diff --git a/icc/DELTA/exports/icclib_zos.h b/icc/DELTA/exports/icclib_zos.h index e5b1487..43d5423 100644 --- a/icc/DELTA/exports/icclib_zos.h +++ b/icc/DELTA/exports/icclib_zos.h @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ /* z/OS pragma's to control symbol visbility */ diff --git a/icc/DepScanner.java b/icc/DepScanner.java index 6c599ec..9ba4486 100644 --- a/icc/DepScanner.java +++ b/icc/DepScanner.java @@ -6,7 +6,7 @@ // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +// // Description: // // Input: functions.txt, symbols.txt @@ -18,8 +18,8 @@ // to produce a makefile stub which // includes only those objects ICC depends on directly or // indirectly to function. i.e. we produce a list of objects -// excluding "dead code" -*************************************************************************/ +// excluding "dead code" +// /* TBD diff --git a/icc/ICCencapsulator.java b/icc/ICCencapsulator.java index 426e634..ab197b3 100644 --- a/icc/ICCencapsulator.java +++ b/icc/ICCencapsulator.java @@ -422,6 +422,7 @@ public static void main(String[] args) doWork(new File_JCC_A_H()); // Header for jgsk_wrap2_a.c } catch (Exception e) { e.printStackTrace(); + System.exit(-1); } } } @@ -523,13 +524,13 @@ class FileType { FileWriter writer; public String name = ""; static final String copyrightheader = - "/*-----------------------------------------------------------------\n"+ - "// Copyright IBM Corp. 2023\n"+ - "//\n"+ - "// Licensed under the Apache License 2.0 (the \"License\"). You may not use\n"+ - "// this file except in compliance with the License. You can obtain a copy\n"+ - "// in the file LICENSE in the source distribution.\n"+ - "//----------------------------------------------------------------*/\n\n\n"; + "/*\n"+ + "** Machine generated code: DO NOT EDIT\n"+ + "**\n"+ + "** Licensed under the Apache License 2.0 (the \"License\"). You may not use\n"+ + "** this file except in compliance with the License. You can obtain a copy\n"+ + "** in the file LICENSE in the source distribution.\n"+ + "*/\n\n\n"; static final String preambleend = "/* Machine generated code: DO NOT EDIT */"; static final String postamble = "/* Machine generated code: DO NOT EDIT */"; @@ -573,6 +574,7 @@ class FileType { " * @return The path length on sucess,0 on failure, -1 on a parameter error\n"+ " */\n"+ "int ICC_LINKAGE gskiccs_path(char *return_path, int path_len);\n\n"+ + "int ICC_LINKAGE ICC_gskiccs_path(char *return_path, int path_len);\n\n"+ "\n", "#if defined(_WIN32)\n"+ @@ -1098,7 +1100,7 @@ class File_ICC_A_H extends FileType { public void Preamble() throws Exception { super.Preamble(); - writer.write("/** \\file icc_a.h\n" + "* Function prototypes for the ICC API (ICCSDK).\n" + writer.write("/*\n" + "* Function prototypes for the ICC API (ICCSDK).\n" + "* This file is autogenerated and should only be included via icc.h.\n" + "*/\n\n"); writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n"); @@ -1420,7 +1422,7 @@ public void Preamble() throws Exception { pcbtype = ICCencapsulator.ICCPCB; super.Preamble(); - writer.write("/*! \\file icc_a.h\n" + "* Function prototypes for the ICC API (ICCSDK)\n" + writer.write("/*\n" + "* Function prototypes for the ICC API (ICCSDK)\n" + "* This file is autogenerated and should only be included via icc.h\n" + "*/\n"); writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n\n"); @@ -1701,8 +1703,7 @@ public void Preamble() throws Exception { pcbtype = ICCencapsulator.ICCPCB; - writer.write("/*! \\file jcc_a.h\n" + "* Function prototypes for the ICC API (ICCSDK) - JCEPlus version \n" - + "* This file is autogenerated and should be included prior to icc.h\n" + "*/\n\n"); + writer.write("/*\n* This file is autogenerated and should be included prior to icc.h\n" + "*/\n\n"); // do this more elegantly iff we have more OS specific calls writer.write("#if defined(_WIN32)\n"); writer.write("# define ICC_InitW JCC_InitW\n"); @@ -1898,7 +1899,7 @@ public void Preamble() throws Exception { super.Preamble(); - writer.write("/** \\file icc_a.h\n"+ + writer.write("/*\n"+ "* Function prototypes for the ICC extended API.\n"+ "* This file is autogenerated and should only be included via icc_aux.h.\n"+ "*/\n\n"); diff --git a/icc/Makefile b/icc/Makefile index c29871d..a1b14d2 100644 --- a/icc/Makefile +++ b/icc/Makefile @@ -1,4 +1,11 @@ #****************************************************************************** +# +# Copyright IBM Corp. 2023 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution. +# #****************************************************************************** #- Default targets, before the makefile stubs below (some of which @@ -9,6 +16,9 @@ default: help # Makefile needs to define this as relative path from Makefile's dir to the base of ICC source dir ICC_ROOT=.. +HOSTNAME=$(shell hostname) +$(warning HOSTNAME=$(HOSTNAME)) + # This is the version tag inserted into the ICC shared library names # This exists to allow us to have both a certified and non-certified ICC in # the same process space. Namespacing takes care of MOST of the issues, @@ -138,17 +148,17 @@ $(OPSYS)_ARGON = $(argon2_obj) ARGON = $($(OPSYS)_ARGON) help: - echo make targets: - echo create_all - clean_all - scrubbed, create_all_no_legacy, create_all_FIPS - echo e.g: make -C icc OPSYS=WIN64_VS2022 CONFIG=debug create_all - echo PQC=NONE, PQC=LIBOQS, PQC= (default LIBDKS) - echo set_icc_version - echo e.g: 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number - echo build_all - echo create_pqc, build_pqc, clean_pqc - echo backup_libdks - echo tars up libdks which can be checked in to avoid git clones - echo show_config, show_version_info + @echo make targets: + @echo " create_all - clean_all - scrubbed, create_all_no_legacy, create_all_FIPS" + @echo " e.g: make -C icc OPSYS=WIN64_VS2022 CONFIG=debug create_all" + @echo " PQC=NONE, PQC=LIBOQS, PQC= (default LIBDKS)" + @echo set_icc_version + @echo e.g: 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number + @echo build_all + @echo create_pqc, build_pqc, clean_pqc + @echo backup_libdks + @echo tars up libdks which can be checked in to avoid git clones + @echo show_config, show_version_info # Fix a problem only on z/OS, the two stub loaders created from icc.c need to have # different object names on this platform @@ -230,7 +240,7 @@ create_openssl: $(ICC_ROOT)/openssl_source/$(OPENSSL_VER)-icc.tar.gz ) # test if the extract worked cd $(ICC_ROOT)/$(OPENSSL_VER) - -rm Build_OSSL_Complete + if [ -e Build_OSSL_Complete ] ; then rm Build_OSSL_Complete ; fi #- Create the OpenSSL sources from tarfile and patches on zOS #- This has NO automated dependencies as that messes the automated builds @@ -294,7 +304,7 @@ tar_libArgon: cd libArgon ; tar czf $(ICC_ROOT)/libArgon.tar.gz phc-winner-argon2 #Build_Argon: create_libArgon $(ICC_ROOT)/libArgon/phc-winner-argon2/Makefile -# $(MAKE) -C $(ICC_ROOT)/libArgon/phc-winner-argon2/ $(DKS_MAKE_FLAGS) libs +# "$(MAKE)" -C $(ICC_ROOT)/libArgon/phc-winner-argon2/ $(DKS_MAKE_FLAGS) libs ### Dilithium Kyber Sphincs @@ -358,29 +368,41 @@ $(ICC_ROOT)/libdks/kyber $(ICC_ROOT)/libdks/dilithium $(ICC_ROOT)/libdks/sphincs # nistkat needs to link to openssl so only build it for 64 bit linux AMD64_LINUX_PQCKAT=nistkat tests +# Sphincs KAT only compiles on linux +AMD64_LINUX_PQCKAT_SPHINCS=$(AMD64_LINUX_PQCKAT) # the nistkat test is crashing in 32 bit linux. Some linking problem LINUX_PQCKAT=nistkat WIN64_VS2022_PQCKAT=nistkat tests AIX64_PQCKAT=nistkat tests PQCKAT=$($(OPSYS)_PQCKAT) +PQCKAT_SPHINCS=$($(OPSYS)_PQCKAT_SPHINCS) + +.PHONY: create_dks build_dks_k build_dks_d build_dks_s build_dks + +build_dks_k: $(ICC_ROOT)/libdks/kyber/ref/Makefile + "$(MAKE)" -C $(ICC_ROOT)/libdks/kyber/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) + +build_dks_d: $(ICC_ROOT)/libdks/dilithium/ref/Makefile + "$(MAKE)" -C $(ICC_ROOT)/libdks/dilithium/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) + +build_dks_s: $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks/sphincs/ref/api.h + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128s static $(PQCKAT_SPHINCS) + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128f static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192s static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192f static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256s static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256f static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128s static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128f static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192s static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192f static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256s static + "$(MAKE)" -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256f static # the build (make) should always run -build_dks: create_dks $(ICC_ROOT)/libdks/defs.mk $(ICC_ROOT)/libdks/kyber/ref/Makefile $(ICC_ROOT)/libdks/dilithium/ref/Makefile \ - $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks/sphincs/ref/api.h - $(MAKE) -C $(ICC_ROOT)/libdks/kyber/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) - $(MAKE) -C $(ICC_ROOT)/libdks/dilithium/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128f static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192f static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256f static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128f static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192f static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256s static - $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256f static +build_dks: create_dks $(ICC_ROOT)/libdks/defs.mk \ + build_dks_k build_dks_d build_dks_s + @echo $@ built # update from our Makefile patches $(ICC_ROOT)/libdks/defs.mk: $(ICC_ROOT)/libdks_icc/defs.mk @@ -472,18 +494,19 @@ build_oqs: $(ICC_ROOT)/liboqs/CMakeCache.txt # our local liboqs integration and test code #icc_oqs: build_oqs -# $(MAKE) -C $(ICC_ROOT)/iccpkg/liboqs all +# "$(MAKE)" -C $(ICC_ROOT)/iccpkg/liboqs all create_pqc: $(PQC_CREATE) - echo "create: configured for: $(PQC_CREATE)" + @echo "create: configured for: $(PQC_CREATE)" build_pqc: $(PQC_TARGET) - echo "build: configured for: $(PQC_TARGET)" + @echo "build: configured for: $(PQC_TARGET)" clean_pqc: clean_oqs clean_dks - echo "clean: configured for: $(PQC_CREATE)" - -$(MAKE) -C $(ICC_ROOT)/iccpkg/pqc clean + @echo "clean: configured for: $(PQC_CREATE)" + "$(MAKE)" -C $(ICC_ROOT)/iccpkg/pqc clean -$(PACKAGE_DIR): - $(MKDIR) $@ +# made in gsk_crypto.mk +#$(PACKAGE_DIR): +# $(MKDIR) $@ $(SDK_DIR): $(PACKAGE_DIR) $(MKDIR) $@ @@ -521,10 +544,10 @@ iccVdump$(EXESUFX): iccVdump.c buildinfo.h # So a pre-built binary may not run on the target build machine. # So we dont depend on iccVdump binary but we force the build if we actually need it - then delete it. ICC_ver.txt: buildinfo.h - $(MAKE) clean_iccVdump - $(MAKE) iccVdump$(EXESUFX) + "$(MAKE)" clean_iccVdump + "$(MAKE)" iccVdump$(EXESUFX) ./iccVdump$(EXESUFX) >ICC_ver.txt - $(MAKE) clean_iccVdump + "$(MAKE)" clean_iccVdump exports: $(MKDIR) $@ @@ -540,7 +563,7 @@ ICCencapsulator.class: ICCencapsulator.java javac ICCencapsulator.java # the create_all_* needs to be ran manually -icc_a.h icc_a.c icclib_a.h icclib_a.c: +icc_a.h icc_a.c icclib_a.h icclib_a.c: functions.txt echo please make create_all false @@ -576,19 +599,19 @@ create_icc_FIPS: sed -i 's/^# non-FIPS;$$/# FIPS;/' functions.txt sed -i 's/^PREFIX=N;$$/PREFIX=C;/' functions.txt sed -i 's/VTAG=085$$/VTAG=084/' VTAG.mk - echo 'FIPS ICC builds have convention of even number release, E.g. 8.8.1, non-FIPS 8.9.1' + @echo 'FIPS ICC builds have convention of even number release, E.g. 8.8.1, non-FIPS 8.9.1' cat icc_curr_version # needs 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number set_icc_version: buildinfo.h - echo 'ICC_VERSION_VER.ICC_VERSION_REL.ICC_VERSION_MOD=$(ICC_VERSION_VER).