/openssl_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/apps/openssl.c b/apps/openssl.c 2 | index a872e2c5..6fe79d59 100644 3 | --- a/apps/openssl.c 4 | +++ b/apps/openssl.c 5 | @@ -127,6 +127,20 @@ int main(int argc, char *argv[]) 6 | const char *prompt; 7 | ARGS arg; 8 | int first, n, i, ret = 0; 9 | + ENGINE *e; 10 | + 11 | + ENGINE_load_dynamic(); 12 | + e = ENGINE_by_id("libwolfengine"); 13 | + if (e == NULL) { 14 | + printf("Failed to find wolfEngine.\n"); 15 | + return 1; 16 | + } 17 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 18 | + printf("Failed to enable wolfEngine debug logging.\n"); 19 | + return 1; 20 | + } 21 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 22 | + 23 | 24 | arg.argv = NULL; 25 | arg.size = 0; 26 | @@ -260,12 +274,14 @@ int main(int argc, char *argv[]) 27 | 28 | BIO_free(bio_in); 29 | BIO_free_all(bio_out); 30 | + ENGINE_finish(e); 31 | apps_shutdown(); 32 | #ifndef OPENSSL_NO_CRYPTO_MDEBUG 33 | if (CRYPTO_mem_leaks(bio_err) <= 0) 34 | ret = 1; 35 | #endif 36 | BIO_free(bio_err); 37 | + ENGINE_cleanup(); 38 | EXIT(ret); 39 | } 40 | 41 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/pkey_meth_kdf_test_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c 2 | index f2abcf3e..2b24b00e 100644 3 | --- a/test/pkey_meth_kdf_test.c 4 | +++ b/test/pkey_meth_kdf_test.c 5 | @@ -31,7 +31,7 @@ static int test_kdf_tls1_prf(void) 6 | TEST_error("EVP_PKEY_CTX_set_tls1_prf_md"); 7 | return 0; 8 | } 9 | - if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) { 10 | + if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret of min 14", 16) <= 0) { 11 | TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); 12 | return 0; 13 | } 14 | @@ -46,8 +46,8 @@ static int test_kdf_tls1_prf(void) 15 | 16 | { 17 | const unsigned char expected[sizeof(out)] = { 18 | - 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, 19 | - 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc 20 | + 0xb4, 0x19, 0x01, 0x10, 0x06, 0x49, 0x06, 0x23, 21 | + 0xbe, 0x42, 0x98, 0xfe, 0x33, 0xb0, 0x76, 0xbb 22 | }; 23 | if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { 24 | return 0; 25 | @@ -72,11 +72,11 @@ static int test_kdf_hkdf(void) 26 | TEST_error("EVP_PKEY_CTX_set_hkdf_md"); 27 | return 0; 28 | } 29 | - if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) { 30 | + if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt of at least 14", 19) <= 0) { 31 | TEST_error("EVP_PKEY_CTX_set1_hkdf_salt"); 32 | return 0; 33 | } 34 | - if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) { 35 | + if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret of at least 14", 20) <= 0) { 36 | TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); 37 | return 0; 38 | } 39 | @@ -91,7 +91,7 @@ static int test_kdf_hkdf(void) 40 | 41 | { 42 | const unsigned char expected[sizeof(out)] = { 43 | - 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 44 | + 0x73, 0xd2, 0xc0, 0x50, 0xe8, 0x88, 0xef, 0xd9, 0x05, 0xb5 45 | }; 46 | if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { 47 | return 0; 48 | -------------------------------------------------------------------------------- /openssl_patches/1.1.1b/tests/rsa_test_111b.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/rsa_test.c b/test/rsa_test.c 2 | index 2ad4de47..c675ad1f 100644 3 | --- a/test/rsa_test.c 4 | +++ b/test/rsa_test.c 5 | @@ -249,10 +249,19 @@ static int test_rsa_pkcs1(int idx) 6 | int plen; 7 | int clen = 0; 8 | int num; 9 | + int keySize; 10 | 11 | plen = sizeof(ptext_ex) - 1; 12 | clen = rsa_setkey(&key, ctext_ex, idx); 13 | 14 | + keySize = clen * 8; 15 | + /* Limit the key sizes tested to those allowed by wolfCrypt FIPS. */ 16 | + if (keySize < 1024 || keySize > 4096) { 17 | + printf("Skipping test because key size %d is too small for " 18 | + "wolfEngine.\n", keySize); 19 | + return 1; 20 | + } 21 | + 22 | num = RSA_public_encrypt(plen, ptext_ex, ctext, key, 23 | RSA_PKCS1_PADDING); 24 | if (!TEST_int_eq(num, clen)) 25 | @@ -280,10 +289,19 @@ static int test_rsa_oaep(int idx) 26 | int clen = 0; 27 | int num; 28 | int n; 29 | + int keySize; 30 | 31 | plen = sizeof(ptext_ex) - 1; 32 | clen = rsa_setkey(&key, ctext_ex, idx); 33 | 34 | + keySize = clen * 8; 35 | + /* Limit the key sizes tested to those allowed by wolfCrypt FIPS. */ 36 | + if (keySize < 1024 || keySize > 4096) { 37 | + printf("Skipping test because key size %d is too small for " 38 | + "wolfEngine.\n", keySize); 39 | + return 1; 40 | + } 41 | + 42 | num = RSA_public_encrypt(plen, ptext_ex, ctext, key, 43 | RSA_PKCS1_OAEP_PADDING); 44 | if (num == -1 && pad_unknown()) { 45 | -------------------------------------------------------------------------------- /pre-commit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # pre-commit.sh 4 | # 5 | # Hook for git that must pass beofre commit is accepted. 6 | 7 | # Save current config 8 | echo "\n\nSaving current config\n\n" 9 | cp config.status tmp.status 10 | 11 | # Stash modified files, if any, that are not part of this commit, don't test 12 | # them 13 | STASHED=0 14 | if ! git diff --quiet 15 | then 16 | STASHED=1 17 | echo "\n\nStashing modified files not part of commit\n\n" 18 | git stash -q --keep-index 19 | fi 20 | 21 | # Run the commit tests 22 | echo "\n\nRunning commit tests...\n\n" 23 | ./commit-tests.sh 24 | RESULT=$? 25 | 26 | # Restore modified files not part of this commit 27 | if test $STASHED -eq 1 28 | then 29 | echo "\n\nPopping stashed modified files not part of commit\n" 30 | git stash pop -q 31 | fi 32 | 33 | # Restore current config 34 | echo "\nRestoring current config\n" 35 | mv tmp.status config.status 36 | # Don't show output in case error from above 37 | ./config.status >/dev/null 2>&1 38 | make clean >/dev/null 2>&1 39 | make -j 8 >/dev/null 2>&1 40 | 41 | [ $RESULT -ne 0 ] && echo "\nOops, your commit failed\n" && exit 1 42 | 43 | echo "\nCommit tests passed!\n" 44 | exit 0 45 | 46 | -------------------------------------------------------------------------------- /rpm/include.am: -------------------------------------------------------------------------------- 1 | rpm-build: rpm/spec dist 2 | @rm -f *.rpm 3 | rpmdev-setuptree 4 | find ~/rpmbuild/RPMS ~/rpmbuild/SRPMS -name "$(PACKAGE)-$(VERSION)*.rpm" | xargs rm -f 5 | @cp $(PACKAGE)-$(VERSION).tar.gz ~/rpmbuild/SOURCES/ 6 | @rpmbuild -ba --clean rpm/spec 7 | @cp ~/rpmbuild/RPMS/*/$(PACKAGE)-$(VERSION)*.rpm . 8 | @cp ~/rpmbuild/RPMS/*/$(PACKAGE)-devel-$(VERSION)*.rpm . 9 | @cp ~/rpmbuild/RPMS/*/$(PACKAGE)-debuginfo-$(VERSION)*.rpm . 10 | @cp ~/rpmbuild/SRPMS/$(PACKAGE)-$(VERSION)*.rpm . 11 | 12 | rpm-sign: rpm-build 13 | @rpm --addsign *.rpm 14 | @rpm --checksig *.rpm 15 | 16 | clean-rpm: 17 | @rm -f *.tar.gz 18 | @rm -f *.src.rpm 19 | @rm -f *.rpm 20 | 21 | rpm: rpm-build 22 | 23 | release: rpm-sign 24 | 25 | auto-rpmbuild: 26 | @auto-br-rpmbuild -ba rpm/spec 27 | 28 | 29 | -------------------------------------------------------------------------------- /rpm/spec.in: -------------------------------------------------------------------------------- 1 | Name: @PACKAGE@ 2 | Version: @VERSION@ 3 | Release: 1 4 | Summary: wolfCrypt and wolfCrypt FIPS engine for OpenSSL 5 | 6 | License: GPLv3 7 | URL: http://www.wolfssl.com/ 8 | Source0: @PACKAGE@-@VERSION@.tar.gz 9 | 10 | BuildRequires: gcc 11 | BuildRequires: glibc 12 | BuildRequires: glibc-common 13 | BuildRequires: glibc-devel 14 | BuildRequires: glibc-headers 15 | BuildRequires: make 16 | BuildRequires: pkgconfig 17 | BuildRequires: sed 18 | BuildRequires: tar 19 | 20 | 21 | # Don't add wolfSSL and OpenSSL to dependency list. User may want to 22 | # use a version outside of RPM. 23 | %global __requires_exclude ^lib(wolfssl|ssl|crypto).*$ 24 | 25 | 26 | %description 27 | This package contains the header files and development libraries 28 | for %{name}. If you like to develop programs using %{name}, 29 | you will need to install %{name}-devel. 30 | 31 | 32 | %package devel 33 | Summary: Header files and development libraries for %{name} 34 | Group: Development/Libraries 35 | Requires: %{name} = %{version}-%{release} 36 | 37 | %description devel 38 | This package contains the header files and development libraries 39 | for %{name}. If you like to develop programs using %{name}, 40 | you will need to install %{name}-devel. 