Merge branch 'master' into merge-fips-builds

Author: ejohnstown

INSTALL

@@ -264,20 +264,20 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
     branch of the hash-sigs project.
 
     Currently the hash-sigs project only builds static libraries:
+      - hss_verify.a: a single-threaded verify-only static lib.
       - hss_lib.a: a single-threaded static lib.
       - hss_lib_thread.a: a multi-threaded static lib.
 
     The multi-threaded version will mainly have speedups for key
     generation and signing.
 
-    Additionally, the hash-sigs project can be modified to build
-    and install a shared library in /usr/local with either single
-    or multi-threaded versions.  If the shared version has been
-    built, libhss.so is the assumed name.
+    The default LMS build (--enable-lms) will look for
+    hss_lib.a first, and hss_lib_thread.a second, in a specified
+    hash-sigs dir.
 
-    wolfSSL supports either option, and by default will look for
-    hss_lib.a first, and hss_lib_thread.a second, and libhss.so
-    lastly, in a specified hash-sigs dir.
+    The LMS verify-only build (--enable-lms=verify-only) will look
+    for hss_verify.a only, which is a slimmer library that includes
+    only the minimal functions necessary for signature verification.
 
     How to get and build the hash-sigs library:
       $ mkdir ~/hash_sigs
@@ -299,12 +299,17 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
       $ ls *.a
       hss_lib_thread.a
 
+    To build verify-only:
+      $ make hss_verify.a
+      $ ls *.a
+      hss_verify.a
+
     Build wolfSSL with
     $ ./configure \
         --enable-static \
         --disable-shared \
-        --enable-lms=yes \
-        --with-liblms=<path to dir containing hss_lib_thread.a>
+        --enable-lms \
+        --with-liblms=<path to dir containing hss_lib.a or hss_lib_thread.a>
     $ make
 
     Run the benchmark against LMS/HSS with:

configure.ac

@@ -1141,6 +1141,49 @@ then
 fi
 
 
+# LMS
+AC_ARG_ENABLE([lms],
+    [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
+    [ ENABLED_LMS=$enableval ],
+    [ ENABLED_LMS=no ]
+    )
+
+ENABLED_WC_LMS=no
+for v in `echo $ENABLED_LMS | tr "," " "`
+do
+  case $v in
+  yes)
+    ;;
+  no)
+    ;;
+  verify-only)
+    LMS_VERIFY_ONLY=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
+    ;;
+  wolfssl)
+    ENABLED_WC_LMS=yes
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
+    ;;
+  *)
+    AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
+    break;;
+  esac
+done
+
+if test "$ENABLED_LMS" != "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
+
+    if test "$ENABLED_WC_LMS" = "no";
+    then
+        # Default is to use hash-sigs LMS lib. Make sure it's enabled.
+        if test "$ENABLED_LIBLMS" = "no"; then
+            AC_MSG_ERROR([The default implementation for LMS is the hash-sigs LMS/HSS lib.
+            Please use --with-liblms.])
+        fi
+    fi
+fi
+
 # liblms
 # Get the path to the hash-sigs LMS HSS lib.
 ENABLED_LIBLMS="no"
@@ -1160,10 +1203,21 @@ AC_ARG_WITH([liblms],
                 tryliblmsdir="/usr/local"
             fi
 
-            # 1. By default use the hash-sigs single-threaded static library.
-            # 2. If 1 not found, then use the multi-threaded static lib.
-            # 3. If 2 not found, then use the multi-threaded dynamic lib.
-            if test -e $tryliblmsdir/hss_lib.a; then
+            # 1. If verify only build, use hss_verify.a
+            # 2. If normal build, by default use single-threaded hss_lib.a
+            # 3. If 2 not found, then use the multi-threaded hss_lib_thread.a
+            if test "$LMS_VERIFY_ONLY" = "yes"; then
+                if test -e $tryliblmsdir/hss_verify.a; then
+                    CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
+                    LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a"
+                    enable_shared=no
+                    enable_static=yes
+                    liblms_linked=yes
+                else
+                    AC_MSG_ERROR([hss_verify.a isn't found.
+                    If it's already installed, specify its path using --with-liblms=/dir/])
+                fi
+            elif test -e $tryliblmsdir/hss_lib.a; then
                 CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
                 LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a"
                 enable_shared=no
@@ -1175,12 +1229,6 @@ AC_ARG_WITH([liblms],
                 enable_shared=no
                 enable_static=yes
                 liblms_linked=yes
-            elif test -e $tryliblmsdir/lib/libhss.so; then
-                LIBS="$LIBS -lhss"
-                CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir/include/hss"
-                LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliblmsdir/lib"
-
-                AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
             else
                 AC_MSG_ERROR([liblms isn't found.
                 If it's already installed, specify its path using --with-liblms=/dir/])
@@ -1203,47 +1251,6 @@ AC_ARG_WITH([liblms],
     ]
 )
 