$(ICC_VERSION_REL).$(ICC_VERSION_MOD)' + @echo 'ICC_VERSION_VER.ICC_VERSION_REL.ICC_VERSION_MOD=$(ICC_VERSION_VER).$(ICC_VERSION_REL).$(ICC_VERSION_MOD)' if [ ! -e iccversion.h.bak ] ; then cp iccversion.h iccversion.h.bak ; fi - sed -i 's/ICC_VERSION_REL .$$/ICC_VERSION_REL $(ICC_VERSION_REL)/' iccversion.h - sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' iccversion.h + sed -i 's/define ICC_VERSION_REL ..*$$/define ICC_VERSION_REL $(ICC_VERSION_REL)/' iccversion.h + sed -i 's/define ICC_VERSION_MOD ..*$$/define ICC_VERSION_MOD $(ICC_VERSION_MOD)/' iccversion.h if [ ! -e icc_minor_version.h.bak ] ; then cp icc_minor_version.h icc_minor_version.h.bak ; fi - sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' icc_minor_version.h + sed -i 's/define ICC_VERSION_MOD ..*$$/define ICC_VERSION_MOD $(ICC_VERSION_MOD)/' icc_minor_version.h if [ ! -e buildinfo.h.bak ] ; then cp buildinfo.h buildinfo.h.bak ; fi - sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' buildinfo.h + sed -i 's/define ICC_VERSION_MOD ..*$$/define ICC_VERSION_MOD $(ICC_VERSION_MOD)/' buildinfo.h sed -i 's/8.9/$(ICC_VERSION_VER).$(ICC_VERSION_REL)/' buildinfo.h if [ ! -e icc_curr_version.bak ] ; then cp icc_curr_version icc_curr_version.bak ; fi echo '$(ICC_VERSION_VER).$(ICC_VERSION_REL).$(ICC_VERSION_MOD)' > icc_curr_version @@ -621,16 +644,23 @@ show_version_info: buildinfo.h ICC_ver.txt echo IS_FIPS=$(IS_FIPS) -ls create*.0 +# defaults +ICC_VERSION_VER=8 +ICC_VERSION_REL=9 +ICC_VERSION_MOD=0 # # Just an annoyance during dev. builds. It's fine if it's empty. Typically a dev build. # buildinfo.h is normally written by the build system at extract time. # Note: buildinfo.h is only included (in iccversion.h) if ICC_OFFICIAL_BUILD is defined in CFLAGS, # or make ... BUILD=OFFICIAL ... # -ifeq ($(strip $(ICC_VERSION_MOD)),) -ICC_VERSION_MOD = 0 -endif - +ifeq ($(findstring OFFICIAL, $(BUILD)), OFFICIAL) +# probably bad extract or prebuild failed +buildinfo.h: + echo official build error detected + false +else +# create one for developer builds buildinfo.h: touch $@ echo '#define ICC_PRODUCT_NAME "icc_$(ICC_VERSION_VER).$(ICC_VERSION_REL)"' >> $@ @@ -643,6 +673,7 @@ buildinfo.h: echo '#define ICC_GIT_HASH ""' >> $@ echo '#define OCKC_GIT_BRANCH ""' >> $@ echo '#define OCKC_GIT_HASH ""' >> $@ +endif #- Run BVT @@ -675,7 +706,7 @@ icctest_openssl: iccpkg_tests: $(ICCPKG_TEST) unset MAKEOVERRIDES MAKELEVEL MAKEFILES; \ - $(MAKE) -C $(ICC_ROOT)/iccpkg tests + "$(MAKE)" -C $(ICC_ROOT)/iccpkg tests @echo $@ complete # not FIPS: @@ -709,18 +740,18 @@ build_all: gsk_wrap Build_OSSL_Complete SDK_TARGETS ICCPKG_SDK_HEADERS $(PQC_TAR # Build the performance test code for ICC $(ICC_PERF): $(ICCLIB_SDK) unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/iccspeed icc; + "$(MAKE)" -C $(ICC_ROOT)/iccspeed icc; $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/icc_thread$(EXESUFX) $(ICC_PERF) icc_test: if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/icc_test all ; \ + "$(MAKE)" -C $(ICC_ROOT)/icc_test all ; \ fi $(ICCPKG_TEST): $(ICCLIB_SDK) PKCS11 unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/iccpkg all + "$(MAKE)" -C $(ICC_ROOT)/iccpkg all # note from icc_defs.mk # ..._EXTRAS = PKCS11 PKCS11_PERF @@ -731,7 +762,7 @@ $(ICCPKG_TEST): $(ICCLIB_SDK) PKCS11 PKCS11_PERF: $(ICCLIB_SDK) PKCS11 if [ -d $(ICC_ROOT)/pkcs11/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/iccspeed pkcs11 ; \ + "$(MAKE)" -C $(ICC_ROOT)/iccspeed pkcs11 ; \ $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/pkcs11_thread$(EXESUFX) $(SDK_DIR)/ ; \ fi @@ -749,7 +780,7 @@ create_pkcs11: $(ICC_ROOT)/pkcs11 PKCS11: $(ICCLIB_SDK) if [ -d $(ICC_ROOT)/pkcs11/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/pk11/ all ; \ + "$(MAKE)" -C $(ICC_ROOT)/pk11/ all ; \ fi; @@ -771,7 +802,7 @@ clean_openssl: -$(CLEAN_OSSL) -$(RM) tmp/tmp/* -$(RM) tmp/*$(OBJSUFX) tmp/dummyfile - -$(RM) Build_OSSL_Complete + if [ -e Build_OSSL_Complete ] ; then rm Build_OSSL_Complete ; fi #- Clean just ICC @@ -798,7 +829,7 @@ clean_icc: clean_icc_test: if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/icc_test clean ; \ + "$(MAKE)" -C $(ICC_ROOT)/icc_test clean ; \ fi # tools has no Makefile @@ -808,19 +839,19 @@ clean_tools: clean_perf: if [ -d $(ICC_ROOT)/iccspeed/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/iccspeed clean ; \ + "$(MAKE)" -C $(ICC_ROOT)/iccspeed clean ; \ fi clean_pkcs11: if [ -d $(ICC_ROOT)/pk11/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/pk11 clean ; \ + "$(MAKE)" -C $(ICC_ROOT)/pk11 clean ; \ fi clean_iccpkg: if [ -d $(ICC_ROOT)/iccpkg/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) -C $(ICC_ROOT)/iccpkg clean ; \ + "$(MAKE)" -C $(ICC_ROOT)/iccpkg clean ; \ fi #- Clean out everything including the autogenerated files @@ -914,7 +945,10 @@ tmp/tmp/dummyfile: Build_OSSL_Complete tmp/dummyfile # this is target for icclib085 shared library (icclib084 if FIPS) # the target for the step library is in iccpkg/platforms/* -$(ICCDLL_NAME): Makefile $(PQC_TARGET) privkey.rsa icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile signer$(EXESUFX) tracer.h extsig.h $(GSK_SDK) $(ICC_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(ARGON) +$(GSK_SDK)/unstripped : $(GSK_SDK) + $(MKDIR) $@ + +$(ICCDLL_NAME): Makefile $(PQC_TARGET) privkey.rsa icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile signer$(EXESUFX) $(GSK_SDK)/unstripped $(ICC_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(ARGON) $(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE) icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \ $(ARGON) tmp/tmp/*$(OBJSUFX) $(LDLIBS) $(PQCLIBS) #- Unstripped goes into NOSHIP and sdk @@ -925,7 +959,8 @@ ifeq ($(findstring WIN, $(OPSYS)), WIN) $(CP) $@ $(GSK_SDK)/ else $(CP) $@ $(NOSHIP_ICC_RTE_DIR)/$@.unstripped - $(CP) $@ $(GSK_SDK)/$@.unstripped + $(CP) $@ $(GSK_SDK)/unstripped + $(CP) ICCSIG.txt $(GSK_SDK)/unstripped $(STRIP) $@ endif #- Regular lib @@ -1180,7 +1215,7 @@ $(MYICC)$(OBJSUFX): $(MYICC).c icc_a.c icc.h icc_a.h platform.h iccversion.h $(CC) $(CFLAGS) $(SDKFLAGS) -I./ -I$(OSSLINC_DIR) -I$(OSSL_DIR) $(MYICC).c $(OUT)$@ # Notes: -# ICCLIB is the ICC module static library +# ICCLIB is the ICC module static library (defined locally) # This icctest is different from iccpkg/icctest which links to the step library # icc_test/Makefile looks for ICCTEST_BUILT as a pre-req to running tests diff --git a/icc/SP800_108/SP800-108.h b/icc/SP800_108/SP800-108.h index 0a03649..edf890d 100644 --- a/icc/SP800_108/SP800-108.h +++ b/icc/SP800_108/SP800-108.h @@ -11,6 +11,7 @@ // *************************************************************************/ + #if !defined(SP800_108_H) #define SP800_108_H diff --git a/icc/TRNG/ICC_NRBG.c b/icc/TRNG/ICC_NRBG.c index f9e07be..68dc962 100644 --- a/icc/TRNG/ICC_NRBG.c +++ b/icc/TRNG/ICC_NRBG.c @@ -435,7 +435,7 @@ TRNG_TYPE GetDefaultTrng() if (TRNG_FIPS != global_trng_type) { if (ALT4_Avail()) { MARK("Found, switching to TRNG_HW", ""); - global_trng_type = TRNG_HW; + global_trng_type = TRNG_HW; } else { MARK("TRNG_HW not available, remaining with", TRNG_ARRAY[global_trng_type].name); } @@ -444,8 +444,8 @@ TRNG_TYPE GetDefaultTrng() } } else { MARK("User TRNG set, remaining with", TRNG_ARRAY[global_trng_type].name); - } - global_trng_type_attempted_upgrade = 1; + } + global_trng_type_attempted_upgrade = 1; } #else /*x86_64, power */ diff --git a/icc/TRNG/Makefile b/icc/TRNG/Makefile index e3e45aa..03ec421 100644 --- a/icc/TRNG/Makefile +++ b/icc/TRNG/Makefile @@ -1,9 +1,9 @@ # -# * Copyright IBM Corp. 2023 -# * -# * Licensed under the Apache License 2.0 (the "License"). You may not use -# * this file except in compliance with the License. You can obtain a copy -# * in the file LICENSE in the source distribution. +# Copyright IBM Corp. 2023 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution. # #****************************************************************************** diff --git a/icc/TRNG/TRNG_ALT.c b/icc/TRNG/TRNG_ALT.c index b0b2b6d..6cdc95d 100644 --- a/icc/TRNG/TRNG_ALT.c +++ b/icc/TRNG/TRNG_ALT.c @@ -97,7 +97,7 @@ static int alt_read(unsigned char *buffer,int n) if(!BCRYPT_SUCCESS(status)) { rv = TRNG_REQ_SIZE; /* One of the parameters was likely not correct, or bad provider */ } - } + } #endif break; default: @@ -139,7 +139,7 @@ TRNG_ERRORS ALT_Init(E_SOURCE *E, unsigned char *pers, int perl) } else { rv = TRNG_INIT; /*error*/ } - } + } #else /* On Unix .... */ fd_alt = open("/dev/urandom",O_RDONLY); @@ -218,9 +218,9 @@ void ALT_Final() hProvider = 0; } #else - if(fd_alt >= 0) { + if(fd_alt >= 0) { close(fd_alt); fd_alt = -1; - } -#endif + } +#endif } diff --git a/icc/TRNG/personalise.h b/icc/TRNG/personalise.h index b80ce6c..7a24ba8 100644 --- a/icc/TRNG/personalise.h +++ b/icc/TRNG/personalise.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ #if !defined(PERSONALISE_H) diff --git a/icc/TRNG/timer_fips.c b/icc/TRNG/timer_fips.c index 769e054..2102ac7 100644 --- a/icc/TRNG/timer_fips.c +++ b/icc/TRNG/timer_fips.c @@ -384,8 +384,8 @@ int FIPS_getbytes(E_SOURCE *E, unsigned char *buffer, int len) /* Try and construct a byte of data from what was captured */ buffer[count] = c; count++; - proc_mem(TF,c); - } + proc_mem(TF,c); + } } if(count == E_ESTB_BUFLEN) { /*! \induced 222. TRNG_FIPS. Fake failure of TRNG source */ diff --git a/icc/asm/aix32/rng-ppc.s b/icc/asm/aix32/rng-ppc.s index 19c0ae8..e81461e 100644 --- a/icc/asm/aix32/rng-ppc.s +++ b/icc/asm/aix32/rng-ppc.s @@ -1,8 +1,8 @@ #;-*- asm -*------------------------------------------------------------ #; Copyright IBM Corp. 2023 #; -#; Licensed under the Apache License 2.0 (the "License").  You may not use -#; this file except in compliance with the License.  