41 | 42 | 43 | %prep 44 | %setup 45 | 46 | 47 | %build 48 | %configure @WOLFENGINE_CONFIG_ARGS@ 49 | %make_build 50 | 51 | 52 | %install 53 | %make_install 54 | %{__rm} -f %{buildroot}/%{_libdir}/libwolfengine.la 55 | 56 | 57 | %clean 58 | %{__rm} -rf %{buildroot} 59 | 60 | 61 | %files 62 | %doc ChangeLog.md COPYING INSTALL README.md 63 | 64 | %{_libdir}/libwolfengine.so 65 | %{_libdir}/libwolfengine.so.@WOLFENGINE_LIBRARY_VERSION_FIRST@ 66 | %{_libdir}/libwolfengine.so.@WOLFENGINE_LIBRARY_VERSION_FIRST@.@WOLFENGINE_LIBRARY_VERSION_SECOND@.@WOLFENGINE_LIBRARY_VERSION_THIRD@ 67 | 68 | 69 | %files devel 70 | %{_includedir}/wolfengine/we_fips.h 71 | %{_includedir}/wolfengine/we_logging.h 72 | %{_includedir}/wolfengine/we_visibility.h 73 | %{_includedir}/wolfengine/we_wolfengine.h 74 | 75 | 76 | 77 | %changelog 78 | * Mon Oct 17 2022 Juliusz Sosinowicz 79 | - Initial package 80 | -------------------------------------------------------------------------------- /scripts/include.am: -------------------------------------------------------------------------------- 1 | dist_noinst_SCRIPTS += scripts/interop-tests.sh 2 | dist_noinst_SCRIPTS += scripts/we-cs-test.sh 3 | -------------------------------------------------------------------------------- /scripts/patches/nginx/1.19.10_ossl102h.patch: -------------------------------------------------------------------------------- 1 | diff -ur nginx-1.19.10/src/event/ngx_event_openssl.c nginx-1.19.10-we/src/event/ngx_event_openssl.c 2 | --- nginx-1.19.10/src/event/ngx_event_openssl.c 2021-04-14 01:13:59.000000000 +1000 3 | +++ nginx-1.19.10-we/src/event/ngx_event_openssl.c 2021-05-11 11:48:14.218268368 +1000 4 | @@ -165,6 +165,22 @@ 5 | 6 | #endif 7 | 8 | + { 9 | + ENGINE *e; 10 | + 11 | + ENGINE_load_dynamic(); 12 | + e = ENGINE_by_id("wolfengine"); 13 | + if (e == NULL) { 14 | + printf("Failed to find wolfEngine.\n"); 15 | + return 1; 16 | + } 17 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 18 | + printf("Failed to enable wolfEngine debug logging.\n"); 19 | + return 1; 20 | + } 21 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 22 | + } 23 | + 24 | #ifndef SSL_OP_NO_COMPRESSION 25 | { 26 | /* 27 | -------------------------------------------------------------------------------- /scripts/patches/nginx/1.19.10_ossl111b.patch: -------------------------------------------------------------------------------- 1 | diff -ur nginx-1.19.10/src/event/ngx_event_openssl.c nginx-1.19.10-we/src/event/ngx_event_openssl.c 2 | --- nginx-1.19.10/src/event/ngx_event_openssl.c 2021-04-14 01:13:59.000000000 +1000 3 | +++ nginx-1.19.10-we/src/event/ngx_event_openssl.c 2021-05-11 11:48:14.218268368 +1000 4 | @@ -165,6 +165,22 @@ 5 | 6 | #endif 7 | 8 | + { 9 | + ENGINE *e; 10 | + 11 | + ENGINE_load_dynamic(); 12 | + e = ENGINE_by_id("libwolfengine"); 13 | + if (e == NULL) { 14 | + printf("Failed to find wolfEngine.\n"); 15 | + return 1; 16 | + } 17 | + if (ENGINE_ctrl_cmd(e, "enable_debug", 1, NULL, NULL, 0) != 1) { 18 | + printf("Failed to enable wolfEngine debug logging.\n"); 19 | + return 1; 20 | + } 21 | + ENGINE_set_default(e, ENGINE_METHOD_ALL); 22 | + } 23 | + 24 | #ifndef SSL_OP_NO_COMPRESSION 25 | { 26 | /* 27 | -------------------------------------------------------------------------------- /scripts/patches/stunnel-5.59/5.59.patch: -------------------------------------------------------------------------------- 1 | diff --git a/./src/options_new.c b/./src/options.c 2 | index 15c82bb..1281298 100644 3 | --- a/./src/options_new.c 4 | +++ b/./src/options.c 5 | @@ -4585,6 +4585,15 @@ NOEXPORT char *engine_auto(void) { 6 | return NULL; /* OK */ 7 | } 8 | 9 | +static void stunnel_wolfengine_log(const int logLevel, const int component, 10 | + const char *const logMessage) 11 | +{ 12 | + (void)logLevel; 13 | + (void)component; 14 | + 15 | + s_log(LOG_INFO, "%s", logMessage); 16 | +} 17 | + 18 | NOEXPORT char *engine_open(const char *name) { 19 | engine_init(); /* initialize the previous engine (if any) */ 20 | if(++current_engine>=MAX_ENGINES) 21 | @@ -4605,6 +4614,19 @@ NOEXPORT char *engine_open(const char *name) { 22 | s_log(LOG_INFO, "UI not supported by engine #%d (%s)", 23 | current_engine+1, ENGINE_get_id(engines[current_engine])); 24 | } 25 | + 26 | + if (ENGINE_ctrl_cmd(engines[current_engine], "set_logging_cb", 0, NULL, 27 | + (void(*)(void))stunnel_wolfengine_log, 0)) { 28 | + s_log(LOG_NOTICE, "wolfEngine logging callback set for engine #%d (%s)", 29 | + current_engine+1, ENGINE_get_id(engines[current_engine])); 30 | + } 31 | + else { 32 | + ERR_clear_error(); 33 | + s_log(LOG_INFO, "wolfEngine logging callback not supported by engine " 34 | + "#%d (%s)", current_engine+1, 35 | + ENGINE_get_id(engines[current_engine])); 36 | + } 37 | + 38 | return NULL; /* OK */ 39 | -------------------------------------------------------------------------------- /scripts/test-sanity.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script provides simple sanity checks to make sure the provider is working 3 | # NOTE: Careful running this script, because it will remove folders automatically 4 | 5 | SET_PRE=$( set ) 6 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 7 | LOG_FILE=${SCRIPT_DIR}/test-sanity.log 8 | rm -f ${LOG_FILE} 9 | source ${SCRIPT_DIR}/utils-wolfengine.sh 10 | 11 | echo "Using openssl: $OPENSSL_TAG, wolfssl: $WOLFSSL_TAG" 12 | 13 | function doTestCmd() { 14 | CMD=$* 15 | echo ">>>>>> Running $CMD" 16 | eval $CMD 17 | RET=$? 18 | if [ $RET -ne 0 ]; then 19 | echo "Failed $CMD: $RET" 20 | exit 1 21 | fi 22 | echo "<<<<<<" 23 | } 24 | 25 | function runSpotCheck() { 26 | SPOTCHECK_ARGS=$1 27 | unset OPENSSL_MODULES 28 | unset OPENSSL_CONF 29 | rm -rf ${WOLFSSL_INSTALL_DIR} ${WOLFSSL_SOURCE_DIR} ${WOLFENGINE_INSTALL_DIR} 30 | doTestCmd init_wolfengine 31 | 32 | SET_POST=$( set ) 33 | echo "New variables set:" 34 | diff <(echo "$SET_PRE") <(echo "$SET_POST") | grep "=" 35 | 36 | doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl engine -c" 37 | 38 | if [ $(${OPENSSL_INSTALL_DIR}/bin/openssl engine -c | grep libwolfengine | wc -l) = 0 ]; then 39 | echo "Not using wolfEngine for some reason" 40 | exit 2 41 | fi 42 | 43 | doTestCmd "${OPENSSL_INSTALL_DIR}/bin/openssl s_client -engine libwolfengine -CApath /etc/ssl/certs -connect github.com:443 /dev/null && pwd )" 6 | 7 | if [ "$UTILS_GENERAL_LOADED" != "yes" ]; then # only set once 8 | kill_servers() { 9 | if [ "$(jobs -p)" != "" ]; then 10 | kill $(jobs -p) 11 | fi 12 | } 13 | 14 | do_cleanup() { 15 | sleep 0.5 # flush buffers 16 | kill_servers 17 | } 18 | 19 | do_trap() { 20 | printf "got trap\n" 21 | do_cleanup 22 | date 23 | exit 1 24 | } 25 | trap do_trap INT TERM 26 | 27 | export UTILS_GENERAL_LOADED=yes 28 | fi 29 | -------------------------------------------------------------------------------- /scripts/utils-openssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright (C) 2021 wolfSSL Inc. 4 | # 5 | # This file is part of wolfEngine. 6 | # 7 | # wolfProvider is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # wolfProvider is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | # 21 | 22 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 23 | source ${SCRIPT_DIR}/utils-general.sh 24 | 25 | OPENSSL_GIT="https://github.com/openssl/openssl.git" 26 | OPENSSL_TAG=${OPENSSL_TAG:-"OpenSSL_1_1_1b"} 27 | OPENSSL_SOURCE_DIR=${SCRIPT_DIR}/../openssl-source 28 | OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install 29 | 30 | NUMCPU=${NUMCPU:-8} 31 | WOLFENGINE_DEBUG=${WOLFENGINE_DEBUG:-0} 32 | 33 | if [ -z $LD_LIBRARY_PATH ]; then 34 | export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib 35 | else 36 | export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib:$LD_LIBRARY_PATH 37 | fi 38 | 39 | clone_openssl() { 40 | if [ -d ${OPENSSL_SOURCE_DIR} ]; then 41 | OPENSSL_TAG_CUR=$(cd ${OPENSSL_SOURCE_DIR} && (git describe --tags 2>/dev/null || git branch --show-current)) 42 | if [ "${OPENSSL_TAG_CUR}" != "${OPENSSL_TAG}" ]; then # force a rebuild 43 | printf "Version inconsistency. Please fix ${OPENSSL_SOURCE_DIR} (expected: ${OPENSSL_TAG}, got: ${OPENSSL_TAG_CUR})\n" 44 | do_cleanup 45 | exit 1 46 | fi 47 | fi 48 | 49 | if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then 50 | printf "\tClone OpenSSL ${OPENSSL_TAG} ... " 51 | if [ "$WOLFENGINE_DEBUG" = "1" ]; then 52 | git clone -b ${OPENSSL_TAG} ${OPENSSL_GIT} \ 53 | ${OPENSSL_SOURCE_DIR} >>$LOG_FILE 2>&1 54 | RET=$? 55 | else 56 | git clone --depth=1 -b ${OPENSSL_TAG} ${OPENSSL_GIT} \ 57 | ${OPENSSL_SOURCE_DIR} >>$LOG_FILE 2>&1 58 | RET=$? 