Merge branch 'master' into feature/integrate_openssl_comp_fixes

Author: Roy-Carter

IDE/MDK5-ARM/Conf/user_settings.h

@@ -208,9 +208,9 @@
 #endif
 //  </e>
 //      <e>BLAKE2
-#define MDK_CONF_BLAKE2 0
-#if MDK_CONF_BLAKE2 == 1
-#define HAVE_BLAKE2
+#define MDK_CONF_BLAKE2B 0
+#if MDK_CONF_BLAKE2B == 1
+#define HAVE_BLAKE2B
 #endif
 //  </e>
 //      <e>HMAC

IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h

@@ -330,9 +330,9 @@ extern "C" {
 #endif
 
 /* Blake2B */
-#undef HAVE_BLAKE2
+#undef HAVE_BLAKE2B
 #if 0
-    #define HAVE_BLAKE2
+    #define HAVE_BLAKE2B
 #endif
 
 /* Blake2S */

cmake/functions.cmake

@@ -93,8 +93,8 @@ function(generate_build_flags)
     if(WOLFSSL_RIPEMD OR WOLFSSL_USER_SETTINGS)
         set(BUILD_RIPEMD "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_BLAKE2 OR WOLFSSL_USER_SETTINGS)
-        set(BUILD_BLAKE2 "yes" PARENT_SCOPE)
+    if(WOLFSSL_BLAKE2B OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_BLAKE2B "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_BLAKE2S OR WOLFSSL_USER_SETTINGS)
         set(BUILD_BLAKE2S "yes" PARENT_SCOPE)
@@ -869,7 +869,7 @@ function(generate_lib_src_list LIB_SOURCES)
             list(APPEND LIB_SOURCES wolfcrypt/src/ripemd.c)
         endif()
 
-        if(BUILD_BLAKE2)
+        if(BUILD_BLAKE2B)
             list(APPEND LIB_SOURCES wolfcrypt/src/blake2b.c)
         endif()
 

configure.ac

@@ -1502,7 +1502,7 @@ then
     test "$enable_base64encode" = "" && enable_base64encode=yes
     test "$enable_base16" = "" && enable_base16=yes
     test "$enable_arc4" = "" && enable_arc4=yes
-    test "$enable_blake2" = "" && enable_blake2=yes
+    test "$enable_blake2b" = "" && enable_blake2b=yes
     test "$enable_blake2s" = "" && enable_blake2s=yes
     test "$enable_md2" = "" && enable_md2=yes
     test "$enable_md4" = "" && enable_md4=yes
@@ -4442,15 +4442,21 @@ fi
 
 
 # BLAKE2
+AC_ARG_ENABLE([blake2b],
+    [AS_HELP_STRING([--enable-blake2b],[Enable wolfSSL BLAKE2b support (default: disabled)])],
+    [ ENABLED_BLAKE2B=$enableval ],
+    [ ENABLED_BLAKE2B=no ]
+    )
+
+# Backward-compat synonym for blake2b:
 AC_ARG_ENABLE([blake2],
     [AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
-    [ ENABLED_BLAKE2=$enableval ],
-    [ ENABLED_BLAKE2=no ]
+    [ ENABLED_BLAKE2B=$enableval ]
     )
 
-if test "$ENABLED_BLAKE2" = "yes"
+if test "$ENABLED_BLAKE2B" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2B"
 fi
 
 
@@ -4463,7 +4469,6 @@ AC_ARG_ENABLE([blake2s],
 if test "$ENABLED_BLAKE2S" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
-    ENABLED_BLAKE2="yes"
 fi
 