You can obtain a copy +#; Licensed under the Apache License 2.0 (the "License"). You may not use +#; this file except in compliance with the License. You can obtain a copy #; in the file LICENSE in the source distribution. #;----------------------------------------------------------------:-)--- diff --git a/icc/extsig.c b/icc/extsig.c index e9fb21f..e26db41 100644 --- a/icc/extsig.c +++ b/icc/extsig.c @@ -74,7 +74,6 @@ Equivalent environment variable (none) #include "openssl/evp.h" #include "openssl/rsa.h" - #include "extsig.h" #include "iccversion.h" # if !defined(STANDALONE) @@ -150,7 +149,6 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx, const EVP_MD *md) { size_t len = 0; long amt = 0; - int rc = 0; if (NULL != fin) { if (0 == pos) { @@ -159,10 +157,7 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx, } fseek(fin, 0, SEEK_SET); EVP_MD_CTX_cleanup(md_ctx); - rc = EVP_DigestInit(md_ctx, md); - if (1 != rc) { - printf("HashCore:EVP_DigestInit failed %d\n", rc); - } + EVP_DigestInit(md_ctx, md); /* Work out how much to read */ while (pos > 0) { amt = sizeof(fbuf); @@ -171,14 +166,14 @@ static long HashCore(FILE *fin, long pos, EVP_MD_CTX *md_ctx, } len = fread(fbuf, 1, amt, fin); if (len > 0) { + int rc = 0; rc = EVP_DigestUpdate(md_ctx, fbuf, len); - if (1 != rc) { - printf("HashCore:EVP_DigestUpdate failed %d\n", rc); + if (rc <= 0) { + return -1; } pos -= (long)len; } else { - printf("HashCore:fread failed\n"); - break; + break; } } } @@ -210,14 +205,26 @@ static int GenHash(FILE *fin, unsigned char *hashout, long pos) { md = EVP_get_digestbyname("SHA256"); if (NULL != md_ctx && NULL != md) { pos = HashCore(fin, pos, md_ctx, md); - /* printf("Unread %ld\n",pos); */ + if (pos > 0) { + printf("Error: GenHash: HashCore: Unread %ld\n", pos); + return 0; + } + else if (pos < 0) { + printf("Error: GenHash: HashCore\n"); + return 0; + } evpRC = EVP_DigestFinal(md_ctx, hashout, &signL); if (1 != evpRC) { signL = 0; + printf("Error: GenHash: failed: EVP_DigestFinal %d\n", evpRC); } EVP_MD_CTX_cleanup(md_ctx); EVP_MD_CTX_free(md_ctx); } + else { + const char* x = md_ctx ? "md" : "md_ctx"; + printf("Error: GenHash: failed: EVP_get_digestbyname %s\n", x); + } } return (int)signL; } @@ -626,24 +633,31 @@ static int GenSig(FILE *fin, unsigned char *sigout, EVP_PKEY *key, long pos) { md_ctx = EVP_MD_CTX_new(); md = EVP_get_digestbyname("SHA256"); if (NULL != md_ctx && NULL != md) { - HashCore(fin, pos, md_ctx, md); + long unread = HashCore(fin, pos, md_ctx, md); + if (unread > 0) { + printf("Error: GenSig: HashCore: Unread %ld\n", unread); + return 0; + } + else if (unread < 0) { + printf("Error: GenSig: HashCore\n"); + return 0; + } evpRC = EVP_SignFinal(md_ctx, sigout, &signL, key); if (1 != evpRC) { - printf("GenSig: EVP_SignFinal error %d\n", evpRC); + printf("failed: GenSig: EVP_SignFinal %d\n", evpRC); signL = 0; } EVP_MD_CTX_free(md_ctx); } else { - printf("GenSig: EVP error\n"); + const char* x = md_ctx ? "md" : "md_ctx"; + printf("failed: GenSig: EVP_get_digestbyname %s\n", x); } fseek(fin, pos, SEEK_SET); } - else { - printf("GenSig: fin error\n"); - } return (int)signL; } + static void usage(char *pname, char *str) { printf("usage:\t %s sigfile keyfile [-v(erify)] [-SELF] [-FILE file] " "[\"X=Y\"] ...[\"Z=K\"]\n", @@ -701,9 +715,9 @@ int main(int argc, char *argv[]) { { int rc = 0; rc = OPENSSL_init_crypto( - OPENSSL_INIT_NO_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | - OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_ADD_ALL_CIPHERS, - NULL); + OPENSSL_INIT_NO_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_ADD_ALL_CIPHERS, + NULL); if (rc != 1) { usage("OpenSSL", "OPENSSL_init_crypto"); exit(1); @@ -802,7 +816,7 @@ int main(int argc, char *argv[]) { /* At this point, we should have everything, start pushing it out */ fprintf(sigf, "# IBM Crypto for C.%s", EOL); fprintf(sigf, "# ICC Version %d.%d.%d.%d%s", ICC_VERSION_VER, - ICC_VERSION_REL, ICC_VERSION_MOD, ICC_VERSION_FIX, EOL); + ICC_VERSION_REL, ICC_VERSION_MOD, ICC_VERSION_FIX, EOL); fprintf(sigf, "#%s# Note the signed library contains a copy of cryptographic " "code from OpenSSL (www.openssl.org),%s", @@ -876,13 +890,13 @@ int main(int argc, char *argv[]) { } fflush(sigf); fprintf(sigf, "%s#Do not edit before this line%s#", EOL, EOL); + fprintf(sigf, "%s# Global Settings%s", EOL, EOL); if (NULL != tweaks[0]) { - fprintf(sigf, "%s# Global Settings%s", EOL, EOL); for (i = 0; NULL != tweaks[i]; i++) { fprintf(sigf, "%s%s", tweaks[i], EOL); } - fprintf(sigf, "#%s", EOL); } + fprintf(sigf, "#%s", EOL); } fseek(sigf, 0, SEEK_SET); fseek(bfile, 0, SEEK_SET); @@ -906,13 +920,9 @@ int main(int argc, char *argv[]) { } for (i = 0; i < MAXTWEAKS; i++) { - if (NULL != tweaks[i]) { - free(tweaks[i]); - } else { - break; - } + free(tweaks[i]); } - printf("%d config items found\n", ReadConfigItems(sigf, tweaks, 20)); + printf("%d config items found\n", ReadConfigItems(sigf, tweaks, MAXTWEAKS)); fclose(sigf); fclose(bfile); @@ -923,11 +933,7 @@ int main(int argc, char *argv[]) { } for (i = 0; i < MAXTWEAKS; i++) { - if (NULL != tweaks[i]) { - free(tweaks[i]); - } else { - break; - } + free(tweaks[i]); } OPENSSL_cleanup(); return 0; diff --git a/icc/fips.c b/icc/fips.c index 508e0d1..e5e4e59 100644 --- a/icc/fips.c +++ b/icc/fips.c @@ -1,6 +1,6 @@ /************************************************************************* // Copyright IBM Corp. 2025 -// +// // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. @@ -10,7 +10,7 @@ // Description: // The functions contained within implement operations to conform // to the FIPS 140-3 startup and self test for a cryptographic -// module. +// module. // *************************************************************************/ @@ -525,21 +525,21 @@ static const unsigned char RSA_key[] = 0x59, 0x33, 0xA7, 0xE9, 0x72, 0x9D, 0x7E, 0xC1}; static const unsigned char RSA_PKCS_sig[] = { - 0xAB, 0xBC, 0x2A, 0x22, 0xA1, 0xD1, 0xFC, 0x5D, 0x66, 0xB4, 0x4B, 0x42, 0xC8, 0xE2, 0x63, 0xE6, - 0xE8, 0x3D, 0x33, 0xB9, 0x0A, 0xDF, 0xA3, 0x38, 0x8B, 0x7C, 0x64, 0x0E, 0x34, 0x41, 0x60, 0xCB, - 0x37, 0xBC, 0xB0, 0xB4, 0x0D, 0x15, 0x2D, 0x5B, 0x09, 0xEB, 0x7F, 0xD9, 0x6C, 0x70, 0x0B, 0xCE, - 0x62, 0x13, 0x3A, 0xA0, 0x7C, 0x36, 0x7C, 0x48, 0xC4, 0x64, 0x38, 0xA4, 0x98, 0x83, 0x1B, 0x3C, - 0xA0, 0x79, 0x11, 0xC4, 0x3A, 0xE1, 0x54, 0xD2, 0xD8, 0xF8, 0xF7, 0x95, 0x2D, 0x29, 0xA8, 0x98, - 0x1B, 0x56, 0x89, 0x2E, 0xAE, 0x41, 0x06, 0x2C, 0xFD, 0x6F, 0xA0, 0x05, 0xA5, 0xCE, 0xD5, 0xC3, - 0xCB, 0xC4, 0xA1, 0x4F, 0x85, 0xA8, 0xA9, 0xF3, 0x45, 0x1E, 0x28, 0xCA, 0x1D, 0xCA, 0xFF, 0x81, - 0xEE, 0x02, 0x2E, 0x82, 0xBD, 0x8F, 0x6E, 0x55, 0x23, 0x04, 0x01, 0x1E, 0xCA, 0x86, 0xC6, 0x55, - 0x06, 0xEC, 0x44, 0x91, 0x42, 0x35, 0x74, 0xBF, 0x6E, 0x95, 0x25, 0xEF, 0x53, 0xD5, 0x0C, 0x7A, - 0xC5, 0x92, 0x31, 0xB5, 0xC3, 0x70, 0xF8, 0x55, 0x91, 0x29, 0xA6, 0xBA, 0x83, 0x5B, 0x34, 0x33, - 0x9E, 0x26, 0x2E, 0x51, 0x15, 0x74, 0x95, 0x2B, 0x5E, 0xBF, 0xDA, 0x86, 0x10, 0xC1, 0xAA, 0x7B, - 0x8C, 0xBF, 0xFA, 0x63, 0x2D, 0xFA, 0x4D, 0x6C, 0x17, 0x0C, 0x13, 0xCF, 0x08, 0xB8, 0x81, 0x7C, - 0x7C, 0x5E, 0x96, 0xF1, 0x3D, 0x72, 0x82, 0xD8, 0xB4, 0x30, 0xCA, 0x58, 0x9A, 0x54, 0x48, 0x1E, - 0x2C, 0x2D, 0x15, 0x1A, 0x4F, 0xB3, 0x22, 0xB3, 0x89, 0xD1, 0xDE, 0x32, 0x97, 0x51, 0xAB, 0x28, - 0xF7, 0x6E, 0x37, 0xD1, 0xCE, 0x39, 0x53, 0xDA, 0x3D, 0x0E, 0x10, 0x56, 0x05, 0x02, 0x5B, 0xA3, + 0xAB,0xBC,0x2A,0x22,0xA1,0xD1,0xFC,0x5D,0x66,0xB4,0x4B,0x42,0xC8,0xE2,0x63,0xE6, + 0xE8,0x3D,0x33,0xB9,0x0A,0xDF,0xA3,0x38,0x8B,0x7C,0x64,0x0E,0x34,0x41,0x60,0xCB, + 0x37,0xBC,0xB0,0xB4,0x0D,0x15,0x2D,0x5B,0x09,0xEB,0x7F,0xD9,0x6C,0x70,0x0B,0xCE, + 0x62,0x13,0x3A,0xA0,0x7C,0x36,0x7C,0x48,0xC4,0x64,0x38,0xA4,0x98,0x83,0x1B,0x3C, + 0xA0,0x79,0x11,0xC4,0x3A,0xE1,0x54,0xD2,0xD8,0xF8,0xF7,0x95,0x2D,0x29,0xA8,0x98, + 0x1B,0x56,0x89,0x2E,0xAE,0x41,0x06,0x2C,0xFD,0x6F,0xA0,0x05,0xA5,0xCE,0xD5,0xC3, + 0xCB,0xC4,0xA1,0x4F,0x85,0xA8,0xA9,0xF3,0x45,0x1E,0x28,0xCA,0x1D,0xCA,0xFF,0x81, + 0xEE,0x02,0x2E,0x82,0xBD,0x8F,0x6E,0x55,0x23,0x04,0x01,0x1E,0xCA,0x86,0xC6,0x55, + 0x06,0xEC,0x44,0x91,0x42,0x35,0x74,0xBF,0x6E,0x95,0x25,0xEF,0x53,0xD5,0x0C,0x7A, + 0xC5,0x92,0x31,0xB5,0xC3,0x70,0xF8,0x55,0x91,0x29,0xA6,0xBA,0x83,0x5B,0x34,0x33, + 0x9E,0x26,0x2E,0x51,0x15,0x74,0x95,0x2B,0x5E,0xBF,0xDA,0x86,0x10,0xC1,0xAA,0x7B, + 0x8C,0xBF,0xFA,0x63,0x2D,0xFA,0x4D,0x6C,0x17,0x0C,0x13,0xCF,0x08,0xB8,0x81,0x7C, + 0x7C,0x5E,0x96,0xF1,0x3D,0x72,0x82,0xD8,0xB4,0x30,0xCA,0x58,0x9A,0x54,0x48,0x1E, + 0x2C,0x2D,0x15,0x1A,0x4F,0xB3,0x22,0xB3,0x89,0xD1,0xDE,0x32,0x97,0x51,0xAB,0x28, + 0xF7,0x6E,0x37,0xD1,0xCE,0x39,0x53,0xDA,0x3D,0x0E,0x10,0x56,0x05,0x02,0x5B,0xA3, 0xFE,0xA1,0x0E,0xF7,0x15,0x68,0x28,0x73,0xBB,0x20,0xA0,0xA2,0x33,0x30,0x8F,0x0C, }; static const unsigned char RSA_PSS_sig[] = { @@ -4148,23 +4148,23 @@ static int DoVeryBrokenTests(ICClib *pcb, ICC_STATUS *stat) #if defined(KNOWN) printf("\nKnown answers with a broken RNG\n\n"); + printf("RSA PKCS1.5\n"); + iccGenerateRSASig(stat,RSA_key,sizeof(RSA_key),RSA_PKCS1_PADDING); + printf("RSA-PSS\n"); + iccGenerateRSASig(stat,RSA_key,sizeof(RSA_key),RSA_PKCS1_PSS_PADDING); printf("EC_key_P384\n"); iccGenerateECDSASig(stat,EC_key_P384,sizeof(EC_key_P384),0,"P-384"); printf("EC_key_B233\n"); iccGenerateECDSASig(stat,EC_key_B233,sizeof(EC_key_B233),0,"B-233"); printf("EC_key_K233\n"); iccGenerateECDSASig(stat,EC_key_K233,sizeof(EC_key_K233),0,"K-233"); - printf("EC_key_X448\n"); - iccGenerateECDSASig(stat,EC_key_X448,sizeof(EC_key_X448),0,"X448"); - printf("EC_key_X25519\n"); - iccGenerateECDSASig(stat,EC_key_X25519,sizeof(EC_key_X448),0,"X25519"); + // printf("EC_key_X448\n"); + // iccGenerateECDSASig(stat,EC_key_X448,sizeof(EC_key_X448),0,"X448"); + // printf("EC_key_X25519\n"); + // iccGenerateECDSASig(stat,EC_key_X25519,sizeof(EC_key_X448),0,"X25519"); printf("DSA_key\n"); iccGenerateDSASig(stat,DSA_key,sizeof(DSA_key)); - /* - printf("RSA_key, PSS, SHA256\n"); - iccGenerateRSASig(stat,RSA_key,sizeof(RSA_key),RSA_PKCS1_PSS_PADDING); - */ printf("\nEnd known answers with a broken RNG\n\n"); #endif diff --git a/icc/functions.txt b/icc/functions.txt index 6907357..6c3ceec 100644 --- a/icc/functions.txt +++ b/icc/functions.txt @@ -13,9 +13,9 @@ #; #; #; -#Comments start with an # and end with an ; -#In fact, all statements must end with an ; -# AND NO TABS ; +# Comments start with an # and end with an ; +# In fact, all statements must end with an ; +# And no tabs ; #; # Namespacing; #; @@ -2119,16 +2119,16 @@ OPENSSLPREFIX=; #! @note All the aad wanted must be supplied before any data is supplied, but both aad and data can; #! be supplied in segments; -0abcdE int AES_GCM_EncryptUpdate(AES_GCM_CTX *aes_gcm_ctx,unsigned char *aad, unsigned long aadlen,unsigned char *data,unsigned long datalen,unsigned char *out, unsigned long *outlen); +0abcdE int AES_GCM_EncryptUpdate(AES_GCM_CTX *aes_gcm_ctx,const unsigned char *aad, unsigned long aadlen, const unsigned char *data, unsigned long datalen, unsigned char *out, unsigned long *outlen); #; -#! @brief Update phase of a AES_GCM encrypt operation; +#! @brief Update phase of a AES_GCM Decrypt operation; #! @param aes_gcm_ctx a pointer to a AES_GCM_CTX; #! @param aad a pointer to Additional Authentication Data to hash; #! @param aadlen the length of the aad 0 <= aadlen <= 2^56 bytes TOTAL - not per call; -#! @param data a pointer to the data to encrypt and hash ; +#! @param data a pointer to the ciphertext data to decrypt and authenticate ; #! @param datalen the length of the data 0 <= datalen <= 2^56 bytes TOTAL - not per call ; -#! @param out a pointer to a place to hold up to one block of residual data from the previous update ; +#! @param out a pointer to a buffer to receive decrypted plaintext. May contain up to one block of residual data from the previous update ; #! @param outlen a place to store the length of any returned data ; #! @return ICC_OSSL_SUCCESS on success, ICC_FAILURE on failure; #! @note blocked/aligned data will be more efficient, but this will; @@ -2136,7 +2136,7 @@ OPENSSLPREFIX=; #! @note All the aad wanted must be supplied before any data is supplied, but both aad and data can; #! be supplied in segments; -0abcdE int AES_GCM_DecryptUpdate(AES_GCM_CTX *aes_gcm_ctx,unsigned char *aad, unsigned long aadlen,unsigned char *data,unsigned long datalen,unsigned char *out, unsigned long *outlen); +0abcdE int AES_GCM_DecryptUpdate(AES_GCM_CTX *aes_gcm_ctx, const unsigned char *aad, unsigned long aadlen, const unsigned char *data, unsigned long datalen, unsigned char *out, unsigned long *outlen); #; #! @brief Finish a AES_GCM encrypt operation and return any remaining ciphertext and the auth tag; @@ -2216,7 +2216,7 @@ OPENSSLPREFIX=; #! @note AES_CCM is (by specification and design) a one shot algorithm; #! you have to feed everything into this one call; -0abcdEP int AES_CCM_Encrypt(unsigned char *nonce,unsigned int nlen, unsigned char *key,unsigned int keylen,unsigned char *aad, unsigned long aadlen,unsigned char *data,unsigned long datalen,unsigned char *out, unsigned long *outlen,unsigned int taglen); +0abcdEP int AES_CCM_Encrypt(const unsigned char *nonce,unsigned int nlen, const unsigned char *key,unsigned int keylen,const unsigned char *aad, unsigned long aadlen,const unsigned char *data,unsigned long datalen,unsigned char *out, unsigned long *outlen,unsigned int taglen); #; #! @brief Perform an AES CCM Decrypt operation,; @@ -2246,7 +2246,7 @@ OPENSSLPREFIX=; #! @note datalen in this call INCLUDES the length of the tag generated ; #! by the corresponding Encrypt call; -0abcdEP int AES_CCM_Decrypt(unsigned char *nonce,unsigned int nlen,unsigned char *key, unsigned int keylen, unsigned char *aad, unsigned long aadlen, unsigned char *data, unsigned long datalen, unsigned char *out, unsigned long *outlen, unsigned int taglen); +0abcdEP int AES_CCM_Decrypt(const unsigned char *nonce,unsigned int nlen,const unsigned char *key, unsigned int keylen, const unsigned char *aad, unsigned long aadlen, const unsigned char *data, unsigned long datalen, unsigned char *out, unsigned long *outlen, unsigned int taglen); #; #! @brief Get an ICC RNG handle; diff --git a/icc/getnmi.h b/icc/getnmi.h index 155ce4c..d4a71cb 100644 --- a/icc/getnmi.h +++ b/icc/getnmi.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/icc.c b/icc/icc.c index baa70e3..19e53c6 100644 --- a/icc/icc.c +++ b/icc/icc.c @@ -54,7 +54,11 @@ const char ICC_SCCSInfo[] = "@(#) restricted by GSA ADP Schedule Contract with IBM Corp.\n" "@(#)ProductName: " ICC_PRODUCT_NAME "\n" "@(#)ProductVersion: " ICC_PRODUCT_VERSION "\n" - }; + "@(#)GIT_BRANCH: " ICC_GIT_BRANCH "\n" + "@(#)GIT_HASH : " ICC_GIT_HASH "\n" + "@(#)OCKC_BRANCH: " OCKC_GIT_BRANCH "\n" + "@(#)OCKC_HASH : " OCKC_GIT_HASH "\n" +}; /*#define DEBUG_VERBOSE @@ -447,7 +451,7 @@ ICC_CTX *ICC_Init(ICC_STATUS *status, const char *iccpath) { } /* No sucessful initializations so far ? */ if (NULL == ICCGlobal.hICCLib) { - /* Fallback code, some ICC consumers move ICC as part of + /* Fallback code, some ICC consumers move ICC as part of installing copies of the software in non-default locations. For this to work, LD_LIBRARY_PATH or the equivalent must be set so we traverse this to build a fallback search path for the ICC diff --git a/icc/icc.h b/icc/icc.h index 9d81f71..0483f30 100644 --- a/icc/icc.h +++ b/icc/icc.h @@ -286,7 +286,7 @@ typedef struct ICC_EVP_KDF_t ICC_EVP_KDF; typedef struct ICC_EVP_KDF_CTX_t ICC_EVP_KDF_CTX; /* Include autogenerated API prototypes/defines */ -#include "icc_a.h" +#include #ifdef __cplusplus } diff --git a/icc/icc_curr_version b/icc/icc_curr_version index 6e657d9..b4ef315 100644 --- a/icc/icc_curr_version +++ b/icc/icc_curr_version @@ -1 +1 @@ -8.9.11 +8.9.14 diff --git a/icc/icc_defs.mk b/icc/icc_defs.mk index 347a324..52f3358 100644 --- a/icc/icc_defs.mk +++ b/icc/icc_defs.mk @@ -130,6 +130,17 @@ LINUX_PQCINC=$(PQCINC_$(PQC)) LINUX_PQC_CREATE=$(PQC_CREATE_$(PQC)) LINUX_PQC_TARGET=$(PQC_TARGET_$(PQC)) +IA64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +IA64_LINUX_PQCINC=$(LINUX_PQCINC) +IA64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +IA64_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +# GSKit releases AIX 32 bit so need PQC there +AIX_PQCLIBS=$(LINUX_PQCLIBS) +AIX_PQCINC=$(LINUX_PQCINC) +AIX_PQC_CREATE=$(LINUX_PQC_CREATE) +AIX_PQC_TARGET=$(LINUX_PQC_TARGET) + AIX64_PQCLIBS=$(LINUX_PQCLIBS) AIX64_PQCINC=$(LINUX_PQCINC) AIX64_PQC_CREATE=$(LINUX_PQC_CREATE) @@ -140,6 +151,11 @@ AMD64_LINUX_PQCINC=$(LINUX_PQCINC) AMD64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) AMD64_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) +ARM_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +ARM_LINUX_PQCINC=$(LINUX_PQCINC) +ARM_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +ARM_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + ARM64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) ARM64_LINUX_PQCINC=$(LINUX_PQCINC) ARM64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) @@ -150,6 +166,23 @@ OSX_ARM64_PQCINC=$(LINUX_PQCINC) OSX_ARM64_PQC_CREATE=$(LINUX_PQC_CREATE) OSX_ARM64_PQC_TARGET=$(LINUX_PQC_TARGET) +# Java needs this one +OSXV9_PQCLIBS=$(LINUX_PQCLIBS) +OSXV9_PQCINC=$(LINUX_PQCINC) +OSXV9_PQC_CREATE=$(LINUX_PQC_CREATE) +OSXV9_PQC_TARGET=$(LINUX_PQC_TARGET) + +# not building this one OSX_X86_64 +OSX_X86_64_PQCLIBS=$(LINUX_PQCLIBS) +OSX_X86_64_PQCINC=$(LINUX_PQCINC) +OSX_X86_64_PQC_CREATE=$(LINUX_PQC_CREATE) +OSX_X86_64_PQC_TARGET=$(LINUX_PQC_TARGET) + +PPC_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +PPC_LINUX_PQCINC=$(LINUX_PQCINC) +PPC_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +PPC_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + PPC64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) PPC64_LINUX_PQCINC=$(LINUX_PQCINC) PPC64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) @@ -163,6 +196,11 @@ PPC64LE_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) #WIN32_PQCLIBS=$(LINUX_PQCLIBS) #WIN32_PQCINC=$(LINUX_PQCINC) +WIN32_VS2013_PQCLIBS=$(LINUX_PQCLIBS) +WIN32_VS2013_PQCINC=$(LINUX_PQCINC) +WIN32_VS2013_PQC_CREATE=$(LINUX_PQC_CREATE) +WIN32_VS2013_PQC_TARGET=$(LINUX_PQC_TARGET) + WIN32_VS2022_PQCLIBS=$(LINUX_PQCLIBS) WIN32_VS2022_PQCINC=$(LINUX_PQCINC) WIN32_VS2022_PQC_CREATE=$(LINUX_PQC_CREATE) @@ -178,6 +216,11 @@ WIN64_VS2022_PQCINC=$(LINUX_PQCINC) WIN64_VS2022_PQC_CREATE=$(LINUX_PQC_CREATE) WIN64_VS2022_PQC_TARGET=$(LINUX_PQC_TARGET) +S390_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +S390_LINUX_PQCINC=$(LINUX_PQCINC) +S390_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +S390_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + S390X_LINUX_PQCLIBS=$(LINUX_PQCLIBS) S390X_LINUX_PQCINC=$(LINUX_PQCINC) S390X_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) @@ -236,7 +279,7 @@ WIN32_TEST_CMD = $(DEFAULT_TEST_CMD) WIN32_OPENSSL_TEST_CMD = echo openssl tests not run # This is actually used to build an rc file on Windows WIN32_ASMOBJS = icc.res -WIN32_EXTRAS = +WIN32_EXTRAS = WIN32_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb WIN32_MANIFESTS = @@ -289,7 +332,7 @@ WIN32_VS2013_TEST_CMD = $(WIN32_TEST_CMD) WIN32_VS2013_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD) # This is actually used to build an rc file on Windows WIN32_VS2013_ASMOBJS = icc.res -WIN32_VS2013_EXTRAS = +WIN32_VS2013_EXTRAS = $(WIN32_EXTRAS) WIN32_VS2013_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb WIN32_VS2013_MANIFESTS = @@ -576,8 +619,8 @@ OSX_X86_EXTRAS = $(OSX_EXTRAS) # Mac OS/X 10.5+ x86_64 cross compiled binary variant # OSX_X86_64_EXPORT_FLAG = $(OSX_EXPORT_FLAG) -OSX_X86_64_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) -OSX_X86_64_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) +OSX_X86_64_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) +OSX_X86_64_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSX_X86_64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_X86_64_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) OSX_X86_64_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) @@ -589,7 +632,7 @@ OSX_X86_64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(O OSX_X86_64_CLEAN_OSSL = $(OSX_CLEAN_OSSL) OSX_X86_64_TEST_CMD = $(OSX_TEST_CMD) OSX_X86_64_ASMMAK = $(OSX_ASMMAK) -OSX_X86_64_EXTRAS = $(OSX_EXTRAS) +OSX_X86_64_EXTRAS = $(OSX_EXTRAS) # @@ -617,8 +660,8 @@ OSX_FAT4_EXTRAS = $(OSX_EXTRAS) # Mac OS/X 10.5+ x86_64 cross compiled binary variant # OSXV9_EXPORT_FLAG = $(OSX_EXPORT_FLAG) -OSXV9_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) -OSXV9_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) +OSXV9_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) +OSXV9_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSXV9_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSXV9_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) OSXV9_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) @@ -630,7 +673,7 @@ OSXV9_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_F OSXV9_CLEAN_OSSL = $(OSX_CLEAN_OSSL) OSXV9_TEST_CMD = $(OSX_TEST_CMD) OSXV9_ASMMAK = $(OSX_ASMMAK) -OSXV9_EXTRAS = $(OSX_EXTRAS) +OSXV9_EXTRAS = $(OSX_EXTRAS) # # Mac M1 OS/X ARM64 diff --git a/icc/icc_minor_version.h b/icc/icc_minor_version.h index 4d9f7cb..4430774 100644 --- a/icc/icc_minor_version.h +++ b/icc/icc_minor_version.h @@ -1 +1 @@ -#define ICC_VERSION_MOD 11 +#define ICC_VERSION_MOD 14 diff --git a/icc/iccglobals.h b/icc/iccglobals.h index 523c53a..951f51e 100644 --- a/icc/iccglobals.h +++ b/icc/iccglobals.h @@ -219,6 +219,7 @@ typedef enum { /*Param names used in OSSL_PARAMS Scraped from Openssl v3 "core_names.h"*/ +#define ICC_OSSL_KDF_PARAM_ITER "iteration" #define ICC_OSSL_KDF_PARAM_THREADS "threads" #define ICC_OSSL_KDF_PARAM_ARGON2_LANES "lanes" #define ICC_OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost" @@ -645,8 +646,8 @@ typedef enum { Flags passed to the SP800-38F Key wrap/unwrap function */ #define ICC_KW_WRAP 1 /*!