59 | fi 60 | if [ $RET != 0 ]; then 61 | printf "ERROR.\n" 62 | do_cleanup 63 | exit 1 64 | fi 65 | printf "Done.\n" 66 | fi 67 | } 68 | 69 | install_openssl() { 70 | clone_openssl 71 | cd ${OPENSSL_SOURCE_DIR} 72 | 73 | if [ ! -d ${OPENSSL_INSTALL_DIR} ]; then 74 | printf "\tConfigure OpenSSL ${OPENSSL_TAG} ... " 75 | if [ "$WOLFENGINE_DEBUG" = "1" ]; then 76 | ./config shared --prefix=${OPENSSL_INSTALL_DIR} --debug >>$LOG_FILE 2>&1 77 | RET=$? 78 | else 79 | ./config shared --prefix=${OPENSSL_INSTALL_DIR} >>$LOG_FILE 2>&1 80 | RET=$? 81 | fi 82 | if [ $RET != 0 ]; then 83 | printf "ERROR.\n" 84 | rm -rf ${OPENSSL_INSTALL_DIR} 85 | do_cleanup 86 | exit 1 87 | fi 88 | printf "Done.\n" 89 | 90 | printf "\tBuild OpenSSL ${OPENSSL_TAG} ... " 91 | make -j$NUMCPU >>$LOG_FILE 2>&1 92 | if [ $? != 0 ]; then 93 | printf "ERROR.\n" 94 | rm -rf ${OPENSSL_INSTALL_DIR} 95 | do_cleanup 96 | exit 1 97 | fi 98 | printf "Done.\n" 99 | 100 | printf "\tInstalling OpenSSL ${OPENSSL_TAG} ... " 101 | make -j$NUMCPU install >>$LOG_FILE 2>&1 102 | if [ $? != 0 ]; then 103 | printf "ERROR.\n" 104 | rm -rf ${OPENSSL_INSTALL_DIR} 105 | do_cleanup 106 | exit 1 107 | fi 108 | printf "Done.\n" 109 | fi 110 | 111 | cd .. 112 | } 113 | 114 | init_openssl() { 115 | install_openssl 116 | printf "\tOpenSSL ${OPENSSL_TAG} installed in: ${OPENSSL_INSTALL_DIR}\n" 117 | 118 | OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl 119 | OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test 120 | 121 | OSSL_VER=`LD_LIBRARY_PATH=${OPENSSL_INSTALL_DIR}/lib $OPENSSL_BIN version | tail -n1` 122 | case $OSSL_VER in 123 | OpenSSL\ 1.*) ;; 124 | *) 125 | echo "OpenSSL ($OPENSSL_BIN) has wrong version: $OSSL_VER" 126 | echo "Set: OPENSSL_DIR" 127 | exit 1 128 | ;; 129 | esac 130 | } 131 | 132 | -------------------------------------------------------------------------------- /scripts/utils-wolfengine.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright (C) 2021 wolfSSL Inc. 4 | # 5 | # This file is part of wolfProvider. 6 | # 7 | # wolfProvider is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # wolfProvider is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | # 21 | 22 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 23 | source ${SCRIPT_DIR}/utils-openssl.sh 24 | source ${SCRIPT_DIR}/utils-wolfssl.sh 25 | 26 | WOLFENGINE_SOURCE_DIR=${SCRIPT_DIR}/.. 27 | WOLFENGINE_INSTALL_DIR=${SCRIPT_DIR}/../wolfengine-install 28 | if [ "$WOLFSSL_ISFIPS" -eq "1" ]; then 29 | WOLFENGINE_CONFIG=${WOLFENGINE_CONFIG:-"$WOLFENGINE_SOURCE_DIR/engine-fips.conf"} 30 | else 31 | WOLFENGINE_CONFIG=${WOLFENGINE_CONFIG:-"$WOLFENGINE_SOURCE_DIR/engine.conf"} 32 | fi 33 | 34 | WOLFENGINE_NAME="libwolfengine" 35 | WOLFENGINE_PATH=$WOLFENGINE_INSTALL_DIR/lib 36 | 37 | WOLFENGINE_DEBUG=${WOLFENGINE_DEBUG:-0} 38 | 39 | install_wolfengine() { 40 | cd ${WOLFENGINE_SOURCE_DIR} 41 | 42 | init_openssl 43 | init_wolfssl 44 | printf "LD_LIBRARY_PATH: $LD_LIBRARY_PATH\n" 45 | 46 | if [ ! -d ${WOLFENGINE_INSTALL_DIR} ]; then 47 | printf "\tConfigure wolfEngine ... " 48 | if [ ! -e "${WOLFENGINE_SOURCE_DIR}/configure" ]; then 49 | ./autogen.sh >>$LOG_FILE 2>&1 50 | fi 51 | if [ "$WOLFENGINE_DEBUG" = "1" ]; then 52 | ./configure --with-openssl=${OPENSSL_INSTALL_DIR} --with-wolfssl=${WOLFSSL_INSTALL_DIR} --prefix=${WOLFENGINE_INSTALL_DIR} --enable-debug >>$LOG_FILE 2>&1 53 | RET=$? 54 | else 55 | ./configure --with-openssl=${OPENSSL_INSTALL_DIR} --with-wolfssl=${WOLFSSL_INSTALL_DIR} --prefix=${WOLFENGINE_INSTALL_DIR} >>$LOG_FILE 2>&1 56 | RET=$? 57 | fi 58 | if [ $RET != 0 ]; then 59 | printf "\n\n...\n" 60 | tail -n 40 $LOG_FILE 61 | do_cleanup 62 | exit 1 63 | fi 64 | printf "Done.\n" 65 | 66 | printf "\tBuild wolfEngine ... " 67 | make -j$NUMCPU >>$LOG_FILE 2>&1 68 | if [ $? != 0 ]; then 69 | printf "\n\n...\n" 70 | tail -n 40 $LOG_FILE 71 | do_cleanup 72 | exit 1 73 | fi 74 | printf "Done.\n" 75 | 76 | printf "\tTest wolfEngine ... " 77 | make test >>$LOG_FILE 2>&1 78 | if [ $? != 0 ]; then 79 | printf "\n\n...\n" 80 | tail -n 40 $LOG_FILE 81 | do_cleanup 82 | exit 1 83 | fi 84 | printf "Done.\n" 85 | 86 | printf "\tInstall wolfEngine ... " 87 | make install >>$LOG_FILE 2>&1 88 | if [ $? != 0 ]; then 89 | printf "\n\n...\n" 90 | tail -n 40 $LOG_FILE 91 | do_cleanup 92 | exit 1 93 | fi 94 | printf "Done.\n" 95 | fi 96 | } 97 | 98 | init_wolfengine() { 99 | install_wolfengine 100 | printf "\twolfEngine installed in: ${WOLFENGINE_INSTALL_DIR}\n" 101 | 102 | export OPENSSL_ENGINES=$WOLFENGINE_PATH 103 | export OPENSSL_CONF=${WOLFENGINE_CONFIG} 104 | } 105 | 106 | -------------------------------------------------------------------------------- /scripts/valgrind-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | START=1 3 | END=`./test/unit.test --list | grep -c "test"` 4 | LOGFILE="unit-test-valgrind.log" 5 | 6 | if [ ! -z "$1" ]; then 7 | START=$1 8 | fi 9 | 10 | i=$START 11 | printf "Running valgrind test on individual unit test:\n" 12 | printf "(note use -DPURIFY with OpenSSL 1.0.2h)\n" 13 | while [[ $i -le $END ]]; do 14 | printf "testing case $i ..." 15 | valgrind --tool=memcheck --track-origins=yes --leak-check=full --error-exitcode=5 --log-fd=9 --leak-check=full --show-leak-kinds=all ./test/unit.test --valgrind --static $i &> $LOGFILE 16 | if [ $? != 0 ]; then 17 | printf "failed\n" 18 | cat $LOGFILE 19 | printf "Error log stored in the file `pwd`/${LOGFILE}\n" 20 | exit 1 21 | fi 22 | printf "done\n" 23 | ((i = i + 1)) 24 | done 25 | printf "Completed all tests\n" 26 | rm $LOGFILE 27 | exit 0 28 | 29 | -------------------------------------------------------------------------------- /src/include.am: -------------------------------------------------------------------------------- 1 | # vim:ft=automake 2 | # included from Top Level Makefile.am 3 | # All paths should be given relative to the root 4 | 5 | libwolfengine_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${WOLFENGINE_LIBRARY_VERSION} 6 | 7 | libwolfengine_la_SOURCES = 8 | libwolfengine_la_SOURCES += src/we_aes_block.c 9 | libwolfengine_la_SOURCES += src/we_aes_cbc_hmac.c 10 | libwolfengine_la_SOURCES += src/we_aes_ccm.c 11 | libwolfengine_la_SOURCES += src/we_aes_ctr.c 12 | libwolfengine_la_SOURCES += src/we_aes_gcm.c 13 | libwolfengine_la_SOURCES += src/we_des3_cbc.c 14 | libwolfengine_la_SOURCES += src/we_dh.c 15 | libwolfengine_la_SOURCES += src/we_digest.c 16 | libwolfengine_la_SOURCES += src/we_ecc.c 17 | libwolfengine_la_SOURCES += src/we_hkdf.c 18 | libwolfengine_la_SOURCES += src/we_internal.c 19 | libwolfengine_la_SOURCES += src/we_logging.c 20 | libwolfengine_la_SOURCES += src/we_mac.c 21 | libwolfengine_la_SOURCES += src/we_openssl_bc.c 22 | libwolfengine_la_SOURCES += src/we_pbe.c 23 | libwolfengine_la_SOURCES += src/we_random.c 24 | libwolfengine_la_SOURCES += src/we_rsa.c 25 | libwolfengine_la_SOURCES += src/we_tls_prf.c 26 | libwolfengine_la_SOURCES += src/we_wolfengine.c 27 | libwolfengine_la_SOURCES += src/we_fips.c 28 | -------------------------------------------------------------------------------- /src/we_fips.c: -------------------------------------------------------------------------------- 1 | /* we_fips.c 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | /* Bitmask of FIPS checks in wolfEngine_FipsCheck. Can be set by application 26 | * through ENGINE_ctrl command. Defaults to all checks if using wolfCrypt FIPS 27 | * and no checks if not. */ 28 | static long fipsChecks = WE_FIPS_CHECKS_DEFAULT; 29 | 30 | /** 31 | * Set wolfEngine FIPS checks. 32 | * Default FIPS checks for wolfEngine is WE_FIPS_CHECKS_DEFAULT. 33 | * 34 | * @param checksMask [in] Bitmask of FIPS checks from wolfEngine_FipsCheck in 35 | * we_fips.h. 36 | */ 37 | void wolfEngine_SetFipsChecks(long checksMask) 38 | { 39 | fipsChecks = checksMask; 40 | } 41 | 42 | /** 43 | * Get wolfEngine FIPS checks mask. 44 | * 45 | * @return The FIPS checks mask. 46 | */ 47 | long wolfEngine_GetFipsChecks() 48 | { 49 | return fipsChecks; 50 | } 51 | -------------------------------------------------------------------------------- /src/we_wolfengine.c: -------------------------------------------------------------------------------- 1 | /* we_wolfengine.c 2 | * 3 | * Copyright (C) 2006-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | #ifdef _WIN32 26 | WOLFENGINE_API const char *wolfengine_id = "wolfEngine"; 27 | #elif OPENSSL_VERSION_NUMBER >= 0x10100000L 28 | /* Engine id - implementation uses wolfSSL */ 29 | WOLFENGINE_API const char *wolfengine_id = "libwolfengine"; 30 | #else 31 | WOLFENGINE_API const char *wolfengine_id = "wolfengine"; 32 | #endif 33 | /* Engine name ... or description. */ 34 | WOLFENGINE_API const char *wolfengine_name = "An engine using wolfSSL"; 35 | 36 | /** 37 | * Allocate and bind a wolfEngine ENGINE and return a pointer to it. 38 | * 39 | * @returns NULL on failure, valid pointer on success. 