len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-10-16 09:47:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update wolfSSL to the latest version(v.4.5.0) (#303)

Browse source 
* deleted old version wolfSSL before updating

* updated wolfSSL to the latest version(v4.4.0)

* updated wolfSSL to the latest version(v4.4.0)

* added macros for timing resistance

* Add wolfSSL-FIPS-Ready to Demo and Source

* Add wolfSSL-FIPS-Ready to Demo and Source

* Update README_wolfSSL_FIPS_Ready.md

* Remove unused files

* Update to wolfSSL-4.5.0-FIPS-Ready

* Increase FIPS version number for the default

* Update wolfSSL to the latest version(v.4.5.0)

* Fix version number

* Fix comments from github

Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Co-authored-by: Ming Yue <mingyue86010@gmail.com>
Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Co-authored-by: Alfred Gedeon <alfred2g@hotmail.com>
This commit is contained in:
TakayukiMatsuo 2020-10-24 11:35:06 +09:00 committed by GitHub
parent ee588710dd
commit c44794cd11
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
471 changed files with 792175 additions and 60158 deletions
Download patch file Download diff file Expand all files Collapse all files

189
FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/random.c
View file

@ -19,7 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library contains implementation for the random number generator.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
@ -487,7 +492,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
if (i == (len-1)) {
len++;
}
drbg->matchCount = 1;
@ -511,6 +516,10 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
}
}
}
else {
/* wc_Sha256Update or wc_Sha256Final returned error */
break;
}
}
ForceZero(data, sizeof(data));
@ -614,7 +623,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret;
int ret = DRBG_FAILURE;
XMEMSET(drbg, 0, sizeof(DRBG));
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@ -645,9 +654,6 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
drbg->matchCount = 0;
ret = DRBG_SUCCESS;
}
else {
ret = DRBG_FAILURE;
}
return ret;
}
@ -674,7 +680,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
{
int ret = DRBG_SUCCESS;
int ret = 0;
/* Check the seed for duplicate words. */
word32 seedIdx = 0;
@ -700,7 +706,7 @@ int wc_RNG_TestSeed(const byte* seed, word32 seedSz)
static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId)
{
int ret = RNG_FAILURE_E;
int ret = 0;
#ifdef HAVE_HASHDRBG
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
#endif
@ -773,6 +779,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
#else
/* compile-time validation of drbg_data size */
typedef char drbg_data_test[sizeof(rng->drbg_data) >=
@ -780,16 +790,14 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
(void)sizeof(drbg_data_test);
rng->drbg = (struct DRBG*)rng->drbg_data;
#endif
if (rng->drbg == NULL) {
ret = MEMORY_E;
}
else {
if (ret == 0) {
ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
if (ret != 0)
ret = DRBG_FAILURE;
else
if (ret == 0)
ret = wc_RNG_TestSeed(seed, seedSz);
else {
ret = DRBG_FAILURE;
rng->status = DRBG_FAILED;
}
if (ret == DRBG_SUCCESS)
ret = Hash_DRBG_Instantiate(rng->drbg,
@ -1107,20 +1115,20 @@ exit_rng_ht:
}
const byte seedA[] = {
const FLASH_QUALIFIER byte seedA_data[] = {
0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
};
const byte reseedSeedA[] = {
const FLASH_QUALIFIER byte reseedSeedA_data[] = {
0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
};
const byte outputA[] = {
const FLASH_QUALIFIER byte outputA_data[] = {
0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
@ -1134,7 +1142,7 @@ const byte outputA[] = {
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
const byte seedB[] = {
const FLASH_QUALIFIER byte seedB_data[] = {
0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, /* nonce next */
@ -1142,7 +1150,7 @@ const byte seedB[] = {
0xdb, 0xcb, 0xcc, 0x2e
};
const byte outputB[] = {
const FLASH_QUALIFIER byte outputB_data[] = {
0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
@ -1175,17 +1183,65 @@ static int wc_RNG_HealthTestLocal(int reseed)