< If set key wrap, unset unwrap */ -#define ICC_KW_FORWARD_DECRYPT 2 /*!< If set wrap uses decrypt, if uset wrap uses encrypt. (recommend unset) */ -#define ICC_KW_PAD 4 /*!< If set we use the padded variant, if unset padded (and input data must be correctly blocked) */ +#define ICC_KW_FORWARD_DECRYPT 2 /*!< If set wrap uses decrypt, if unset wrap uses encrypt. (recommend unset) */ +#define ICC_KW_PAD 4 /*!< If set we use the padded variant, if unset padded (and input data must be correctly blocked) */ typedef enum { SP800_38F_PARAM = 0, /*!< Parameter error, invalid key length, invalid flags */ diff --git a/icc/icclib.c b/icc/icclib.c index d87a817..84a21b3 100644 --- a/icc/icclib.c +++ b/icc/icclib.c @@ -1,10 +1,10 @@ -/*************************************************************************/ -// Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution. -/*************************************************************************/ +/* + Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. +*/ /*************************************************************************/ // Description: Source for the icclib shared library @@ -71,6 +71,7 @@ static unsigned long global_d[10]; #pragma warning (disable : 4100) # define strdup(x) _strdup(x) # define stricmp(x,y) _stricmp(x,y) +# define strcasecmp _strcmpi #endif extern int ex_loops,ex_shift; @@ -219,7 +220,7 @@ static char *no_excluded_rngs = ""; */ -static int FIPS_init_flag = 0; +static int FIPS_init_flag = 0; extern char * FIPS_ERROR; @@ -435,7 +436,7 @@ static void EnvVars() } /*! \EnvVar ICC_TRNG - Sets the type of the TRNG used by default. - */ + */ tmp = getenv("ICC_TRNG"); @@ -989,7 +990,7 @@ int InternalIntegrityCheck(ICClib *pcb, ICC_STATUS *status, int partcheck) { rv = CheckSig(sigfile, self, rsakey, partcheck); /** \induced 154. Signature test, Signature test fails "unknown error" - basically a crypto. failure somewhere + basically a crypto. failure somewhere */ if (154 == icc_failure) { @@ -1093,7 +1094,7 @@ int GetStatus (ICClib * pcb, ICC_STATUS * status) */ void *lib_init (ICClib * pcb, ICC_STATUS * status, const char *iccpath, - const char *icclibhash, const char *cryptolibhash) + const char *icclibhash, const char *cryptolibhash) { /* * This is here only to keep agressive linkers from optimizing out our @@ -1202,7 +1203,7 @@ static int SetFIPSCallback(ICClib *pcb, const CALLBACK_T* callback) { int rv = 0; - if((NULL != pcb) && (NULL == pcb->callback) && (pcb->flags & ICC_FIPS_FLAG)) { + if ((NULL != pcb) && (NULL == pcb->callback) && (pcb->flags & ICC_FIPS_FLAG)) { pcb->callback = callback?*callback:NULL; rv = 1; } @@ -1215,7 +1216,7 @@ int SetTRACECallback(ICClib* pcb, const TRACE_CALLBACK_T* callback) int rv = 0; if (pcb) { pcb->trace_callback = callback?*callback:NULL; - rv = 1; + rv = 1; } return rv; } @@ -1229,7 +1230,7 @@ int SetTRACECallback(ICClib* pcb, const TRACE_CALLBACK_T* callback) @return ICC_OSSL_SUCCESS or ICC_FAILURE */ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, - const void *value) + const void *value) { int rv = ICC_OK; @@ -1237,7 +1238,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, if (status == NULL) { return ICC_FAILURE; } - SetStatusOK (NULL,status); /* Default */ + SetStatusOK (NULL,status); /* Default */ /* We'll allow the memory callbacks and PRNG to be set before we've initialized anything as that's the only place we can do it and get consistent malloc()/free() pairing This isn't offically documented anywhere !. @@ -1245,7 +1246,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, if(NULL == pcb) { rv = ICC_FAILURE; switch(valueID) { - case ICC_INDUCED_FAILURE: + case ICC_INDUCED_FAILURE: icc_failure = *(unsigned int *)value; rv = ICC_OK; break; @@ -1263,16 +1264,16 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, break; default: SetStatusLn (pcb,status, ICC_ERROR, ICC_INVALID_STATE, - (char *)"Attempted to set value while in locked state", - __FILE__,__LINE__); + (char *)"Attempted to set value while in locked state", + __FILE__,__LINE__); return ICC_FAILURE; break; } } if (value == NULL && (valueID == ICC_FIPS_APPROVED_MODE)) { SetStatusLn (pcb,status, ICC_ERROR, ICC_NULL_PARAMETER, - (char *)"Null parameters are not allowed for this ID", - __FILE__,__LINE__); + (char *)"Null parameters are not allowed for this ID", + __FILE__,__LINE__); return ICC_FAILURE; } switch (valueID) { @@ -1410,7 +1411,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, (char *)"The CPU capability mask must be set before POST", __FILE__, __LINE__); break; - case ICC_FIPS_CALLBACK: + case ICC_FIPS_CALLBACK: if (value == NULL) { SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, (char *)"Callback cannot be NULL", @@ -1419,13 +1420,13 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, } if( 0 == SetFIPSCallback(pcb, (const CALLBACK_T *)value) ) { - SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, - (char *)"Callbacks are only valid in FIPS mode and the callback can only be set once/ICC_CTX", - __FILE__, __LINE__); + SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, + (char *)"Callbacks are only valid in FIPS mode and the callback can only be set once/ICC_CTX", + __FILE__, __LINE__); break; - } + } - MARK("ICC_FIPS_CALLBACK set",""); + MARK("ICC_FIPS_CALLBACK set",""); break; case ICC_TRACE_CALLBACK: @@ -1467,7 +1468,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, */ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, - void *value, int valueLength) + void *value, int valueLength) { size_t tmp = 0; int rv = ICC_OK; @@ -1475,11 +1476,11 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, if (status == NULL || pcb == NULL) { return ICC_FAILURE; } - SetStatusOK (pcb,status); /* Default */ + SetStatusOK (pcb,status); /* Default */ if (value == NULL) { SetStatusLn (pcb,status, ICC_ERROR, ICC_NULL_PARAMETER, - (char *)"Null parameters are not allowed", - __FILE__,__LINE__); + (char *)"Null parameters are not allowed", + __FILE__,__LINE__); return ICC_FAILURE; } memset(value,0,valueLength); @@ -1506,8 +1507,8 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, if (valueLength < tmp) { SetStatusLn (pcb,status, ICC_ERROR, ICC_INVALID_PARAMETER, - (char *)"Value does not meet the minimum size requirement", - __FILE__,__LINE__); + (char *)"Value does not meet the minimum size requirement", + __FILE__,__LINE__); return ICC_FAILURE; } switch (valueID) { @@ -1521,8 +1522,8 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, case ICC_INSTALL_PATH: if (Global.iccpath[0] == '\0') { SetStatusLn (pcb,status, ICC_WARNING, ICC_VALUE_NOT_SET, - (char *)"Value has not been initialized", - __FILE__,__LINE__); + (char *)"Value has not been initialized", + __FILE__,__LINE__); } #if defined(_WIN32) if (Global.unicode) { @@ -1611,12 +1612,12 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, } if(valueLength < 17) { SetStatusLn (pcb,status, ICC_WARNING, ICC_INVALID_PARAMETER, - (char *)"Return field must be at least 17 bytes", - __FILE__,__LINE__); + (char *)"Return field must be at least 17 bytes", + __FILE__,__LINE__); } else { long long cpuid = 0; if( 0 != OPENSSL_cpuid(&cpuid) ) { - sprintf((char *)value,"%016llx",cpuid); + sprintf((char *)value,"%016llx",cpuid); } } MARK("ICC_CPU_CAPABILITY_MASK",(value != NULL)? (char *)value:""); @@ -1625,7 +1626,7 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, *(CALLBACK_T *)value = pcb->callback; MARK("ICC_FIPS_CALLBACK",""); break; - + case ICC_TRACE_CALLBACK: *(TRACE_CALLBACK_T*)value = pcb->trace_callback; MARK2("ICC_TRACE_CALLBACK", pcb->trace_callback?"set":"NULL"); @@ -1633,8 +1634,8 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, default: SetStatusLn (pcb,status, ICC_ERROR, ICC_UNSUPPORTED_VALUE_ID, - (char *)"Attempted to get an invalid value ID", - __FILE__,__LINE__); + (char *)"Attempted to get an invalid value ID", + __FILE__,__LINE__); rv = ICC_FAILURE; break; } @@ -1682,7 +1683,7 @@ static int iccSetUpRSAFIPS(ICC_STATUS *icc_stat) } if( (const RSA_METHOD *)FIPS_RSA_meth != RSA_get_default_method() ) { SetStatusLn(NULL,icc_stat,ICC_ERROR | ICC_FATAL,ICC_LIBRARY_VERIFICATION_FAILED, - "Failed to setup the FIPS compliant RSA key generator",__FILE__,__LINE__); + "Failed to setup the FIPS compliant RSA key generator",__FILE__,__LINE__); ret = ICC_FAILURE; MARK("Failed to setup FIPS RSA keygen",""); } @@ -1818,7 +1819,7 @@ int SelfTest (ICClib *pcb,ICC_STATUS * status) { int iccRC = ICC_OSSL_SUCCESS; - + MARK("SelfTest","iccDoKnownAnser"); /*! \FIPS call the known answer tests during POST */ iccDoKnownAnswer (pcb, status); @@ -2101,13 +2102,13 @@ int my_EVP_PKEY_encrypt(unsigned char *enc_key,unsigned char *key,int key_len,EV void GenerateRandomSeed(ICClib *pcb, ICC_STATUS *status,int num, unsigned char *buff) { if(NULL != status) { SetStatusOK(pcb,status); - } + } if(0 == my_GenerateRandomSeed(num,buff) ) { if(NULL != status) { SetStatusLn(pcb,status,ICC_ERROR,ICC_DISABLED,(char *)"RNG seed source failed",__FILE__,__LINE__); - } - } + } + } } static @@ -2332,16 +2333,16 @@ int my_RAND_bytes(unsigned char *buf,int n) /* included via icclib_a.c */ static int my_EVP_PKEY_decrypt_new(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) { + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { return EVP_PKEY_decrypt(ctx,out,outlen,in,inlen); } /* included via icclib_a.c */ static int my_EVP_PKEY_encrypt_new(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) { + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { return EVP_PKEY_encrypt(ctx,out,outlen,in,inlen); } @@ -2898,31 +2899,45 @@ static EVP_PKEY_ASN1_METHOD sphincs256f_sha2_pkey_asn1_meth; static int pqc_pub_encode(X509_PUBKEY* pubk, const EVP_PKEY* pkey) { - unsigned char* penc = NULL; - unsigned char* pp = NULL; - int penclen; - ASN1_STRING* str = NULL; - int strtype = V_ASN1_NULL; + int rc = 0; - /* no parameters */ -/* - if (!pqc_param_encode(pkey, &str, &strtype)) - return 0; -*/ - penclen = i2d_PQCPublicKey(pkey, NULL); - if (penclen <= 0) { - ASN1_STRING_free(str); + if (!pkey) return 0; - } - pp = penc = OPENSSL_malloc(penclen); - penclen = i2d_PQCPublicKey(pkey, &pp); - if (X509_PUBKEY_set0_param(pubk, OBJ_nid2obj(pkey->ameth->pkey_id), - strtype, str, penc, penclen)) - return 1; + { + int penclen; + unsigned char* penc; + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)pkey->pkey.ptr; + if (!pk) + return 0; - OPENSSL_free(penc); - ASN1_STRING_free(str); - return 0; + penclen = (int)pk->pkcLen; // i2d_PQCPublicKey(pkey, NULL); + if (penclen <= 0) { + return 0; + } + penc = ICC_Malloc(penclen, __FILE__, __LINE__); + if (!penc) { + return 