40 | */ 41 | static ENGINE *engine_wolfengine(void) 42 | { 43 | int rc; 44 | ENGINE *ret; 45 | 46 | WOLFENGINE_ENTER(WE_LOG_ENGINE, "engine_wolfengine"); 47 | 48 | /* Known, still-reachable memory leak from openssl internals on 1.0.2 */ 49 | ret = ENGINE_new(); 50 | if (ret == NULL) { 51 | WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_ENGINE, "ENGINE_new", ret); 52 | return NULL; 53 | } 54 | rc = wolfengine_bind(ret, wolfengine_id); 55 | if (rc == 0) { 56 | WOLFENGINE_ERROR_FUNC(WE_LOG_ENGINE, "wolfengine_bind", rc); 57 | ENGINE_free(ret); 58 | return NULL; 59 | } 60 | 61 | WOLFENGINE_LEAVE(WE_LOG_ENGINE, "engine_wolfengine", 1); 62 | 63 | return ret; 64 | } 65 | 66 | /** 67 | * Load an instance of wolfEngine into OpenSSL's engine list. 68 | */ 69 | void ENGINE_load_wolfengine(void) 70 | { 71 | ENGINE *toadd = engine_wolfengine(); 72 | 73 | WOLFENGINE_ENTER(WE_LOG_ENGINE, "ENGINE_load_wolfengine"); 74 | 75 | if (!toadd) 76 | return; 77 | ENGINE_add(toadd); 78 | ENGINE_free(toadd); 79 | /* Known, still-reachable memory leak from openssl internals on 1.0.2 */ 80 | ERR_clear_error(); 81 | 82 | WOLFENGINE_LEAVE(WE_LOG_ENGINE, "ENGINE_load_wolfengine", 1); 83 | } 84 | 85 | #ifndef WE_NO_DYNAMIC_ENGINE 86 | /** Define implementation of common bind function in OpenSSL engines. */ 87 | IMPLEMENT_DYNAMIC_BIND_FN(wolfengine_bind) 88 | /** Define implementation of common checking function in OpenSSL engines. */ 89 | IMPLEMENT_DYNAMIC_CHECK_FN() 90 | #endif /* WE_NO_DYNAMIC_ENGINE */ 91 | -------------------------------------------------------------------------------- /test-openssl-version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # test-openssl-version.sh 4 | # 5 | # Copyright (C) 2019-2023 wolfSSL Inc. 6 | # 7 | 8 | 9 | TMP_FILE=/tmp/test_config.$$ 10 | CONFIG_STATUS=config.status 11 | CONFIG_STATUS_TMP=/tmp/config.status.$$ 12 | 13 | WE_TEST="./test/unit.test" 14 | 15 | # See README.md for change to make to OpenSSL to enable this to work. 16 | EXTRA_OPTS="" 17 | VERBOSE="no" 18 | 19 | # User can set the directory to find different versions of OpenSSL 20 | if [ "$OPENSSL_VER_DIR" = "" ] 21 | then 22 | OPENSSL_VER_DIR=~/wolfssl/external 23 | fi 24 | 25 | # User can set directory of specific versions 26 | if [ "$OPENSSL300_DIR" = "" ] 27 | then 28 | OPENSSL300_DIR=$OPENSSL_VER_DIR/openssl-3.0.0 29 | fi 30 | if [ "$OPENSSL111_DIR" = "" ] 31 | then 32 | OPENSSL111_DIR=$OPENSSL_VER_DIR/openssl-1.1.1 33 | fi 34 | if [ "$OPENSSL110_DIR" = "" ] 35 | then 36 | OPENSSL110_DIR=$OPENSSL_VER_DIR/openssl-1.1.0 37 | fi 38 | if [ "$OPENSSL102_DIR" = "" ] 39 | then 40 | OPENSSL102_DIR=$OPENSSL_VER_DIR/openssl-1.0.2 41 | fi 42 | 43 | # Check if a directory for an OpenSSL version exists to know to test 44 | if [ -d "$OPENSSL300_DIR" ] 45 | then 46 | CONFIG_300="yes" 47 | else 48 | CONFIG_300="no" 49 | fi 50 | if [ -d "$OPENSSL111_DIR" ] 51 | then 52 | CONFIG_111="yes" 53 | else 54 | CONFIG_111="no" 55 | fi 56 | if [ -d "$OPENSSL110_DIR" ] 57 | then 58 | CONFIG_110="yes" 59 | else 60 | CONFIG_110="no" 61 | fi 62 | if [ -d "$OPENSSL102_DIR" ] 63 | then 64 | CONFIG_102="yes" 65 | else 66 | CONFIG_102="no" 67 | fi 68 | 69 | 70 | do_cleanup() { 71 | if [ -f $CONFIG_STATUS_TMP ]; then 72 | mv $CONFIG_STATUS_TMP $CONFIG_STATUS 73 | fi 74 | ./config.status >/dev/null 2>&1 75 | make clean >/dev/null 2>&1 76 | make -j 8 >/dev/null 2>&1 77 | 78 | rm -f $CONFIG_STATUS_TMP 79 | rm -f $TMP_FILE 80 | } 81 | 82 | do_trap() { 83 | echo "got trap" 84 | do_cleanup 85 | exit 2 86 | } 87 | 88 | trap do_trap INT TERM 89 | 90 | cp $CONFIG_STATUS $CONFIG_STATUS_TMP 91 | 92 | 93 | do_config() { 94 | export OPENSSL=$OPENSSL_DIR/apps/openssl 95 | 96 | echo -n " Configure ... " 97 | # Using development version of OpenSSL not install - set LDFLAGS 98 | ./configure LDFLAGS="-L$OPENSSL_DIR $WOLFENGINE_EXTRA_LDFLAGS" $EXTRA_OPTS \ 99 | CPPFLAGS="$WOLFENGINE_EXTRA_CPPFLAGS" \ 100 | --with-openssl=$OPENSSL_DIR >$TMP_FILE 2>&1 101 | if [ $? != 0 ]; then 102 | cat $TMP_FILE 103 | echo "Failed to configure wolfSSL engine" 104 | do_cleanup 105 | exit 1 106 | fi 107 | echo "DONE" 108 | if [ "$VERBOSE" = "yes" ]; then 109 | cat $TMP_FILE 110 | fi 111 | 112 | echo -n " Make ... " 113 | make >$TMP_FILE 2>&1 114 | if [ $? != 0 ]; then 115 | cat $TMP_FILE 116 | echo "Failed to make wolfSSL engine" 117 | do_cleanup 118 | exit 1 119 | fi 120 | echo "DONE" 121 | if [ "$VERBOSE" = "yes" ]; then 122 | cat $TMP_FILE 123 | fi 124 | 125 | echo -n " unit.test ... " 126 | LD_LIBRARY_PATH=$OPENSSL_DIR $WE_TEST >$TMP_FILE 2>&1 127 | if [ $? != 0 ]; then 128 | cat $TMP_FILE 129 | echo "Unit test failed for wolfSSL engine" 130 | do_cleanup 131 | exit 1 132 | fi 133 | echo -n "PASS " 134 | LD_LIBRARY_PATH=$OPENSSL_DIR $WE_TEST --list | wc -l 135 | if [ "$VERBOSE" = "yes" ]; then 136 | cat $TMP_FILE 137 | fi 138 | } 139 | 140 | while [ $# -gt 0 ] 141 | do 142 | case $1 in 143 | 300) 144 | echo "Only testing OpenSSL v3.0.0" 145 | CONFIG_111="no" 146 | CONFIG_110="no" 147 | CONFIG_102="no" 148 | ;; 149 | 111) 150 | echo "Only testing OpenSSL v1.1.1" 151 | CONFIG_300="no" 152 | CONFIG_110="no" 153 | CONFIG_102="no" 154 | ;; 155 | 110) 156 | echo "Only testing OpenSSL v1.1.0" 157 | CONFIG_300="no" 158 | CONFIG_111="no" 159 | CONFIG_102="no" 160 | ;; 161 | 102) 162 | echo "Only testing OpenSSL v1.0.2" 163 | CONFIG_300="no" 164 | CONFIG_111="no" 165 | CONFIG_110="no" 166 | ;; 167 | --debug) 168 | echo "Enabling debug in wolfengine" 169 | EXTRA_OPTS="$EXTRA_OPTS --enable-debug" 170 | ;; 171 | --no-hash) 172 | echo "Disabling hash in wolfengine" 173 | EXTRA_OPTS="$EXTRA_OPTS --disable-hash" 174 | ;; 175 | --pbe) 176 | EXTRA_OPTS="$EXTRA_OPTS --enable-pbe" 177 | ;; 178 | --clang) 179 | EXTRA_OPTS="$EXTRA_OPTS CC=clang" 180 | ;; 181 | -v) 182 | VERBOSE="yes" 183 | ;; 184 | --verbose) 185 | VERBOSE="yes" 186 | ;; 187 | esac 188 | 189 | shift 1 190 | done 191 | 192 | echo 193 | 194 | # Only tests the OpenSSL versions request and available 195 | if [ "$CONFIG_300" = "yes" ]; then 196 | echo "OpenSSL v3.0.0" 197 | OPENSSL_DIR=$OPENSSL300_DIR 198 | do_config 199 | fi 200 | if [ "$CONFIG_111" = "yes" ]; then 201 | echo "OpenSSL v1.1.1" 202 | OPENSSL_DIR=$OPENSSL111_DIR 203 | do_config 204 | fi 205 | if [ "$CONFIG_110" = "yes" ]; then 206 | echo "OpenSSL v1.1.0" 207 | OPENSSL_DIR=$OPENSSL110_DIR 208 | do_config 209 | fi 210 | if [ "$CONFIG_102" = "yes" ]; then 211 | echo "OpenSSL v1.0.2" 212 | OPENSSL_DIR=$OPENSSL102_DIR 213 | do_config 214 | fi 215 | 216 | # Cleanup temporary files and restore configuration 217 | do_cleanup 218 | 219 | -------------------------------------------------------------------------------- /test/include.am: -------------------------------------------------------------------------------- 1 | # vim:ft=automake 2 | # included from Top Level Makefile.am 3 | # All paths should be given relative to the root 4 | 5 | TEST_EXTENSIONS=.test 6 | TESTS += $(check_PROGRAMS) 7 | 8 | check_PROGRAMS += test/unit.test 9 | noinst_PROGRAMS += test/unit.test 10 | DISTCLEANFILES += test/.libs/unit.test 11 | 12 | test_unit_test_SOURCES = \ 13 | test/test_aestag.c \ 14 | test/test_cipher.c \ 15 | test/test_cmac.c \ 16 | test/test_dh.c \ 17 | test/test_digest.c \ 18 | test/test_ecc.c \ 19 | test/test_hkdf.c \ 20 | test/test_hmac.c \ 21 | test/test_logging.c \ 22 | test/test_pbe.c \ 23 | test/test_pkey.c \ 24 | test/test_rand.c \ 25 | test/test_rsa.c \ 26 | test/test_tls1_prf.c \ 27 | test/unit.c 28 | test_unit_test_LDADD = libwolfengine.la 29 | noinst_HEADERS += test/unit.h 30 | -------------------------------------------------------------------------------- /test/test_rand.c: -------------------------------------------------------------------------------- 1 | /* test_rand.c 2 | * 3 | * Copyright (C) 2019-2023 wolfSSL Inc. 4 | * 5 | * This file is part of wolfengine. 