-
-# LMS
-AC_ARG_ENABLE([lms],
-    [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
-    [ ENABLED_LMS=$enableval ],
-    [ ENABLED_LMS=no ]
-    )
-
-ENABLED_WC_LMS=no
-for v in `echo $ENABLED_LMS | tr "," " "`
-do
-  case $v in
-  yes)
-    ;;
-  no)
-    ;;
-  wolfssl)
-    ENABLED_WC_LMS=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
-    ;;
-  *)
-    AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
-    break;;
-  esac
-done
-
-if test "$ENABLED_LMS" != "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
-
-    if test "$ENABLED_WC_LMS" = "no";
-    then
-        # Default is to use hash-sigs LMS lib. Make sure it's enabled.
-        if test "$ENABLED_LIBLMS" = "no"; then
-            AC_MSG_ERROR([The default implementation for LMS is the hash-sigs LMS/HSS lib.
-            Please use --with-liblms.])
-        fi
-    fi
-fi
-
-
 # SINGLE THREADED
 AC_ARG_ENABLE([singlethreaded],
     [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
@@ -2268,7 +2275,7 @@ AC_ARG_ENABLE([aescbc],
 if test "$ENABLED_AESCBC" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
-    AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AES_CBC"
+    AM_CCASFLAGS="$AM_CCASFLAGS -DNO_AES_CBC"
 fi
 
 # AES-CBC length checks (checks that input lengths are multiples of block size)
@@ -2582,7 +2589,7 @@ then
             AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto])
             ;;
         armv7a*)
-            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7"
+            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
@@ -5984,6 +5991,11 @@ then
         ENABLED_CERTGEN="yes"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
     fi
+    if test "x$ENABLED_CERTREQ" = "xno"
+    then
+        ENABLED_CERTREQ="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
+    fi
     if test "x$ENABLED_SNI" = "xno"
     then
         ENABLED_SNI="yes"

doc/dox_comments/header_files-ja/asn_public.h

@@ -393,7 +393,7 @@ int  wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
     \return ASN_NO_SIGNER_E CA証明書の主体者を検証することができない場合に返されます。
 
     \param cert 主体者の別名を設定する対象のCert構造体へのポインタ
-    \param file PEM形式の証明書を格納しているバッファへのポインタ。
+    \param file PEM形式の証明書のファイルパス
 
     _Example_
     \code
@@ -901,7 +901,7 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
     \return MEMORY_E メモリの確保に失敗した際に返されます。
 
     \param fileName PEM形式のファイルパス
-    \param derBuf DER形式証明書を出力する先のバッファ
+    \param derBuf DER形式証明書を出力する先のバッファへのポインタ
     \param derSz DER形式証明書を出力する先のバッファのサイズ
 
     _Example_
@@ -1127,7 +1127,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx,
 /*!
     \ingroup ASN
 
-    \brief この関数はECC秘密鍵をDER形式で出力します。
+    \brief この関数はECC秘密鍵をDER形式でバッファに出力します。
 
     \return ECC秘密鍵をDER形式での出力に成功した場合にはバッファへ出力したサイズを返します。
     \return BAD_FUNC_ARG 出力バッファoutputがNULLあるいはinLenがゼロの場合に返します。
@@ -1201,7 +1201,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
     処理したバッファのサイズを返します。変換して得られるDER形式のECC公開鍵は出力バッファに格納されます。
     AlgCurveフラグの指定により、アルゴリズムと曲線情報をヘッダーに含めることができます。
 
-    \return >0 成功時には処理したバッファのサイズを返します。
+    \return 成功時には処理したバッファのサイズを返します。
     \return BAD_FUNC_ARG 出力バッファoutputあるいはecc_key構造体keyがNULLの場合に返します。
     \return LENGTH_ONLY_E ECC公開鍵のサイズ取得に失敗した場合に返します。
     \return BUFFER_E 出力バッファが必要量より小さい場合に返します。
@@ -1496,7 +1496,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out,
 /*!
     \ingroup ASN
 