0; + } + memcpy(penc, pk->pkc, penclen); + + { + ASN1_STRING* param = NULL; + int paramtype = V_ASN1_UNDEF; // V_ASN1_NULL; + + /* no parameters */ + /* + if (!pqc_param_encode(pkey, ¶m, ¶mtype)) + return 0; + */ + + if (X509_PUBKEY_set0_param(pubk, OBJ_nid2obj(pkey->ameth->pkey_id), + paramtype, param, penc, penclen)) { + rc = 1; + } + ASN1_STRING_free(param); + } + } + return rc; } static @@ -2932,58 +2947,150 @@ int pqc_pub_decode(EVP_PKEY* pkey, X509_PUBKEY* pubkey) int pklen = 0; ASN1_OBJECT* ppkalg = NULL; X509_ALGOR* alg = NULL; - - if (!X509_PUBKEY_get0_param(&ppkalg, &p, &pklen, &alg, pubkey)) + if (!pkey || !pubkey) { + return 0; + } + if (!X509_PUBKEY_get0_param(&ppkalg, &p, &pklen, &alg, pubkey)) { + return 0; + } + if (!pklen) { return 0; + } + /* + if (!d2i_PQCPublicKey(pkey, &p, pklen)) return 0; +*/ { - if (!d2i_PQCPublicKey(pkey, &p, pklen)) { - /* RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); */ + PQC_EVP_PKEY* pk = pkey->pkey.ptr; + if (!pk) { + pk = new_pqc_key(pkey->type); + if (!pk) { + return 0; + } + pkey->pkey.ptr = pk; + } + if (!p) { return 0; } + pk->pkcLen = pklen; + pk->pkc = ICC_Malloc(pklen, __FILE__, __LINE__); + if (!pk->pkc) + return 0; + memcpy(pk->pkc, p, pklen); } return 1; } +/* +* Ref: https://datatracker.ietf.org/doc/html/rfc5958 + + OneAsymmetricKey ::= SEQUENCE { + version Version, + privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + privateKey PrivateKey, + attributes [0] Attributes OPTIONAL, + ..., + [[2: publicKey [1] PublicKey OPTIONAL ]], + ... + } + + PrivateKey ::= OCTET STRING + + PublicKey ::= BIT STRING + +Example: +SEQUENCE { + INTEGER 0x01 (1 decimal) + SEQUENCE { + OBJECTIDENTIFIER 2.16.840.1.101.3.4.3.23 + } + OCTETSTRING 4bec3d8de3cfd1d5b57b789df95347011a9c30ebb8508fb220645d8b9a3caf6adf562fb635227d83265d8d1de73bb26e8d4f29189526801a8c7efdf8a1c1a478ed2674252b655f50996b3573922dfb6d1ab5157ea68a98d05a5684fd84ec0419 + [1] 008d4f29189526801a8c7efdf8a1c1a478ed2674252b655f50996b3573922dfb6d1ab5157ea68a98d05a5684fd84ec0419 +} +*/ + static int pqc_pri_encode(PKCS8_PRIV_KEY_INFO* p8, const EVP_PKEY* pkey) { - unsigned char* penc = NULL; - unsigned char* pp = NULL; - int penclen; - ASN1_STRING* str = NULL; - int strtype = V_ASN1_NULL; - int version = 0; - - /* no parameters */ - penclen = i2d_PQCPrivateKey(pkey, NULL); - if (penclen <= 0) { - ASN1_STRING_free(str); + int rc = 0; + + if (!pkey) return 0; - } - pp = penc = OPENSSL_malloc(penclen); - penclen = i2d_PQCPrivateKey(pkey, &pp); - if (PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), version, strtype, str, penc, penclen)) + else { - return 1; + int penclen; + unsigned char* penc; + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)pkey->pkey.ptr; + if (!pk) + return 0; + + penclen = (int)pk->skcLen; // i2d_PQCPrivateKey(pkey, NULL); + if (penclen <= 0) { + return 0; + } + penc = ICC_Malloc(penclen, __FILE__, __LINE__); + if (!penc) { + return 0; + } + memcpy(penc, pk->skc, penclen); + + /* dont know how to get a v2 with the public key also in there */ + { + ASN1_STRING* param = NULL; + /* algorithm parameters */ + int paramtype = V_ASN1_UNDEF; // V_ASN1_NULL; + /* PivateKeyInfo/OneAsymmetricKey version */ + int version = 0; /* OneAsymmetricKey = 1 (v2) */ + /* no algorithm parameters */ + /* + if (!pqc_param_encode(pkey, ¶m, ¶mtype)) + return 0; + */ + if (PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), version, paramtype, param, penc, penclen)) { + rc = 1; + } + ASN1_STRING_free(param); + } + // OPENSSL_free(penc); } - OPENSSL_free(penc); - ASN1_STRING_free(str); - return 0; + return rc; } static int pqc_pri_decode(EVP_PKEY* pkey, const PKCS8_PRIV_KEY_INFO* p8inf) { const unsigned char* p = NULL; int pklen = 0; + /* const ASN1_OBJECT* ppkalg = NULL; const X509_ALGOR* alg = NULL; + */ - if (!PKCS8_pkey_get0(&ppkalg, &p, &pklen, &alg, p8inf)) + if (!PKCS8_pkey_get0(NULL /*&ppkalg*/, &p, &pklen, NULL/*&alg*/, p8inf)) { return 0; - if (!d2i_PQCPrivateKey(pkey, &p, pklen)) { - /* RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); */ + } + if (!pklen) { return 0; } + /* + if (!d2i_PQCPrivateKey(pkey, &p, pklen)) return 0; + */ + { + PQC_EVP_PKEY* pk = pkey->pkey.ptr; + if (!pk) { + pk = new_pqc_key(pkey->type); + if (!pk) { + return 0; + } + pkey->pkey.ptr = pk; + } + if (!p) { + return 0; + } + pk->skcLen = pklen; + pk->skc = ICC_Malloc(pklen, __FILE__, __LINE__); + if (!pk->skc) + return 0; + memcpy(pk->skc, p, pklen); + } return 1; } @@ -3106,7 +3213,8 @@ int i2d_PQCPublicKey(const EVP_PKEY* pkey, unsigned char** pp) } static -int i2d_PQCPrivateKey(const EVP_PKEY* pkey, unsigned char** pp) +int +i2d_PQCPrivateKey(const EVP_PKEY* pkey, unsigned char** pp) { int len; @@ -3947,6 +4055,7 @@ struct s_noid noids[] = {"2.16.840.1.101.3.4.3.17", "ML_DSA_44", "ML_DSA_44-Dilithium", "Dilithium_512", ICC_SIG_alg_dilithium_2, &dilithium_pkey_meth, &dilithium_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.18", "ML_DSA_65", "ML_DSA_65-Dilithium", "Dilithium_768", ICC_SIG_alg_dilithium_3, &dilithium768_pkey_meth, &dilithium768_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.19", "ML_DSA_87", "ML_DSA_87-Dilithium", "Dilithium_1024", ICC_SIG_alg_dilithium_5, &dilithium1024_pkey_meth, &dilithium1024_pkey_asn1_meth}, +#if 1 {"2.16.840.1.101.3.4.3.20", "SLH_DSA_SHA2_128s", "SPHINCS_SHA2_128S", "Sphincs_sha2_128s", ICC_SIG_alg_sphincs_SHA2_128s_simple, &sphincs128s_sha2_pkey_meth, &sphincs128s_sha2_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.21", "SLH_DSA_SHA2_128f", "SPHINCS_SHA2_128F", "Sphincs_sha2_128f", ICC_SIG_alg_sphincs_SHA2_128f_simple, &sphincs128f_sha2_pkey_meth, &sphincs128f_sha2_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.22", "SLH_DSA_SHA2_192s", "SPHINCS_SHA2_192S", "Sphincs_sha2_192s", ICC_SIG_alg_sphincs_SHA2_192s_simple, &sphincs192s_sha2_pkey_meth, &sphincs192s_sha2_pkey_asn1_meth}, @@ -3959,6 +4068,9 @@ struct s_noid noids[] = {"2.16.840.1.101.3.4.3.29", "SLH_DSA_SHAKE_192f", "SPHINCS_SHAKE_192F", "Sphincs_shake_192f", ICC_SIG_alg_sphincs_SHAKE_192f_simple, &sphincs192f_shake_pkey_meth, &sphincs192f_shake_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.30", "SLH_DSA_SHAKE_256s", "SPHINCS_SHAKE_256S", "Sphincs_shake_256s", ICC_SIG_alg_sphincs_SHAKE_256s_simple, &sphincs256s_shake_pkey_meth, &sphincs256s_shake_pkey_asn1_meth}, {"2.16.840.1.101.3.4.3.31", "SLH_DSA_SHAKE_256f", "SPHINCS_SHAKE_256F", "Sphincs_shake_256f", ICC_SIG_alg_sphincs_SHAKE_256f_simple, &sphincs256f_shake_pkey_meth, &sphincs256f_shake_pkey_asn1_meth}, +#else + /* disabled while key gen issue being resolved.*/ +#endif #endif {NULL} }; @@ -4086,7 +4198,7 @@ int strcmpdashed(const char* a, const char* b) /* where a contains '_', b can be '_', '-' or ''*/ for (; *a || *b; a++) { - if (*a == *b) { + if (toupper(*a) == toupper(*b)) { b++; } else { @@ -4114,6 +4226,11 @@ const char* cvtalias(const char*a) if (!strcmp(ns->alias, a)) return ns->s; + /* Re Sphincs: Some implementations are capitalizing the final letter on the algorithm name. So, the 's' or 'f' are 'S' or 'F'.*/ + /* case insenitive match */ + if (!strcasecmp(ns->s, a)) + return ns->s; + /* name match with optional dashes */ if (!strcmpdashed(ns->s, a)) return ns->s; @@ -4334,20 +4451,21 @@ EVP_KDF_CTX* EVP_KDF_CTX_new(EVP_KDF *kdf) struct ICC_Argon2_params { + uint32_t iterations; uint32_t lanes; uint32_t threads; /* Not used in Argon2_hash explicitly but determined by lanes.*/ uint32_t memcost; char* password; char* salt; char* encoded; - size_t pwdLen; - size_t saltLen; + size_t pwdLen; + size_t saltLen; argon2_type mode; argon2_version version; /* possible values ARGON2_VERSION_10, ARGON2_VERSION_13*/ }; typedef struct ICC_Argon2_params Argon2_params; -/*scraped from openssl v3 filename: */ +/*scraped from openssl v3 filename: params.h*/ ICC_OSSL_PARAM* ossl_param_construct(const char* key, unsigned int data_type, void* data, size_t data_size) @@ -4410,7 +4528,10 @@ static int get_ossl_paramValues(Argon2_params* params, const ICC_OSSL_PARAM** os const ICC_OSSL_PARAM** pp = ossl_params; while ((*pp)->key != NULL) { const ICC_OSSL_PARAM* p = *pp; - if (strncmp(p->key, "lanes", sizeof("lanes")) == 0) { + if (strncmp(p->key, "iteration", sizeof("iteration")) == 0) { + params->iterations = *(uint32_t*)p->data; + } + else if (strncmp(p->key, "lanes", sizeof("lanes")) == 0) { params->lanes = *(uint32_t*)p->data; } else if (strncmp(p->key, "threads", sizeof("threads")) == 0) { @@ -4421,7 +4542,7 @@ static int get_ossl_paramValues(Argon2_params* params, const ICC_OSSL_PARAM** os } else if (strncmp(p->key, "pass", sizeof("pass")) == 0) { params->password = (char*)p->data; - params->pwdLen = p->data_size; + params->pwdLen = p->data_size; } else if (strncmp(p->key, "salt", sizeof("salt")) == 0) { params->salt = (char*)p->data; @@ -4461,12 +4582,12 @@ int EVP_KDF_derive(EVP_KDF_CTX* ctx, unsigned char* out, return 0; } - - size_t enclen = argon2_encodedlen(2 /*tc*/, params.memcost, params.threads, (uint32_t)params.saltLen, outlen, params.mode); + + size_t enclen = argon2_encodedlen(params.iterations, params.memcost, params.threads, (uint32_t)params.saltLen, outlen, params.mode) + outlen; params.encoded = calloc(1, enclen); - result = argon2_hash(2 /*timeCost*/, params.memcost, params.lanes, params.password, params.pwdLen, + result = argon2_hash(params.iterations, params.memcost, params.lanes, params.password, params.pwdLen, params.salt, params.saltLen, out, outlen, params.encoded, enclen, params.mode, params.version); if (result == 0){ @@ -4816,12 +4937,12 @@ int my_EVP_PKEY_keygen_init(EVP_PKEY_CTX* ctx) static int my_EVP_PKEY_keygen(ICClib* pcb, EVP_PKEY_CTX* cctx, EVP_PKEY** ppkey) { - int rv = 0; + int rv = 0; int nid = 0; - int fips = 0; /* FIPS allowed */ + int fips = 0; /* FIPS allowed */ int done = 0, tries = 0, maxRetry = 100; - RAND_seed(NULL,0); /* Reseed before keygen */ + RAND_seed(NULL, 0); /* Reseed before keygen */ for (tries = 0; !done && tries < maxRetry; tries++) { rv = EVP_PKEY_keygen(cctx, ppkey); done = 1; @@ -4859,72 +4980,72 @@ int my_EVP_PKEY_keygen(ICClib* pcb, EVP_PKEY_CTX* cctx, EVP_PKEY** ppkey) rv = 0; } - if ((pcb != NULL) && (pcb->flags & ICC_FIPS_FLAG)) - { + if ((pcb != NULL) && (pcb->flags & ICC_FIPS_FLAG)) + { int rc = 0; size_t siglen = 512; int check = 0; if ((1 == rv) && (NULL != ppkey)) - { + { EVP_PKEY* pkey = *ppkey; fips = PKEY_FIPS_id(pkey, &check, &nid); - if (1 == check) - { + if (1 == check) + { const EVP_MD* md = NULL; EVP_MD_CTX* md_ctx = NULL; - md_ctx = EVP_MD_CTX_new(); + md_ctx = EVP_MD_CTX_new(); md = EVP_get_digestbyname("SHA-224"); - if (NULL != md_ctx) - { + if (NULL != md_ctx) + { unsigned char* refsig = NULL; - refsig = ICC_Malloc(8192, __FILE__, __LINE__); /* Large enough for a 4K RSA signature, we won't hit this with anything larger */ - if (NULL != refsig) - { + refsig = ICC_Malloc(8192, __FILE__, __LINE__); /* Large