6 | * 7 | * wolfengine is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * wolfengine is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 | */ 21 | 22 | #include "unit.h" 23 | 24 | #ifdef WE_HAVE_RANDOM 25 | 26 | static int test_random_api(void) 27 | { 28 | int err; 29 | unsigned char buf[128]; 30 | 31 | XMEMSET(buf, 0, sizeof(buf)); 32 | 33 | err = RAND_status() != 1; 34 | #if OPENSSL_VERSION_NUMBER < 0x10100000L 35 | if (err == 0) { 36 | err = RAND_pseudo_bytes(buf, sizeof(buf)) != 1; 37 | PRINT_BUFFER("Pseudo", buf, sizeof(buf)); 38 | } 39 | if (err == 0) { 40 | err = RAND_bytes(buf, sizeof(buf)) != 1; 41 | PRINT_BUFFER("True random", buf, sizeof(buf)); 42 | } 43 | if (err == 0) { 44 | RAND_seed(buf, sizeof(buf)); 45 | 46 | RAND_add(buf, sizeof(buf), 128); 47 | 48 | err = RAND_pseudo_bytes(buf, sizeof(buf)) != 1; 49 | PRINT_BUFFER("Seeded Pseudo", buf, sizeof(buf)); 50 | } 51 | #else 52 | if (err == 0) { 53 | #if OPENSSL_VERSION_NUMBER < 0x10101000L 54 | err = RAND_bytes(buf, sizeof(buf)) != 1; 55 | #else 56 | err = RAND_priv_bytes(buf, sizeof(buf)) != 1; 57 | #endif 58 | PRINT_BUFFER("True random", buf, sizeof(buf)); 59 | } 60 | if (err == 0) { 61 | RAND_seed(buf, sizeof(buf)); 62 | 63 | RAND_add(buf, sizeof(buf), 128); 64 | 65 | err = RAND_bytes(buf, sizeof(buf)) != 1; 66 | PRINT_BUFFER("Seeded", buf, sizeof(buf)); 67 | } 68 | #endif 69 | if (err == 0) { 70 | err = RAND_status() != 1; 71 | } 72 | 73 | return err; 74 | } 75 | 76 | int test_random(ENGINE *e, void *data) 77 | { 78 | int err; 79 | 80 | (void)data; 81 | 82 | err = test_random_api(); 83 | if (err == 0) { 84 | err = RAND_set_rand_engine(e) != 1; 85 | } 86 | if (err == 0) { 87 | err = test_random_api(); 88 | } 89 | 90 | return err; 91 | } 92 | 93 | #endif /* WE_HAVE_RANDOM */ 94 | -------------------------------------------------------------------------------- /user_settings.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef USER_SETTINGS_H 3 | #define USER_SETTINGS_H 4 | 5 | #define WOLFENGINE_DEBUG 6 | #define WE_USE_HASH 7 | #define WE_HAVE_SHA384 8 | #define WE_HAVE_SHA512 9 | #define WE_HAVE_SHA1 10 | #define WE_HAVE_SHA224 11 | #define WE_HAVE_SHA256 12 | #define WE_HAVE_CMAC 13 | #define WE_HAVE_MAC 14 | #define WE_HAVE_HMAC 15 | #define WE_HAVE_MAC 16 | #define WE_HAVE_DES3CBC 17 | #define WE_HAVE_AESECB 18 | #define WE_HAVE_AESCBC 19 | #define WE_HAVE_AESCTR 20 | #define WE_HAVE_RANDOM 21 | #define WE_HAVE_RSA 22 | #define WE_HAVE_DH 23 | #define WE_HAVE_ECC 24 | #define WE_HAVE_EVP_PKEY 25 | #define WE_HAVE_ECDSA 26 | #define WE_HAVE_ECDH 27 | #define WE_HAVE_ECKEYGEN 28 | #define WE_HAVE_EC_P192 29 | #define WE_HAVE_EC_P224 30 | #define WE_HAVE_EC_P256 31 | #define WE_HAVE_EC_P384 32 | #define WE_HAVE_EC_P521 33 | #define WE_HAVE_DIGEST 34 | 35 | 36 | #ifdef _WIN32 37 | 38 | /* Settings generated by the configure script when compiling for wolfEngine */ 39 | #define HAVE_AES_ECB 40 | #define WC_RSA_NO_PADDING 41 | #define WOLFSSL_PUBLIC_MP 42 | #define ECC_MIN_KEY_SZ 192 43 | #define WOLFSSL_PSS_LONG_SALT 44 | #define WOLFSSL_PSS_SALT_LEN_DISCOVER 45 | #define WOLFSSL_TLS13 46 | #define HAVE_TLS_EXTENSIONS 47 | #define HAVE_SUPPORTED_CURVES 48 | #define HAVE_FFDHE_2048 49 | #define HAVE_THREAD_LS 50 | #define TFM_TIMING_RESISTANT 51 | #define ECC_TIMING_RESISTANT 52 | #define WC_RSA_BLINDING 53 | #define HAVE_AESCCM 54 | #define WOLFSSL_AES_COUNTER 55 | #define WOLFSSL_AES_DIRECT 56 | #define WOLFSSL_SHA224 57 | #define WOLFSSL_SHA512 58 | #define WOLFSSL_SHA384 59 | #define WOLFSSL_KEY_GEN 60 | #define HAVE_HKDF 61 | #define HAVE_X963_KDF 62 | #define NO_DSA 63 | #define HAVE_ECC 64 | #define TFM_ECC256 65 | #define ECC_SHAMIR 66 | #define WC_RSA_PSS 67 | #define WOLFSSL_BASE64_ENCODE 68 | #define NO_RC4 69 | #define WOLFSSL_CMAC 70 | #define NO_HC128 71 | #define NO_RABBIT 72 | #define WOLFSSL_SHA3 73 | #define WOLFSSL_SHAKE256 74 | #define HAVE_POLY1305 75 | #define HAVE_ONE_TIME_AUTH 76 | #define HAVE_CHACHA 77 | #define HAVE_HASHDRBG 78 | #define HAVE_EXTENDED_MASTER 79 | #define HAVE_ENCRYPT_THEN_MAC 80 | #define NO_PSK 81 | #define NO_MD4 82 | #define NO_PWDBASED 83 | #define USE_FAST_MATH 84 | #define WC_NO_ASYNC_THREADING 85 | #define HAVE_DH_DEFAULT_PARAMS 86 | #define GCM_TABLE_4BIT 87 | #define HAVE_AESGCM 88 | #define HAVE_WC_INTROSPECTION 89 | #define OPENSSL_COEXIST 90 | #define NO_OLD_RNGNAME 91 | #define NO_OLD_WC_NAMES 92 | #define NO_OLD_SSL_NAMES 93 | #define NO_OLD_SHA_NAMES 94 | #define NO_OLD_MD5_NAME 95 | #define HAVE_PUBLIC_FFDHE 96 | #define HAVE_FFDHE_2048 97 | #define HAVE_FFDHE_3072 98 | #define HAVE_FFDHE_4096 99 | 100 | /* Needed to export symbols in the final DLL */ 101 | #define OPENSSL_SYS_WINDOWS 102 | #define OPENSSL_OPT_WINDLL 103 | 104 | #endif /* _WIN32 */ 105 | 106 | #endif 107 | -------------------------------------------------------------------------------- /windows/fips_140_2/user_settings.h: -------------------------------------------------------------------------------- 1 | #ifndef USER_SETTINGS_H 2 | #define USER_SETTINGS_H 3 | 4 | #define WOLFENGINE_DEBUG 5 | #define WE_USE_HASH 6 | #define WE_HAVE_SHA384 7 | #define WE_HAVE_SHA512 8 | #define WE_HAVE_SHA1 9 | #define WE_HAVE_SHA224 10 | #define WE_HAVE_SHA256 11 | #define WE_HAVE_CMAC 12 | #define WE_HAVE_MAC 13 | #define WE_HAVE_HMAC 14 | #define WE_HAVE_MAC 15 | #define WE_HAVE_DES3CBC 16 | #define WE_HAVE_AESECB 17 | #define WE_HAVE_AESCBC 18 | #define WE_HAVE_AESCTR 19 | #define WE_HAVE_RANDOM 20 | #define WE_HAVE_RSA 21 | #define WE_HAVE_DH 22 | #define WE_HAVE_ECC 23 | #define WE_HAVE_EVP_PKEY 24 | #define WE_HAVE_ECDSA 25 | #define WE_HAVE_ECDH 26 | #define WE_HAVE_ECKEYGEN 27 | #define WE_HAVE_EC_P192 28 | #define WE_HAVE_EC_P224 29 | #define WE_HAVE_EC_P256 30 | #define WE_HAVE_EC_P384 31 | #define WE_HAVE_EC_P521 32 | #define WE_HAVE_DIGEST 33 | 34 | #ifdef _WIN32 35 | 36 | /* The wolfSSL Visual Studio project may define these FIPS macros. We want to 37 | * override them if that's the case. */ 38 | #undef HAVE_FIPS 39 | #define HAVE_FIPS 40 | #undef HAVE_FIPS_VERSION 41 | #define HAVE_FIPS_VERSION 2 42 | #undef HAVE_FIPS_VERSION_MINOR 43 | #define HAVE_FIPS_VERSION_MINOR 0 44 | 45 | #define HAVE_AES_ECB 46 | #define WC_RSA_NO_PADDING 47 | #define WOLFSSL_PUBLIC_MP 48 | #define ECC_MIN_KEY_SZ 192 49 | #define WOLFSSL_TLS13 50 | #define HAVE_TLS_EXTENSIONS 51 | #define HAVE_SUPPORTED_CURVES 52 | #define HAVE_THREAD_LS 53 | #define ECC_TIMING_RESISTANT 54 | #define WC_RSA_BLINDING 55 | #define HAVE_AESCCM 56 | #define WOLFSSL_AES_COUNTER 57 | #define WOLFSSL_AES_DIRECT 58 | #define WOLFSSL_SHA224 59 | #define WOLFSSL_SHA512 60 | #define WOLFSSL_SHA384 61 | #define WOLFSSL_KEY_GEN 62 | #define HAVE_HKDF 63 | #define HAVE_X963_KDF 64 | #define NO_DSA 65 | #define HAVE_ECC 66 | #define ECC_SHAMIR 67 | #define HAVE_ECC_CDH 68 | #define WC_RSA_PSS 69 | #define WOLFSSL_BASE64_ENCODE 70 | #define NO_RC4 71 | #define WOLFSSL_CMAC 72 | #define NO_HC128 73 | #define NO_RABBIT 74 | #define WOLFSSL_SHA3 75 | #define HAVE_ONE_TIME_AUTH 76 | #define HAVE_HASHDRBG 77 | #define HAVE_EXTENDED_MASTER 78 | #define HAVE_ENCRYPT_THEN_MAC 79 | #define NO_PSK 80 | #define NO_MD4 81 | #define NO_PWDBASED 82 | #define WC_NO_ASYNC_THREADING 83 | #define HAVE_DH_DEFAULT_PARAMS 84 | #define GCM_TABLE_4BIT 85 | #define HAVE_AESGCM 86 | #define HAVE_WC_INTROSPECTION 87 | #define OPENSSL_COEXIST 88 | #define NO_OLD_RNGNAME 89 | #define NO_OLD_WC_NAMES 90 | #define NO_OLD_SSL_NAMES 91 | #define NO_OLD_SHA_NAMES 92 | #define NO_OLD_MD5_NAME 93 | #define NO_OLD_SHA256_NAMES 94 | #define HAVE_PUBLIC_FFDHE 95 | #define HAVE_FFDHE_2048 96 | #define HAVE_FFDHE_3072 97 | #define HAVE_FFDHE_4096 98 | #define Sha3 wc_Sha3 99 | #define WOLFSSL_VALIDATE_ECC_IMPORT 100 | #define WOLFSSL_VALIDATE_FFC_IMPORT 101 | #define HAVE_FFDHE_Q 102 | #define WOLFSSL_NO_SHAKE256 103 | #define WOLFSSL_NOSHA512_224 104 | #define WOLFSSL_NOSHA512_256 105 | 106 | #ifdef _WIN64 107 | #define WOLFSSL_AESNI 108 | #endif 109 | 110 | /* Needed to export symbols in the final DLL */ 111 | #define OPENSSL_SYS_WINDOWS 112 | #define OPENSSL_OPT_WINDLL 113 | 114 | #endif /* _WIN32 */ 115 | 116 | #endif 117 | -------------------------------------------------------------------------------- /windows/fips_140_3/user_settings.h: -------------------------------------------------------------------------------- 1 | #ifndef USER_SETTINGS_H 2 | #define USER_SETTINGS_H 3 | 4 | /* Uncomment WOLFENGINE_DEBUG to enable wolfEngine debug messages 5 | #define WOLFENGINE_DEBUG */ 6 | 7 | #define WE_USE_HASH 8 | #define WE_HAVE_SHA384 9 | #define WE_HAVE_SHA512 10 | #define WE_HAVE_SHA1 11 | #define WE_HAVE_SHA224 12 | #define WE_HAVE_SHA256 13 | #define WE_HAVE_CMAC 14 | #define WE_HAVE_MAC 15 | #define WE_HAVE_HMAC 16 | #define WE_HAVE_MAC 17 | 18 | /* The DES3CBC cipher is no longer supported with our 140-3 certificate 19 | #define WE_HAVE_DES3CBC */ 20 | 21 | #define WE_HAVE_AESECB 22 | #define WE_HAVE_AESCBC 23 | #define WE_HAVE_AESCTR 24 | #define WE_HAVE_RANDOM 25 | #define WE_HAVE_RSA 26 | #define WE_HAVE_DH 27 | #define WE_HAVE_ECC 28 | #define WE_HAVE_EVP_PKEY 29 | #define WE_HAVE_ECDSA 30 | #define WE_HAVE_ECDH 31 | #define WE_HAVE_ECKEYGEN 32 | #define WE_HAVE_EC_P192 33 | #define WE_HAVE_EC_P224 34 | #define WE_HAVE_EC_P256 35 | #define WE_HAVE_EC_P384 36 | #define WE_HAVE_EC_P521 37 | #define WE_HAVE_DIGEST 38 | 39 | #ifdef _WIN32 40 | 41 | /* The wolfSSL Visual Studio project may define these FIPS macros. We want to 42 | * override them if that's the case. */ 43 | #undef HAVE_FIPS 44 | #define HAVE_FIPS 45 | #undef HAVE_FIPS_VERSION 46 | #define HAVE_FIPS_VERSION 5 47 | #undef HAVE_FIPS_VERSION_MINOR 48 | #define HAVE_FIPS_VERSION_MINOR 2 49 | 50 | #define WOLFSSL_ECDSA_SET_K 51 | #define HAVE_AES_ECB 52 | #define WC_RSA_NO_PADDING 53 | #define WOLFSSL_PUBLIC_MP 54 | #define ECC_MIN_KEY_SZ 192 55 | #define WOLFSSL_TLS13 56 | #define HAVE_TLS_EXTENSIONS 57 | #define HAVE_SUPPORTED_CURVES 58 | #define HAVE_THREAD_LS 59 | #define ECC_TIMING_RESISTANT 60 | #define WC_RSA_BLINDING 61 | #define HAVE_AESCCM 62 | #define WOLFSSL_AES_COUNTER 63 | #define WOLFSSL_AES_DIRECT 64 | #define WOLFSSL_SHA224 65 | #define WOLFSSL_SHA512 66 | #define WOLFSSL_SHA384 67 | #define WOLFSSL_KEY_GEN 68 | #define HAVE_HKDF 69 | #define HAVE_X963_KDF 70 | #define NO_DSA 71 | #define HAVE_ECC 72 | #define ECC_SHAMIR 73 | #define HAVE_ECC_CDH 74 | #define WC_RSA_PSS 75 | #define WOLFSSL_BASE64_ENCODE 76 | #define NO_RC4 77 | #define WOLFSSL_CMAC 78 | #define NO_HC128 79 | #define NO_RABBIT 80 | #define WOLFSSL_SHA3 81 | #define HAVE_ONE_TIME_AUTH 82 | #define HAVE_HASHDRBG 83 | #define HAVE_EXTENDED_MASTER 84 | #define HAVE_ENCRYPT_THEN_MAC 85 | #define NO_PSK 86 | #define NO_MD4 87 | #define NO_PWDBASED 88 | #define WC_NO_ASYNC_THREADING 89 | #define HAVE_DH_DEFAULT_PARAMS 90 | #define GCM_TABLE_4BIT 91 | #define HAVE_AESGCM 92 | #define HAVE_WC_INTROSPECTION 93 | #define OPENSSL_COEXIST 94 | #define NO_OLD_RNGNAME 95 | #define NO_OLD_WC_NAMES 96 | #define NO_OLD_SSL_NAMES 97 | #define NO_OLD_SHA_NAMES 98 | #define NO_OLD_MD5_NAME 99 | #define NO_OLD_SHA256_NAMES 100 | #define HAVE_PUBLIC_FFDHE 101 | #define HAVE_FFDHE_2048 102 | #define HAVE_FFDHE_3072 103 | #define HAVE_FFDHE_4096 104 | #define Sha3 wc_Sha3 105 | #define WOLFSSL_VALIDATE_ECC_IMPORT 106 | #define WOLFSSL_VALIDATE_FFC_IMPORT 107 | #define HAVE_FFDHE_Q 108 | #define WOLFSSL_NO_SHAKE256 109 | #define WOLFSSL_NOSHA512_224 110 | #define WOLFSSL_NOSHA512_256 111 | 112 | #ifdef _WIN64 113 | #define WOLFSSL_AESNI 114 | #endif 115 | 116 | /* Needed to export symbols in the final DLL */ 117 | #define OPENSSL_SYS_WINDOWS 118 | #define OPENSSL_OPT_WINDLL 119 | 120 | #endif /* _WIN32 */ 121 | 122 | #endif 123 | -------------------------------------------------------------------------------- /windows/fips_ready/user_settings.h: -------------------------------------------------------------------------------- 1 | #ifndef USER_SETTINGS_H 2 | #define USER_SETTINGS_H 3 | 4 | #define WOLFENGINE_DEBUG 5 | #define WE_USE_HASH 6 | #define WE_HAVE_SHA384 7 | #define WE_HAVE_SHA512 8 | #define WE_HAVE_SHA1 9 | #define WE_HAVE_SHA224 10 | #define WE_HAVE_SHA256 11 | #define WE_HAVE_CMAC 12 | #define WE_HAVE_MAC 13 | #define WE_HAVE_HMAC 14 | #define WE_HAVE_MAC 15 | #define WE_HAVE_AESECB 16 | #define WE_HAVE_AESCBC 17 | #define WE_HAVE_AESCTR 18 | #define WE_HAVE_RANDOM 19 | #define WE_HAVE_RSA 20 | #define WE_HAVE_DH 21 | #define WE_HAVE_ECC 22 | #define WE_HAVE_EVP_PKEY 23 | #define WE_HAVE_ECDSA 24 | #define WE_HAVE_ECDH 25 | #define WE_HAVE_ECKEYGEN 26 | #define WE_HAVE_EC_P192 27 | #define WE_HAVE_EC_P224 28 | #define WE_HAVE_EC_P256 29 | #define WE_HAVE_EC_P384 30 | #define WE_HAVE_EC_P521 31 | #define WE_HAVE_DIGEST 32 | 33 | /* wolfSSL's FIPS 140-3 cert doesn't have DES3 in the module. */ 34 | /* #define WE_HAVE_DES3CBC */ 35 | 36 | #ifdef _WIN32 37 | 38 | /* The Visual Studio project may define these FIPS macros. We want 39 | * to override them if that's the case. */ 40 | #undef HAVE_FIPS 41 | #define HAVE_FIPS 42 | #undef HAVE_FIPS_VERSION 43 | #define HAVE_FIPS_VERSION 5 44 | #undef HAVE_FIPS_VERSION_MINOR 45 | #define HAVE_FIPS_VERSION_MINOR 1 46 | 47 | /* wolfSSL's FIPS 140-3 cert doesn't have DES3 in the module. */ 48 | #define NO_DES3 49 | 50 | #define HAVE_AES_ECB 51 | #define WC_RSA_NO_PADDING 52 | #define WOLFSSL_PUBLIC_MP 53 | #define ECC_MIN_KEY_SZ 192 54 | #define WOLFSSL_TLS13 55 | #define HAVE_TLS_EXTENSIONS 56 | #define HAVE_SUPPORTED_CURVES 57 | #define HAVE_THREAD_LS 58 | #define ECC_TIMING_RESISTANT 59 | #define WC_RSA_BLINDING 60 | #define HAVE_AESCCM 61 | #define WOLFSSL_AES_COUNTER 62 | #define WOLFSSL_AES_DIRECT 63 | #define WOLFSSL_SHA224 64 | #define WOLFSSL_SHA512 65 | #define WOLFSSL_SHA384 66 | #define WOLFSSL_KEY_GEN 67 | #define HAVE_HKDF 68 | #define HAVE_X963_KDF 69 | #define NO_DSA 70 | #define HAVE_ECC 71 | #define ECC_SHAMIR 72 | #define HAVE_ECC_CDH 73 | #define WC_RSA_PSS 74 | #define WOLFSSL_BASE64_ENCODE 75 | #define NO_RC4 76 | #define WOLFSSL_CMAC 77 | #define NO_HC128 78 | #define NO_RABBIT 79 | #define WOLFSSL_SHA3 80 | #define HAVE_ONE_TIME_AUTH 81 | #define HAVE_HASHDRBG 82 | #define HAVE_EXTENDED_MASTER 83 | #define HAVE_ENCRYPT_THEN_MAC 84 | #define NO_PSK 85 | #define NO_MD4 86 | #define NO_PWDBASED 87 | #define WC_NO_ASYNC_THREADING 88 | #define HAVE_DH_DEFAULT_PARAMS 89 | #define GCM_TABLE_4BIT 90 | #define HAVE_AESGCM 91 | #define HAVE_WC_INTROSPECTION 92 | #define OPENSSL_COEXIST 93 | #define NO_OLD_RNGNAME 94 | #define NO_OLD_WC_NAMES 95 | #define NO_OLD_SSL_NAMES 96 | #define NO_OLD_SHA_NAMES 97 | #define NO_OLD_MD5_NAME 98 | #define NO_OLD_SHA256_NAMES 99 | #define HAVE_PUBLIC_FFDHE 100 | #define HAVE_FFDHE_2048 101 | #define HAVE_FFDHE_3072 102 | #define HAVE_FFDHE_4096 103 | #define HAVE_FFDHE_6144 104 | #define HAVE_FFDHE_8192 105 | #define Sha3 wc_Sha3 106 | #define WOLFSSL_VALIDATE_ECC_IMPORT 107 | #define WOLFSSL_VALIDATE_FFC_IMPORT 108 | #define HAVE_FFDHE_Q 109 | #define WOLFSSL_NO_SHAKE256 110 | #define WOLFSSL_NOSHA512_224 111 | #define WOLFSSL_NOSHA512_256 112 | #define WOLFSSL_ECDSA_SET_K 113 | #define ECC_USER_CURVES 114 | #define HAVE_ECC192 115 | #define HAVE_ECC224 116 | #define HAVE_ECC256 117 | #define HAVE_ECC384 118 | #define HAVE_ECC521 119 | #define WC_RNG_SEED_CB 120 | 121 | #ifdef _WIN64 122 | #define WOLFSSL_AESNI 123 | #endif 124 | 125 | /* Needed to export symbols in the final DLL */ 126 | #define OPENSSL_SYS_WINDOWS 127 | #define OPENSSL_OPT_WINDLL 128 | 129 | #endif /* _WIN32 */ 130 | 131 | #endif 132 | -------------------------------------------------------------------------------- /windows/include.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST += \ 2 | windows/fips_140_2/user_settings.h \ 3 | windows/fips_ready/user_settings.h \ 4 | windows/non_fips/user_settings.h \ 5 | windows/props/dll_release_non_fips_wolfengine.props \ 6 | windows/props/fips_140_2.props \ 7 | windows/props/fips_ready.props \ 8 | windows/props/non_fips.props \ 9 | windows/props/release_fips.props \ 10 | windows/props/release_fips_test.props \ 11 | windows/props/release_fips_wolfengine.props \ 12 | windows/props/release_non_fips.props \ 13 | windows/props/release_non_fips_test.props \ 14 | windows/props/release_non_fips_wolfengine.props \ 15 | windows/props/release.props \ 16 | windows/props/release_test.props \ 17 | windows/props/release_wolfengine.props \ 18 | windows/props/static_debug_fips_test.props \ 19 | windows/props/static_debug_non_fips_test.props \ 20 | windows/props/static_release_fips_test.props \ 21 | windows/props/static_release_non_fips_test.props \ 22 | windows/props/static_test.props \ 23 | windows/props/base.props \ 24 | windows/props/base_test.props \ 25 | windows/props/base_wolfengine.props \ 26 | windows/props/debug_fips.props \ 27 | windows/props/debug_fips_test.props \ 28 | windows/props/debug_fips_wolfengine.props \ 29 | windows/props/debug_non_fips.props \ 30 | windows/props/debug_non_fips_test.props \ 31 | windows/props/debug_non_fips_wolfengine.props \ 32 | windows/props/debug.props \ 33 | windows/props/debug_test.props \ 34 | windows/props/debug_wolfengine.props \ 35 | windows/props/dll_debug_fips_test.props \ 36 | windows/props/dll_debug_fips_wolfengine.props \ 37 | windows/props/dll_debug_non_fips_test.props \ 38 | windows/props/dll_debug_non_fips_wolfengine.props \ 39 | windows/props/dll.props \ 40 | windows/props/dll_release_fips_test.props \ 41 | windows/props/dll_release_fips_wolfengine.props \ 42 | windows/props/dll_release_non_fips_test.props \ 43 | windows/README.md \ 44 | windows/resource.h \ 45 | windows/test.vcxproj \ 46 | windows/test.vcxproj.filters \ 47 | windows/test.vcxproj.user \ 48 | windows/wolfEngine.rc \ 49 | windows/wolfEngine.sln \ 50 | windows/wolfEngine.vcxproj \ 51 | windows/wolfEngine.vcxproj.filters \ 52 | windows/wolfEngine.vcxproj.user 53 | -------------------------------------------------------------------------------- /windows/non_fips/user_settings.h: -------------------------------------------------------------------------------- 1 | #ifndef USER_SETTINGS_H 2 | #define USER_SETTINGS_H 3 | 4 | #define WOLFENGINE_DEBUG 5 | #define WE_USE_HASH 6 | #define WE_HAVE_SHA384 7 | #define WE_HAVE_SHA512 8 | #define WE_HAVE_SHA1 9 | #define WE_HAVE_SHA224 10 | #define WE_HAVE_SHA256 11 | #define WE_HAVE_CMAC 12 | #define WE_HAVE_MAC 13 | #define WE_HAVE_HMAC 14 | #define WE_HAVE_MAC 15 | #define WE_HAVE_DES3CBC 16 | #define WE_HAVE_AESECB 17 | #define WE_HAVE_AESCBC 18 | #define WE_HAVE_AESCTR 19 | #define WE_HAVE_RANDOM 20 | #define WE_HAVE_RSA 21 | #define WE_HAVE_DH 22 | #define WE_HAVE_ECC 23 | #define WE_HAVE_EVP_PKEY 24 | #define WE_HAVE_ECDSA 25 | #define WE_HAVE_ECDH 26 | #define WE_HAVE_ECKEYGEN 27 | #define WE_HAVE_EC_P192 28 | #define WE_HAVE_EC_P224 29 | #define WE_HAVE_EC_P256 30 | #define WE_HAVE_EC_P384 31 | #define WE_HAVE_EC_P521 32 | #define WE_HAVE_DIGEST 33 | 34 | #ifdef _WIN32 35 | 36 | #define HAVE_AES_ECB 37 | #define WC_RSA_NO_PADDING 38 | #define WOLFSSL_PUBLIC_MP 39 | #define ECC_MIN_KEY_SZ 192 40 | #define WOLFSSL_TLS13 41 | #define HAVE_TLS_EXTENSIONS 42 | #define HAVE_SUPPORTED_CURVES 43 | #define HAVE_THREAD_LS 44 | #define ECC_TIMING_RESISTANT 45 | #define WC_RSA_BLINDING 46 | #define HAVE_AESCCM 47 | #define WOLFSSL_AES_COUNTER 48 | #define WOLFSSL_AES_DIRECT 49 | #define WOLFSSL_SHA224 50 | #define WOLFSSL_SHA512 51 | #define WOLFSSL_SHA384 52 | #define WOLFSSL_KEY_GEN 53 | #define HAVE_HKDF 54 | #define HAVE_X963_KDF 55 | #define NO_DSA 56 | #define HAVE_ECC 57 | #define ECC_SHAMIR 58 | #define HAVE_ECC_CDH 59 | #define WC_RSA_PSS 60 | #define WOLFSSL_BASE64_ENCODE 61 | #define NO_RC4 62 | #define WOLFSSL_CMAC 63 | #define NO_HC128 64 | #define NO_RABBIT 65 | #define WOLFSSL_SHA3 66 | #define HAVE_ONE_TIME_AUTH 67 | #define HAVE_HASHDRBG 68 | #define HAVE_EXTENDED_MASTER 69 | #define HAVE_ENCRYPT_THEN_MAC 70 | #define NO_PSK 71 | #define NO_MD4 72 | #define NO_PWDBASED 73 | #define WC_NO_ASYNC_THREADING 74 | #define HAVE_DH_DEFAULT_PARAMS 75 | #define GCM_TABLE_4BIT 76 | #define HAVE_AESGCM 77 | #define HAVE_WC_INTROSPECTION 78 | #define OPENSSL_COEXIST 79 | #define NO_OLD_RNGNAME 80 | #define NO_OLD_WC_NAMES 81 | #define NO_OLD_SSL_NAMES 82 | #define NO_OLD_SHA_NAMES 83 | #define NO_OLD_MD5_NAME 84 | #define NO_OLD_SHA256_NAMES 85 | #define HAVE_PUBLIC_FFDHE 86 | #define HAVE_FFDHE_2048 87 | #define HAVE_FFDHE_3072 88 | #define HAVE_FFDHE_4096 89 | #define Sha3 wc_Sha3 90 | #define WOLFSSL_VALIDATE_ECC_IMPORT 91 | #define WOLFSSL_VALIDATE_FFC_IMPORT 92 | #define HAVE_FFDHE_Q 93 | #define WOLFSSL_NO_SHAKE256 94 | #define WOLFSSL_NOSHA512_224 95 | #define WOLFSSL_NOSHA512_256 96 | #define WOLFSSL_PSS_LONG_SALT 97 | #define WOLFSSL_PSS_SALT_LEN_DISCOVER 98 | 99 | #ifdef _WIN64 100 | #define WOLFSSL_AESNI 101 | #endif 102 | 103 | /* Needed to export symbols in the final DLL */ 104 | #define OPENSSL_SYS_WINDOWS 105 | #define OPENSSL_OPT_WINDLL 106 | 107 | #endif /* _WIN32 */ 108 | 109 | #endif 110 | -------------------------------------------------------------------------------- /windows/props/base.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | $(SolutionDir)$(Configuration)\$(Platform)\ 7 | $(Configuration)\$(Platform)\$(ProjectName)_obj\ 8 | <_PropertySheetDisplayName>Base 9 | 10 | 11 | 12 | ..\..\openssl\include;..\..\wolfssl;..\include 13 | WOLFSSL_USER_SETTINGS;WOLFENGINE_USER_SETTINGS 14 | Level3 15 | 16 | 17 | NotSet 18 | ..\..\openssl\libcrypto.lib;%(AdditionalDependencies) 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /windows/props/base_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | <_PropertySheetDisplayName>Base test 9 | 10 | 11 | 12 | ..\..\openssl\libssl.lib;$(SolutionDir)$(Configuration)\$(Platform)\wolfEngine.lib;%(AdditionalDependencies) 13 | Console 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /windows/props/base_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | <_PropertySheetDisplayName>Base wolfEngine 9 | 10 | 11 | 12 | BUILDING_WOLFENGINE;%(PreprocessorDefinitions) 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /windows/props/debug.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>Debug 7 | 8 | 9 | 10 | MultiThreadedDebugDLL 11 | Disabled 12 | 13 | 14 | true 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/debug_fips.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>Debug FIPS 7 | 8 | 9 | 10 | ..\..\wolfssl\IDE\WIN10\DLL Debug\$(Platform)\wolfssl-fips.lib;%(AdditionalDependencies) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/debug_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug FIPS Test 10 | 11 | 12 | 13 | copy /Y "$(ProjectDir)..\..\openssl\*.dll" "$(OutDir)" 14 | copy /Y "$(ProjectDir)..\..\wolfssl\IDE\WIN10\DLL Debug\$(Platform)\*.dll" "$(OutDir)" 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/debug_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/debug_non_fips.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | <_PropertySheetDisplayName>Debug Non-FIPS 9 | 10 | 11 | 12 | ..\..\wolfssl\DLL Debug\$(Platform)\wolfssl.lib;%(AdditionalDependencies) 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /windows/props/debug_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug Non-FIPS Test 10 | 11 | 12 | 13 | copy /Y "$(ProjectDir)..\..\openssl\*.dll" "$(OutDir)" 14 | copy /Y "$(ProjectDir)..\..\wolfssl\DLL Debug\$(Platform)\*.dll" "$(OutDir)" 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/debug_non_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug Non-FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/debug_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug test 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/debug_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Debug wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>DLL 7 | 8 | 9 | 10 | WOLFENGINE_DLL;%(PreprocessorDefinitions) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/dll_debug_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Debug FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_debug_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Debug FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_debug_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Debug Non-FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_debug_non_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Debug Non-FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_release_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Release FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_release_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Release FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_release_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Release Non-FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/dll_release_non_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>DLL Release Non-FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/fips_140_2.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>FIPS 140-2 7 | 8 | 9 | 10 | .\fips_140_2;%(AdditionalIncludeDirectories) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/fips_140_3.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>FIPS 140-3 7 | 8 | 9 | 10 | .\fips_140_3;%(AdditionalIncludeDirectories) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/fips_ready.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>FIPS Ready 7 | 8 | 9 | 10 | .\fips_ready;%(AdditionalIncludeDirectories) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/non_fips.