#endif
if (reseed) {
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA),
reseedSeedA, sizeof(reseedSeedA),
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedA || !reseedSeedA || !outputA) {
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
XMEMCPY_P(seedA, seedA_data, sizeof(seedA_data));
XMEMCPY_P(reseedSeedA, reseedSeedA_data, sizeof(reseedSeedA_data));
XMEMCPY_P(outputA, outputA_data, sizeof(outputA_data));
#else
const byte* seedA = seedA_data;
const byte* reseedSeedA = reseedSeedA_data;
const byte* outputA = outputA_data;
#endif
ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE);
if (ret == 0) {
if (ConstantCompare(check, outputA,
RNG_HEALTH_TEST_CHECK_SIZE) != 0)
ret = -1;
}
#ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
}
else {
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB),
#ifdef WOLFSSL_USE_FLASHMEM
byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (!seedB || !outputB) {
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = MEMORY_E;
}
else {
XMEMCPY_P(seedB, seedB_data, sizeof(seedB_data));
XMEMCPY_P(outputB, outputB_data, sizeof(outputB_data));
#else
const byte* seedB = seedB_data;
const byte* outputB = outputB_data;
#endif
ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE);
if (ret == 0) {
@ -1200,16 +1256,22 @@ static int wc_RNG_HealthTestLocal(int reseed)
* byte 32, feed them into the health test separately. */
if (ret == 0) {
ret = wc_RNG_HealthTest_ex(0,
seedB + 32, sizeof(seedB) - 32,
seedB + 32, sizeof(seedB_data) - 32,
seedB, 32,
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
NULL, INVALID_DEVID);
if (ret == 0) {
if (ConstantCompare(check, outputB, sizeof(outputB)) != 0)
if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
ret = -1;
}
}
#ifdef WOLFSSL_USE_FLASHMEM
XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
}
#ifdef WOLFSSL_SMALL_STACK
@ -1607,6 +1669,24 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif (defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC_RNG)) && \
!defined(WOLFSSL_PIC32MZ_RNG)
/* enable ATECC RNG unless using PIC32MZ one instead */
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(MICROCHIP_PIC32)
@ -2052,36 +2132,42 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_NRF51)
#elif defined(WOLFSSL_NRF51) || defined(WOLFSSL_NRF5x)
#include "app_error.h"
#include "nrf_drv_rng.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int remaining = sz, length, pos = 0;
uint8_t available;
uint32_t err_code;
uint8_t available;
static uint8_t initialized = 0;
(void)os;
/* Make sure RNG is running */
err_code = nrf_drv_rng_init(NULL);
if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) {
return -1;
if (!initialized) {
err_code = nrf_drv_rng_init(NULL);
if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE
#ifdef NRF_ERROR_MODULE_ALREADY_INITIALIZED
&& err_code != NRF_ERROR_MODULE_ALREADY_INITIALIZED
#endif
) {
return -1;
}
initialized = 1;
}
while (remaining > 0) {
err_code = nrf_drv_rng_bytes_available(&available);
if (err_code == NRF_SUCCESS) {
length = (remaining < available) ? remaining : available;
if (length > 0) {
err_code = nrf_drv_rng_rand(&output[pos], length);
remaining -= length;
pos += length;
available = 0;
nrf_drv_rng_bytes_available(&available); /* void func */
length = (remaining < available) ? remaining : available;
if (length > 0) {
err_code = nrf_drv_rng_rand(&output[pos], length);
if (err_code != NRF_SUCCESS) {
break;
}
}
if (err_code != NRF_SUCCESS) {
break;
remaining -= length;
pos += length;
}
}
@ -2116,23 +2202,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_ATMEL)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
(void)os;
if (output == NULL) {
return BUFFER_E;
}
ret = atmel_get_random_number(sz, output);
return ret;
}
#elif defined(INTIME_RTOS)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
@ -2295,7 +2364,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif
#include "r_bsp/platform.h"
#include "r_tsip_rx_if.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret;
@ -2303,7 +2372,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
while (sz > 0) {
uint32_t len = sizeof(buffer);
if (sz < len) {
len = sz;
}