enough for a 4K RSA signature, we won't hit this with anything larger */ + if (NULL != refsig) + { static unsigned char in[32] = "01234567890abcdefghi01234567890"; int inlen = 20; rc = EVP_DigestSignInit(md_ctx, &cctx, md, NULL, pkey); - if (1 == rc) - { + if (1 == rc) + { rc = EVP_DigestSign(md_ctx, refsig, &siglen, in, inlen); - } - if (1 == rc) - { + } + if (1 == rc) + { rc = EVP_DigestVerifyInit(md_ctx, &cctx, md, NULL, pkey); - } - if (1 == rc) - { - rc = EVP_DigestVerify(md_ctx, refsig, siglen, in, inlen); - } - if (1 != rc) - { + } + if (1 == rc) + { + rc = EVP_DigestVerify(md_ctx, refsig, siglen, in, inlen); + } + if (1 != rc) + { if (NULL != pkey) - { + { EVP_PKEY_free(pkey); *ppkey = NULL; - } - rv = -1; + } + rv = -1; + } + ICC_Free(refsig); + } + EVP_MD_CTX_free(md_ctx); } - ICC_Free(refsig); - } - EVP_MD_CTX_free(md_ctx); - } + } + } + if (2 == check) { + fips = 0; /* DSA */ } - } - if(2 == check) { - fips = 0; /* DSA */ - } } if ((NULL != pcb) && (NULL != pcb->callback) && (NULL != ppkey) && (NULL != *ppkey)) - { - (*pcb->callback)("ICC_EVP_PKEY_keygen", nid, fips); - } + { + (*pcb->callback)("ICC_EVP_PKEY_keygen", nid, fips); + } if ((NULL != pcb) && (NULL != pcb->trace_callback)) { (*pcb->trace_callback)("ICC_EVP_PKEY_keygen", __func__); } - return rv; + return rv; } @@ -5348,9 +5469,9 @@ int my_DH_compute_key_padded(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH * #define HKDF_MAXBUF 1024 unsigned char *HKDF_Extract(ICClib *pcb,const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, - unsigned char *prk, size_t *prk_len) + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, + unsigned char *prk, size_t *prk_len) { unsigned int tmp_len = 0; HMAC_CTX *hmac = NULL; @@ -5364,9 +5485,9 @@ unsigned char *HKDF_Extract(ICClib *pcb,const EVP_MD *evp_md, } unsigned char *HKDF_Expand(ICClib *pcb,const EVP_MD *evp_md, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) + const unsigned char *prk, size_t prk_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { HMAC_CTX *hmac = NULL; unsigned int i; @@ -5440,10 +5561,10 @@ unsigned char *HKDF_Expand(ICClib *pcb,const EVP_MD *evp_md, } unsigned char *HKDF(ICClib *pcb,const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { unsigned char prk[ICC_EVP_MAX_MD_SIZE]; unsigned char *ret = NULL; @@ -5454,7 +5575,7 @@ unsigned char *HKDF(ICClib *pcb,const EVP_MD *evp_md, ret = HKDF_Expand(pcb,evp_md, prk, prk_len, info, info_len, okm, okm_len); memset(prk,0,sizeof(prk)); - + return ret; } /* Copied from OpenSSL-FIPS */ diff --git a/icc/icclib.h b/icc/icclib.h index ed23abe..0f833b6 100644 --- a/icc/icclib.h +++ b/icc/icclib.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/icctest.c b/icc/icctest.c index 68d21bb..be6853b 100644 --- a/icc/icctest.c +++ b/icc/icctest.c @@ -1,14 +1,13 @@ /************************************************************************* -// Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution. + Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. *************************************************************************/ /************************************************************************* -// Description: Unit test for ICC -// + Description: Unit test for ICC *************************************************************************/ #include @@ -26,6 +25,7 @@ /* default is ICC_ namespace */ /* note: GSKit V8 loads ICC into global symbol with ICC_ symbols */ #include "icc.h" +#include "iccversion.h" /* Consider using the --tool=massif stacks=yes option to Valgrind instead #define STACK_DEBUG @@ -706,93 +706,93 @@ int doEVPEnvelopeAndSignatureUnitTest(ICC_CTX *ICC_ctx) rv = ICC_ERROR; } else { - check_stack(1); - ICC_EVP_MD_CTX_init(ICC_ctx,md_ctx); - check_stack(1); - md = ICC_EVP_get_digestbyname(ICC_ctx,"SHA1"); - - check_stack(1); - cipher_ctx = ICC_EVP_CIPHER_CTX_new(ICC_ctx); - ICC_EVP_CIPHER_CTX_init(ICC_ctx,cipher_ctx); - cipher = ICC_EVP_get_cipherbyname(ICC_ctx,"AES-128-CBC"); - check_stack(1); - OSSLE(ICC_ctx); - pkey[0] = ICC_EVP_PKEY_new(ICC_ctx); - ICC_EVP_PKEY_set1_RSA(ICC_ctx,pkey[0],rsa); - check_stack(1); - retcode = ICC_EVP_SealInit(ICC_ctx,cipher_ctx,cipher,keyp,&ekeylen,iv,pkey,1); - OSSLE(ICC_ctx); - retcode = ICC_EVP_SealUpdate(ICC_ctx,cipher_ctx,buf2,&int1,buf1,20); - i1 = int1; - retcode = ICC_EVP_SealFinal(ICC_ctx,cipher_ctx,buf2+int1,&int1); - i1 += int1; - ICC_EVP_CIPHER_CTX_cleanup(ICC_ctx,cipher_ctx); - OSSLE(ICC_ctx); - check_stack(1); - retcode = ICC_EVP_OpenInit(ICC_ctx,cipher_ctx,cipher,key,ekeylen,iv,pkey[0]); - retcode = ICC_EVP_OpenUpdate(ICC_ctx,cipher_ctx,buf1,&int1,buf2,i1); - retcode = ICC_EVP_OpenFinal(ICC_ctx,cipher_ctx,buf1+int1,&int1); - OSSLE(ICC_ctx); - check_stack(1); - ICC_EVP_PKEY_id(ICC_ctx,pkey[0]); - ICC_EVP_CIPHER_CTX_cleanup(ICC_ctx,cipher_ctx); - retcode = ICC_EVP_CIPHER_CTX_free(ICC_ctx,cipher_ctx); - check_stack(1); - ICC_EVP_SignInit(ICC_ctx,md_ctx,md); - ICC_EVP_SignUpdate(ICC_ctx,md_ctx,NULL,0); - retcode = ICC_EVP_SignFinal(ICC_ctx,md_ctx,buf1,(unsigned int *)&int1,pkey[0]); - OSSLE(ICC_ctx); - ICC_EVP_VerifyInit(ICC_ctx,md_ctx,md); - ICC_EVP_VerifyUpdate(ICC_ctx,md_ctx,NULL,0); - retcode = ICC_EVP_VerifyFinal(ICC_ctx,md_ctx,buf1,(unsigned int)int1,pkey[0]); - OSSLE(ICC_ctx); - ICC_EVP_MD_CTX_cleanup(ICC_ctx,md_ctx); - check_stack(1); - - OSSLE(ICC_ctx); - - check_stack(1); - nid = ICC_OBJ_txt2nid(ICC_ctx,"SHA1"); - ICC_RSA_sign(ICC_ctx,nid,buf2,20,buf1,&uint1,rsa); - ICC_RSA_verify(ICC_ctx,nid,buf2,20,buf1,uint1,rsa); - check_stack(1); - ICC_EVP_PKEY_free(ICC_ctx,pkey[0]); - retcode = ICC_EVP_MD_CTX_cleanup(ICC_ctx,md_ctx); - retcode = ICC_EVP_MD_CTX_free(ICC_ctx,md_ctx); - - - check_stack(1); - /* RSA PSS section */ - md_ctx = ICC_EVP_MD_CTX_new(ICC_ctx); - pkey[0] = ICC_EVP_PKEY_new(ICC_ctx); - ICC_EVP_PKEY_set1_RSA(ICC_ctx,pkey[0],rsa); - printf("\tEVP_Digest[Sign/Verify] "); - if(ICC_NOT_IMPLEMENTED != ICC_EVP_DigestSignInit(ICC_ctx,md_ctx,&pctx,md,NULL,pkey[0])) { - (void)ICC_EVP_PKEY_CTX_get0_pkey(ICC_ctx,pctx); /* Just code coverage */ - ICC_EVP_PKEY_CTX_ctrl(ICC_ctx,pctx,ICC_EVP_PKEY_RSA,-1,ICC_EVP_PKEY_CTRL_RSA_PADDING,ICC_RSA_PKCS1_PSS_PADDING,NULL); - ICC_EVP_SignUpdate(ICC_ctx,md_ctx,NULL,0); - ICC_EVP_DigestSignFinal(ICC_ctx,md_ctx,NULL,&uint2); - ICC_EVP_DigestSignFinal(ICC_ctx,md_ctx,buf2,&uint2); - OSSLE(ICC_ctx); - ICC_EVP_DigestVerifyInit(ICC_ctx,md_ctx,&pctx,md,NULL,pkey[0]); - ICC_EVP_PKEY_CTX_ctrl(ICC_ctx,pctx,ICC_EVP_PKEY_RSA,-1,ICC_EVP_PKEY_CTRL_RSA_PADDING,ICC_RSA_PKCS1_PSS_PADDING,NULL); - ICC_EVP_VerifyUpdate(ICC_ctx,md_ctx,NULL,0); - ICC_EVP_DigestVerifyFinal(ICC_ctx,md_ctx,buf2,uint2); - OSSLE(ICC_ctx); - printf("\n"); + check_stack(1); + ICC_EVP_MD_CTX_init(ICC_ctx, md_ctx); + check_stack(1); + md = ICC_EVP_get_digestbyname(ICC_ctx, "SHA1"); + + check_stack(1); + cipher_ctx = ICC_EVP_CIPHER_CTX_new(ICC_ctx); + ICC_EVP_CIPHER_CTX_init(ICC_ctx, cipher_ctx); + cipher = ICC_EVP_get_cipherbyname(ICC_ctx, "AES-128-CBC"); + check_stack(1); + OSSLE(ICC_ctx); + pkey[0] = ICC_EVP_PKEY_new(ICC_ctx); + ICC_EVP_PKEY_set1_RSA(ICC_ctx, pkey[0], rsa); + check_stack(1); + retcode = ICC_EVP_SealInit(ICC_ctx, cipher_ctx, cipher, keyp, &ekeylen, iv, pkey, 1); + OSSLE(ICC_ctx); + retcode = ICC_EVP_SealUpdate(ICC_ctx, cipher_ctx, buf2, &int1, buf1, 20); + i1 = int1; + retcode = ICC_EVP_SealFinal(ICC_ctx, cipher_ctx, buf2 + int1, &int1); + i1 += int1; + ICC_EVP_CIPHER_CTX_cleanup(ICC_ctx, cipher_ctx); + OSSLE(ICC_ctx); + check_stack(1); + retcode = ICC_EVP_OpenInit(ICC_ctx, cipher_ctx, cipher, key, ekeylen, iv, pkey[0]); + retcode = ICC_EVP_OpenUpdate(ICC_ctx, cipher_ctx, buf1, &int1, buf2, i1); + retcode = ICC_EVP_OpenFinal(ICC_ctx, cipher_ctx, buf1 + int1, &int1); + OSSLE(ICC_ctx); + check_stack(1); + ICC_EVP_PKEY_id(ICC_ctx, pkey[0]); + ICC_EVP_CIPHER_CTX_cleanup(ICC_ctx, cipher_ctx); + retcode = ICC_EVP_CIPHER_CTX_free(ICC_ctx, cipher_ctx); + check_stack(1); + ICC_EVP_SignInit(ICC_ctx, md_ctx, md); + ICC_EVP_SignUpdate(ICC_ctx, md_ctx, NULL, 0); + retcode = ICC_EVP_SignFinal(ICC_ctx, md_ctx, buf1, (unsigned int*)&int1, pkey[0]); + OSSLE(ICC_ctx); + ICC_EVP_VerifyInit(ICC_ctx, md_ctx, md); + ICC_EVP_VerifyUpdate(ICC_ctx, md_ctx, NULL, 0); + retcode = ICC_EVP_VerifyFinal(ICC_ctx, md_ctx, buf1, (unsigned int)int1, pkey[0]); + OSSLE(ICC_ctx); + ICC_EVP_MD_CTX_cleanup(ICC_ctx, md_ctx); + check_stack(1); + + OSSLE(ICC_ctx); + + check_stack(1); + nid = ICC_OBJ_txt2nid(ICC_ctx, "SHA1"); + ICC_RSA_sign(ICC_ctx, nid, buf2, 20, buf1, &uint1, rsa); + ICC_RSA_verify(ICC_ctx, nid, buf2, 20, buf1, uint1, rsa); + check_stack(1); + ICC_EVP_PKEY_free(ICC_ctx, pkey[0]); + retcode = ICC_EVP_MD_CTX_cleanup(ICC_ctx, md_ctx); + retcode = ICC_EVP_MD_CTX_free(ICC_ctx, md_ctx); + + + check_stack(1); + /* RSA PSS section */ + md_ctx = ICC_EVP_MD_CTX_new(ICC_ctx); + pkey[0] = ICC_EVP_PKEY_new(ICC_ctx); + ICC_EVP_PKEY_set1_RSA(ICC_ctx, pkey[0], rsa); + printf("\tEVP_Digest[Sign/Verify] "); + if (ICC_NOT_IMPLEMENTED != ICC_EVP_DigestSignInit(ICC_ctx, md_ctx, &pctx, md, NULL, pkey[0])) { + (void)ICC_EVP_PKEY_CTX_get0_pkey(ICC_ctx, pctx); /* Just code coverage */ + ICC_EVP_PKEY_CTX_ctrl(ICC_ctx, pctx, ICC_EVP_PKEY_RSA, -1, ICC_EVP_PKEY_CTRL_RSA_PADDING, ICC_RSA_PKCS1_PSS_PADDING, NULL); + ICC_EVP_SignUpdate(ICC_ctx, md_ctx, NULL, 0); + ICC_EVP_DigestSignFinal(ICC_ctx, md_ctx, NULL, &uint2); + ICC_EVP_DigestSignFinal(ICC_ctx, md_ctx, buf2, &uint2); + OSSLE(ICC_ctx); + ICC_EVP_DigestVerifyInit(ICC_ctx, md_ctx, &pctx, md, NULL, pkey[0]); + ICC_EVP_PKEY_CTX_ctrl(ICC_ctx, pctx, ICC_EVP_PKEY_RSA, -1, ICC_EVP_PKEY_CTRL_RSA_PADDING, ICC_RSA_PKCS1_PSS_PADDING, NULL); + ICC_EVP_VerifyUpdate(ICC_ctx, md_ctx, NULL, 0); + ICC_EVP_DigestVerifyFinal(ICC_ctx, md_ctx, buf2, uint2); + OSSLE(ICC_ctx); + printf("\n"); } else { - printf("N/A\n"); - } + printf("N/A\n"); + } - ICC_EVP_MD_CTX_free(ICC_ctx,md_ctx); - ICC_EVP_PKEY_free(ICC_ctx,pkey[0]); - if(retcode != 1) { - rv = retcode; + ICC_EVP_MD_CTX_free(ICC_ctx, md_ctx); + ICC_EVP_PKEY_free(ICC_ctx, pkey[0]); + if (retcode != 1) { + rv = retcode; + } + ICC_RSA_free(ICC_ctx, rsa); + printf("EVP Envelope And Signature Unit test successfully completed!\n"); } - ICC_RSA_free(ICC_ctx,rsa); - printf("EVP Envelope And Signature Unit test successfully completed!