-    \brief この関数は暗号化されたPKCS#8のDER形式の鍵を受け取り、復号してPKCS#8 非暗号化DER形式に変換します。
+    \brief この関数は暗号化されたPKCS#8のDER形式の鍵を受け取り、復号してPKCS#8 DER形式に変換します。
      wc_EncryptPKCS8Keyによって行われた暗号化を元に戻します。RFC5208を参照してください。
      入力データは復号データによって上書きされます。
 
@@ -1794,11 +1794,11 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
         // failed to set the callback
     }
 
-    // oid: Array of integers that are the dot separated values in an oid.
-    // oidSz: Number of values in oid.
-    // crit: Whether the extension was mark critical.
-    // der: The der encoding of the content of the extension.
-    // derSz: The size in bytes of the der encoding.
+    // oid: OIDを構成するドット区切りの数を格納した配列
+    // oidSz: oid内の値の数
+    // crit: 拡張がクリティカルとマークされているか
+    // der: DERエンコードされている拡張の内容
+    // derSz: 拡張の内容のサイズ
     int myCustomExtCallback(const word16* oid, word32 oidSz, int crit,
                             const unsigned char* der, word32 derSz) {
 
@@ -1808,6 +1808,8 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
         // 表明することになります。この拡張を処理できると判断できない場合にはエラーを
         // 返してください。クリティカルとマークされている未知の拡張に遭遇した際の標準的
         // な振る舞いはASN_CRIT_EXT_Eを返すことです。
+        // 簡潔にするためにこの例ではすべての拡張情報を受け入れ可としていますが、実際には実情に沿うようにロジックを追加してください。
+
         return 0;
     }
     \endcode

src/include.am

@@ -157,16 +157,26 @@ endif
 
 if BUILD_AES
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
-if BUILD_ARMASM_NEON
+if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
+endif BUILD_ARMASM
+if BUILD_ARMASM_NEON
 if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_CRYPTO
-endif BUILD_ARMASM_NEON
+else
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+endif !BUILD_ARMASM_NEON
 endif BUILD_AES
 
 if BUILD_AESNI
@@ -401,16 +411,28 @@ endif
 if !BUILD_FIPS_CURRENT
 if BUILD_AES
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes.c
-if BUILD_ARMASM_NEON
+if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
+endif BUILD_ARMASM
+if BUILD_ARMASM_NEON
 if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_CRYPTO
-endif BUILD_ARMASM_NEON
+else
+if BUILD_ARMASM
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM
+endif !BUILD_ARMASM_NEON
 if BUILD_AFALG
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/af_alg/afalg_aes.c
 endif BUILD_AFALG

src/internal.c

@@ -9199,13 +9199,21 @@ int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
      * to be used for triggering retransmission of whole DtlsMsgPool.
      * change cipher suite type is not verified here
      */
-    return ((fragOffset == 0) &&
-           (((ssl->options.side == WOLFSSL_SERVER_END) &&
-             ((type == client_hello) ||
-             ((ssl->options.verifyPeer) && (type == certificate)) ||
-             ((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
-            ((ssl->options.side == WOLFSSL_CLIENT_END) &&
-             (type == hello_request || type == server_hello))));
+    if (fragOffset == 0) {
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            if (type == client_hello)
+                return 1;
+            else if (ssl->options.verifyPeer && type == certificate)
+                return 1;
+            else if (!ssl->options.verifyPeer && type == client_key_exchange)
+                return 1;
+        }
+        else {
+            if (type == hello_request || type == server_hello)
+                return 1;
+        }
+    }
+    return 0;
 }
 
 
@@ -20003,9 +20011,10 @@ static int HandleDTLSDecryptFailed(WOLFSSL* ssl)
 
 static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
 {
-    if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) {
+    if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0) &&
+            !ssl->options.dtlsHsRetain) {
         WOLFSSL_MSG("Silently dropping plaintext DTLS message "
-                    "on established connection.");
+                    "on established connection when we have nothing to send.");
         return 1;
     }
 

src/ssl.c

@@ -8300,7 +8300,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
         /* pass directory read failure to response code */
         if (fileRet != WC_READDIR_NOFILE) {
             ret = fileRet;
-    #if defined(WOLFSSL_QT)
+    #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
             if (ret == BAD_PATH_ERROR &&
                 flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) {
                /* QSslSocket always loads certs in system folder