 
@@ -11492,7 +11497,7 @@ AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_BLAKE2B],[test "x$ENABLED_BLAKE2B" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -12013,7 +12018,7 @@ echo "   * SHA3:                       $ENABLED_SHA3"
 echo "   * SHAKE128:                   $ENABLED_SHAKE128"
 echo "   * SHAKE256:                   $ENABLED_SHAKE256"
 echo "   * SM3:                        $ENABLED_SM3"
-echo "   * BLAKE2:                     $ENABLED_BLAKE2"
+echo "   * BLAKE2B:                    $ENABLED_BLAKE2B"
 echo "   * BLAKE2S:                    $ENABLED_BLAKE2S"
 echo "   * SipHash:                    $ENABLED_SIPHASH"
 echo "   * CMAC:                       $ENABLED_CMAC"

examples/configs/user_settings_all.h

@@ -228,7 +228,6 @@ extern "C" {
 #define HAVE_X963_KDF
 #define WOLFSSL_CMAC
 #define WOLFSSL_DES_ECB
-#define HAVE_BLAKE2
 #define HAVE_BLAKE2B
 #define HAVE_BLAKE2S
 #define WOLFSSL_SIPHASH

examples/configs/user_settings_openssl_compat.h

@@ -199,7 +199,6 @@ extern "C" {
 #define WOLFSSL_SHA3
 #define WOLFSSL_SHAKE256
 
-#define HAVE_BLAKE2
 #define HAVE_BLAKE2B
 #define HAVE_BLAKE2S
 

examples/configs/user_settings_platformio.h

@@ -103,7 +103,6 @@
 #define TEST_ESPIDF_ALL_WOLFSSL
 #ifdef  TEST_ESPIDF_ALL_WOLFSSL
     #define WOLFSSL_MD2
-    #define HAVE_BLAKE2
     #define HAVE_BLAKE2B
     #define HAVE_BLAKE2S
 

linuxkm/module_exports.c.template

@@ -106,7 +106,7 @@
 #ifdef HAVE_ED448
     #include <wolfssl/wolfcrypt/ed448.h>
 #endif
-#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
+#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S)
     #include <wolfssl/wolfcrypt/blake2.h>
 #endif
 #ifdef WOLFSSL_SHA3

src/include.am

@@ -1304,7 +1304,7 @@ if BUILD_RIPEMD
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ripemd.c
 endif
 
-if BUILD_BLAKE2
+if BUILD_BLAKE2B
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/blake2b.c
 endif
 if BUILD_BLAKE2S

src/ssl_sess.c

@@ -483,6 +483,38 @@ int wolfSSL_memsave_session_cache(void* mem, int sz)
 }
 
 
+#if !defined(SESSION_CACHE_DYNAMIC_MEM) && \
+    (defined(HAVE_SESSION_TICKET) || \
+    (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)))
+static void SessionSanityPointerSet(SessionRow* row)
+{
+    int j;
+
+    /* Reset pointers to safe values after raw copy */
+    for (j = 0; j < SESSIONS_PER_ROW; j++) {
+        WOLFSSL_SESSION* s = &row->Sessions[j];
+#ifdef HAVE_SESSION_TICKET
+        s->ticket = s->staticTicket;
+        s->ticketLenAlloc = 0;
+        if (s->ticketLen > SESSION_TICKET_LEN) {
+            s->ticketLen = SESSION_TICKET_LEN;
+        }
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                 \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        s->ticketNonce.data = s->ticketNonce.dataStatic;
+        if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) {
+            s->ticketNonce.len = MAX_TICKET_NONCE_STATIC_SZ;
+        }
+#endif
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+        s->peer = NULL;
+#endif
+    }
+}
+#endif
+
 /* Restore the persistent session cache from memory */
 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
 {
@@ -522,6 +554,11 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz)
     #endif
 
         XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW);
+    #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \
+        (defined(HAVE_SESSION_TICKET) || \
+        (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)))
+        SessionSanityPointerSet(&SessionCache[i]);
+    #endif
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         SESSION_ROW_UNLOCK(&SessionCache[i]);
     #endif
@@ -681,6 +718,11 @@ int wolfSSL_restore_session_cache(const char *fname)
     #endif
 
         ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
+    #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \
+        (defined(HAVE_SESSION_TICKET) || \
+        (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)))
+        SessionSanityPointerSet(&SessionCache[i]);
+    #endif
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         SESSION_ROW_UNLOCK(&SessionCache[i]);
     #endif