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>Non-FIPS 7 | 8 | 9 | 10 | .\non_fips;%(AdditionalIncludeDirectories) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/release.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>Release 7 | 8 | 9 | 10 | true 11 | 12 | 13 | 14 | 15 | true 16 | MultiThreadedDLL 17 | 18 | 19 | true 20 | true 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /windows/props/release_fips.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | <_PropertySheetDisplayName>Release FIPS 7 | 8 | 9 | 10 | ..\..\wolfssl\IDE\WIN10\DLL Release\$(Platform)\wolfssl-fips.lib;%(AdditionalDependencies) 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /windows/props/release_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release FIPS Test 10 | 11 | 12 | 13 | copy /Y "$(ProjectDir)..\..\openssl\*.dll" "$(OutDir)" 14 | copy /Y "$(ProjectDir)..\..\wolfssl\IDE\WIN10\DLL Release\$(Platform)\*.dll" "$(OutDir)" 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/release_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release FIPS wolfEngine 10 | 11 | 12 | 13 | %(AdditionalDependencies) 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /windows/props/release_non_fips.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | <_PropertySheetDisplayName>Release Non-FIPS 9 | 10 | 11 | 12 | ..\..\wolfssl\DLL Release\$(Platform)\wolfssl.lib;%(AdditionalDependencies) 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /windows/props/release_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release Non-FIPS Test 10 | 11 | 12 | 13 | copy /Y "$(ProjectDir)..\..\openssl\*.dll" "$(OutDir)" 14 | copy /Y "$(ProjectDir)..\..\wolfssl\DLL Release\$(Platform)\*.dll" "$(OutDir)" 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /windows/props/release_non_fips_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release Non-FIPS wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/release_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/release_wolfengine.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Release wolfEngine 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/static_debug_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Static Debug FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/static_debug_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Static Debug Non-FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/static_release_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Static Release FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/static_release_non_fips_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <_PropertySheetDisplayName>Static Release Non-FIPS Test 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /windows/props/static_test.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | --static 6 | 7 | 8 | <_PropertySheetDisplayName>Static test 9 | 10 | 11 | 12 | 13 | $(LocalDebuggerCommandArguments) 14 | 15 | 16 | -------------------------------------------------------------------------------- /windows/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by wolfEngine.rc 4 | // 5 | 6 | // Next default values for new objects 7 | // 8 | #ifdef APSTUDIO_INVOKED 9 | #ifndef APSTUDIO_READONLY_SYMBOLS 10 | #define _APS_NEXT_RESOURCE_VALUE 101 11 | #define _APS_NEXT_COMMAND_VALUE 40001 12 | #define _APS_NEXT_CONTROL_VALUE 1001 13 | #define _APS_NEXT_SYMED_VALUE 101 14 | #endif 15 | #endif 16 | -------------------------------------------------------------------------------- /windows/test.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | Source Files 53 | 54 | 55 | Source Files 56 | 57 | 58 | Source Files 59 | 60 | 61 | Source Files 62 | 63 | 64 | 65 | 66 | Header Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /windows/test.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | OPENSSL_ENGINES=$(OutDir) 5 | $(LocalDebuggerEnvironment) 6 | WindowsLocalDebugger 7 | 8 | 9 | OPENSSL_ENGINES=$(OutDir) 10 | $(LocalDebuggerEnvironment) 11 | WindowsLocalDebugger 12 | 13 | 14 | OPENSSL_ENGINES=$(OutDir) 15 | WindowsLocalDebugger 16 | 17 | 18 | OPENSSL_ENGINES=$(OutDir) 19 | WindowsLocalDebugger 20 | 21 | 22 | OPENSSL_ENGINES=$(OutDir) 23 | WindowsLocalDebugger 24 | 25 | 26 | OPENSSL_ENGINES=$(OutDir) 27 | $(LocalDebuggerEnvironment) 28 | WindowsLocalDebugger 29 | 30 | 31 | OPENSSL_ENGINES=$(OutDir) 32 | $(LocalDebuggerEnvironment) 33 | WindowsLocalDebugger 34 | 35 | 36 | OPENSSL_ENGINES=$(OutDir) 37 | WindowsLocalDebugger 38 | 39 | 40 | OPENSSL_ENGINES=$(OutDir) 41 | $(LocalDebuggerEnvironment) 42 | WindowsLocalDebugger 43 | 44 | 45 | OPENSSL_ENGINES=$(OutDir) 46 | WindowsLocalDebugger 47 | 48 | 49 | OPENSSL_ENGINES=$(OutDir) 50 | $(LocalDebuggerEnvironment) 51 | WindowsLocalDebugger 52 | 53 | 54 | OPENSSL_ENGINES=$(OutDir) 55 | WindowsLocalDebugger 56 | 57 | 58 | -------------------------------------------------------------------------------- /windows/wolfEngine.rc: -------------------------------------------------------------------------------- 1 | // Microsoft Visual C++ generated resource script. 2 | // 3 | #include "resource.h" 4 | 5 | #define APSTUDIO_READONLY_SYMBOLS 6 | ///////////////////////////////////////////////////////////////////////////// 7 | // 8 | // Generated from the TEXTINCLUDE 2 resource. 9 | // 10 | #include "winres.h" 11 | 12 | ///////////////////////////////////////////////////////////////////////////// 13 | #undef APSTUDIO_READONLY_SYMBOLS 14 | 15 | ///////////////////////////////////////////////////////////////////////////// 16 | // English (United States) resources 17 | 18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) 19 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 20 | #pragma code_page(1252) 21 | 22 | #ifdef APSTUDIO_INVOKED 23 | ///////////////////////////////////////////////////////////////////////////// 24 | // 25 | // TEXTINCLUDE 26 | // 27 | 28 | 1 TEXTINCLUDE 29 | BEGIN 30 | "resource.h\0" 31 | END 32 | 33 | 2 TEXTINCLUDE 34 | BEGIN 35 | "#include ""winres.h""\r\n" 36 | "\0" 37 | END 38 | 39 | 3 TEXTINCLUDE 40 | BEGIN 41 | "\r\n" 42 | "\0" 43 | END 44 | 45 | #endif // APSTUDIO_INVOKED 46 | 47 | 48 | ///////////////////////////////////////////////////////////////////////////// 49 | // 50 | // Version 51 | // 52 | 53 | VS_VERSION_INFO VERSIONINFO 54 | FILEVERSION 1,0,0,0 55 | PRODUCTVERSION 1,0,0,0 56 | FILEFLAGSMASK 0x3fL 57 | #ifdef _DEBUG 58 | FILEFLAGS 0x1L 59 | #else 60 | FILEFLAGS 0x0L 61 | #endif 62 | FILEOS 0x40004L 63 | FILETYPE 0x2L 64 | FILESUBTYPE 0x0L 65 | BEGIN 66 | BLOCK "StringFileInfo" 67 | BEGIN 68 | BLOCK "040904b0" 69 | BEGIN 70 | VALUE "CompanyName", "wolfSSL Inc." 71 | VALUE "FileDescription", "OpenSSL engine using wolfSSL" 72 | VALUE "FileVersion", "1.0.0.0" 73 | VALUE "InternalName", "wolfEngine.dll" 74 | VALUE "LegalCopyright", "Copyright (C) 2023" 75 | VALUE "OriginalFilename", "wolfEngine.dll" 76 | VALUE "ProductName", "wolfEngine" 77 | VALUE "ProductVersion", "1.0.0.0" 78 | END 79 | END 80 | BLOCK "VarFileInfo" 81 | BEGIN 82 | VALUE "Translation", 0x409, 1200 83 | END 84 | END 85 | 86 | #endif // English (United States) resources 87 | ///////////////////////////////////////////////////////////////////////////// 88 | 89 | 90 | 91 | #ifndef APSTUDIO_INVOKED 92 | ///////////////////////////////////////////////////////////////////////////// 93 | // 94 | // Generated from the TEXTINCLUDE 3 resource. 95 | // 96 | 97 | 98 | ///////////////////////////////////////////////////////////////////////////// 99 | #endif // not APSTUDIO_INVOKED 100 | 101 | -------------------------------------------------------------------------------- /windows/wolfEngine.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | Source Files 53 | 54 | 55 | Source Files 56 | 57 | 58 | Source Files 59 | 60 | 61 | Source Files 62 | 63 | 64 | Source Files 65 | 66 | 67 | Source Files 68 | 69 | 70 | Source Files 71 | 72 | 73 | Source Files 74 | 75 | 76 | Source Files 77 | 78 | 79 | 80 | 81 | Header Files 82 | 83 | 84 | Header Files 85 | 86 | 87 | Header Files 88 | 89 | 90 | Header Files 91 | 92 | 93 | Header Files 94 | 95 | 96 | Header Files 97 | 98 | 99 | Header Files 100 | 101 | 102 | 103 | 104 | Resource Files 105 | 106 | 107 | -------------------------------------------------------------------------------- /windows/wolfEngine.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | --------------------------------------------------------------------------------