\n"); - } } if(NULL != status) { free(status); @@ -3177,23 +3177,23 @@ int doPostStartupTest(ICC_CTX *ICC_ctx, ICC_STATUS *status) { #if 0 /* this may fail if the path is actually shorter than 9 bytes */ { - char value1[9]; /* Deliberately broken */ - - value1[0] = '\0'; - check_stack(0); - /* This SHOULD return an error, but caused a segv on earlier ICC's */ - retcode = ICC_GetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value1, 9); - if (retcode == ICC_OK) { - printf("ICC vulnerable to buffer overrun in ICC_GetValue() - expect a " - "crash [%s]\n", - value1); - rv = ICC_ERROR; - } - retcode = ICC_SetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value1); - if( retcode == ICC_OK) { - printf("ICC vulnerable to invalid ICC_SetValue() - expect a crash [%s]\n",value1); - rv = ICC_ERROR; - } + char value1[9]; /* Deliberately broken */ + + value1[0] = '\0'; + check_stack(0); + /* This SHOULD return an error, but caused a segv on earlier ICC's */ + retcode = ICC_GetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value1, 9); + if (retcode == ICC_OK) { + printf("ICC vulnerable to buffer overrun in ICC_GetValue() - expect a " + "crash [%s]\n", + value1); + rv = ICC_ERROR; + } + retcode = ICC_SetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value1); + if( retcode == ICC_OK) { + printf("ICC vulnerable to invalid ICC_SetValue() - expect a crash [%s]\n",value1); + rv = ICC_ERROR; + } } #endif value[0] = '\0'; @@ -3478,11 +3478,11 @@ int doUnitTest(const char* iccPath, int test,char *fips, int unicode) if(testnum == exclude) { testnum = testnum + 1; } else { - OSSLE(ICC_ctx); - testnum = runTest(ICC_ctx, status, testnum); + OSSLE(ICC_ctx); + testnum = runTest(ICC_ctx, status, testnum); + } } } - } else { testnum = 0; @@ -3555,15 +3555,6 @@ int doUnitTest(const char* iccPath, int test,char *fips, int unicode) return rv; } - -/* from iccversion.h*/ -#ifndef ICC_GIT_BRANCH -#define ICC_GIT_BRANCH "n/a" -#endif -#ifndef ICC_GIT_HASH -#define ICC_GIT_HASH "n/a" -#endif - static void usage(char *prgname,char *text) { static const char* ICC_vinfo = @@ -3616,10 +3607,10 @@ int main(int argc, char *argv[]) } } else if(strncmp("-t",argv[argi],2) == 0) { if(argc > (argi+1)) { - tuner = atoi(argv[argi+1]); - argi++; + tuner = atoi(argv[argi+1]); + argi++; } else { - tuner = 2; + tuner = 2; } } else if(strncmp("-x",argv[argi],2) == 0) { if(argc > (argi+1)) { diff --git a/icc/iccversion.h b/icc/iccversion.h index 18dae41..b116195 100644 --- a/icc/iccversion.h +++ b/icc/iccversion.h @@ -1,14 +1,13 @@ /************************************************************************* -// Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy -// in the file LICENSE in the source distribution. + Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. *************************************************************************/ /************************************************************************* -// Description: ICC Version -// + Description: ICC Version *************************************************************************/ #ifndef INCLUDED_ICCVERSION @@ -30,9 +29,6 @@ #else /* !ICC_OFFICIAL_BUILD */ -# define ICC_PRODUCT_NAME "ICC" -# define ICC_VERSION_MOD 0 -# define ICC_VERSION_FIX 0 # define ICC_BUILD_DATE 0 # define ICC_BUILD_TIME 0 # define ICC_EXTRACT_DATE 0 @@ -42,6 +38,15 @@ /* these will normally come from buildinfo.h */ +#ifndef ICC_PRODUCT_NAME +#define ICC_PRODUCT_NAME "ICC" +#endif +#if !defined(ICC_VERSION_MOD) +#define ICC_VERSION_MOD 14 +#endif +#if !defined(ICC_VERSION_FIX) +#define ICC_VERSION_FIX 0 +#endif #ifndef ICC_GIT_BRANCH #define ICC_GIT_BRANCH "n/a" #endif @@ -55,14 +60,6 @@ #define OCKC_GIT_HASH "n/a" #endif -#if !defined(ICC_VERSION_MOD) -# define ICC_VERSION_MOD 11 -#endif - -#if !defined(ICC_VERSION_FIX) -#define ICC_VERSION_FIX 0 -#endif - /* Utility MACROs */ #define MAKESTRING_REALLY(x) #x #define MAKESTRING(x) MAKESTRING_REALLY(x) diff --git a/icc/induced.h b/icc/induced.h index 3fde2c0..a8d5ac6 100644 --- a/icc/induced.h +++ b/icc/induced.h @@ -1,7 +1,7 @@ /*---------------------------------------------------------------------------- // Copyright IBM Corp. 2023 -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. // // Description: diff --git a/icc/loaded.c b/icc/loaded.c index e3449cb..d0dd5df 100644 --- a/icc/loaded.c +++ b/icc/loaded.c @@ -1,5 +1,5 @@ /************************************************************************* -// Copyright IBM Corp. 2023 +// Copyright IBM Corp. 2025 // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,8 @@ #include "loaded.h" #include "tracer.h" +/* module: -D MYNAME=icclib$(VTAG) */ +/* step: -D MYNAME=gskiccs8 */ #if !defined(LIBNAME) #define LIBNAME ICCDLL_NAME @@ -41,6 +43,7 @@ @param path_len The maximum allowed path (sizeof(returned_len) -1) @return The path length, -1 if invalid input, or 0 on fail. */ +static int FUNCTION_NAME(MYNAME,_path)(char *returned_path,int path_len) { @@ -97,6 +100,7 @@ int FUNCTION_NAME(MYNAME,_path)(char *returned_path,int path_len) #if defined(_WIN32) +static int FUNCTION_NAME(MYNAME,_pathW)(wchar_t *returned_path,int path_len) { @@ -150,63 +154,81 @@ int FUNCTION_NAME(MYNAME,_pathW)(wchar_t *returned_path,int path_len) */ static char *FUNCTION_NAME(MYNAME,_loaded_from)() { - char *dirName = NULL; /*this library's initial directory name */ - char *result = NULL; - char *path = LIBNAME; + char *dirName = NULL; /*this library's initial directory name */ + char *result = NULL; HMODULE libHandle; IN(); - dirName = (char *)calloc(MAX_PATH,1); - libHandle = GetModuleHandleA(path); - if (!libHandle) { - libHandle = GetModuleHandleA(NULL); + dirName = (char *)calloc(MAX_PATH, sizeof(char)); + + if (GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, + (LPCWSTR) &FUNCTION_NAME(MYNAME, _loaded_from), &libHandle) == 0) + { + char buf[256]; + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + buf, (sizeof(buf) / sizeof(char)), NULL); + MARK("GetModuleHandleExA ", buf); } - if(NULL != dirName) { - if (libHandle && - GetModuleFileNameA(libHandle,dirName, MAX_PATH-1) < MAX_PATH) { - MARK("dirName",dirName != NULL ? dirName : "NULL"); - result = (char *)calloc(strlen(dirName)+1,1); + + if(NULL != dirName && NULL != libHandle) { + int rc = GetModuleFileNameA(libHandle, dirName, MAX_PATH); + if (rc != 0 && rc < MAX_PATH) { + result = (char *)calloc(strlen(dirName), sizeof(char)); if (NULL != result) { - strncpy(result, dirName,strlen(dirName)); + strncpy(result, dirName, strlen(dirName)); } + } else { + char buf[256]; + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + buf, (sizeof(buf) / sizeof(char)), NULL); + MARK("GetModuleFileNameA ", buf); } free(dirName); } + MARK("path",(NULL != result) ? result:"NULL"); OUT(); - return result; + return result; } -static wchar_t * FUNCTION_NAME(MYNAME,_loaded_fromW)() -{ - wchar_t *dirName = NULL; /*this library's initial directory name */ - wchar_t *result = NULL; - wchar_t *path = NULL; +static wchar_t * FUNCTION_NAME(MYNAME, _loaded_fromW)() +{ + wchar_t *dirName = NULL; /*this library's initial directory name */ + wchar_t *result = NULL; HMODULE libHandle; IN(); - path = (wchar_t *)calloc(MAX_PATH,sizeof(wchar_t)); - MultiByteToWideChar(CP_ACP,0, - LIBNAME,-1, - path,MAX_PATH-1); + dirName = (wchar_t *)calloc(MAX_PATH, sizeof(wchar_t)); + + if (GetModuleHandleExW(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, + (LPCWSTR) &FUNCTION_NAME(MYNAME, _loaded_fromW), &libHandle) == 0) + { + char buf[256]; + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + buf, (sizeof(buf) / sizeof(char)), NULL); + MARK("GetModuleHandleEx ", buf); + } - dirName = (wchar_t *)calloc(MAX_PATH,sizeof(wchar_t)); - libHandle = GetModuleHandleW(path); - if(NULL != dirName) { - if (libHandle && - GetModuleFileNameW(libHandle,dirName, MAX_PATH-1) < MAX_PATH) { - - result = (wchar_t *)calloc(wcslen(dirName)+1,sizeof(wchar_t)); + if(NULL != dirName && NULL != libHandle) { + int rc = GetModuleFileNameW(libHandle, dirName, MAX_PATH); + if (rc != 0 && rc < MAX_PATH) { + result = (wchar_t *)calloc(wcslen(dirName), sizeof(wchar_t)); if (NULL != result) { - wcsncpy(result, dirName,wcslen(dirName)); + wcsncpy(result, dirName, wcslen(dirName)); } + } else { + char buf[256]; + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + buf, (sizeof(buf) / sizeof(char)), NULL); + MARK("GetModuleFileNameW ", buf); } free(dirName); } - if(NULL != path) { - free(path); - } - + OUT(); - return result; + return result; } diff --git a/icc/loaded.h b/icc/loaded.h index 66de341..8d7103e 100644 --- a/icc/loaded.h +++ b/icc/loaded.h @@ -8,7 +8,7 @@ /************************************************************************* // Description: Manually created source for the ICCPKG wrapper for GSkit -// +// *************************************************************************/ #if !defined(LOADED_H) @@ -72,12 +72,12 @@ #define MAKE_FN_NAME(x,y) MAKE_FN_NAME2(MAKE_FN_NAME2(MAKE_FN_NAME2(MAKE_FN_NAME2(MAKE_FN_NAME2(MAKE_FN_NAME2(x,y),ICC_VERSION_VER),_),ICC_VERSION_REL),_),ICC_VERSION_MOD) #define FUNCTION_NAME(x,y) MAKE_FN_NAME(x,y) -int FUNCTION_NAME(MYNAME,_path)(char *returned_path,int path_len); +static int FUNCTION_NAME(MYNAME,_path)(char *returned_path,int path_len); static char *FUNCTION_NAME(MYNAME,_loaded_from)(); #if defined(_WIN32) -int FUNCTION_NAME(MYNAME,_pathW)(wchar_t *returned_path,int path_len); +static int FUNCTION_NAME(MYNAME,_pathW)(wchar_t *returned_path,int path_len); static wchar_t *FUNCTION_NAME(MYNAME,_loaded_fromW)(); #endif /* _WIN32 */ diff --git a/icc/ossl.mk b/icc/ossl.mk index aa36c16..78ff594 100644 --- a/icc/ossl.mk +++ b/icc/ossl.mk @@ -32,10 +32,10 @@ UNIX_APP_DIR = $(OSSL_DIR)/apps # -lnsl -lsocket etc on various platforms # UNIX_SLIBCRYPTO = $(OSSL_DIR)/libcrypto.a -UNIX_SLIBSSL = $(OSSL_DIR)/libssl.a +UNIX_SLIBSSL = $(OSSL_DIR)/libssl.a UNIX_OPENSSL_LIBS = $(UNIX_SLIBSSL) $(UNIX_SLIBCRYPTO) -WIN_APP_DIR = $(OSSL_DIR)/tmp32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) +WIN_APP_DIR = $(OSSL_DIR)/tmp32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) WIN_LIB_DIR = $(OSSL_DIR)/out32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) WIN_SLIBCRYPTO = $(OSSL_DIR)/libcrypto_static.lib WIN_SLIBSSL = $(OSSL_DIR)/libssl_static.lib @@ -44,8 +44,8 @@ WIN_OPENSSL_LIBS = wsock32.lib WIN32_APP_DIR = $(WIN_APP_DIR) WIN32_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) -WIN32_SLIBCRYPTO = $(WIN_SLIBCRYPTO) -WIN32_SLIBSSL = $(WIN_SLIBSSL) +WIN32_SLIBCRYPTO = $(WIN_SLIBCRYPTO) +WIN32_SLIBSSL = $(WIN_SLIBSSL) WIN64_AMD_APP_DIR = $(WIN_APP_DIR) WIN64_AMD_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) diff --git a/icc/platform.h b/icc/platform.h index b50426d..4cad16f 100644 --- a/icc/platform.h +++ b/icc/platform.h @@ -32,7 +32,7 @@ extern "C" { #if !defined VTAG #pragma message("VTAG not defined") -#define VTAG 0 +#define VTAG 085 #endif /* diff --git a/icc/platforms.mk b/icc/platforms.mk index 3409b32..b0cdf58 100644 --- a/icc/platforms.mk +++ b/icc/platforms.mk @@ -24,7 +24,7 @@ DEFAULT_CXX = cl -TP DEFAULT_debug_CFLAGS = -MDd -Zi -D DEBUG -RTCu # Optimization off generates faster starting code ... DEFAULT_release_CFLAGS = -MD -Zi -DEFAULT_CFLAGS = -nologo $($(OPSYS)_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D $(OPSYS) -D _MBCS -D_CRT_SECURE_NO_WARNINGS -c +DEFAULT_CFLAGS = -nologo $($(OPSYS)_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D $(OPSYS) -D _MBCS -D_CRT_SECURE_NO_WARNINGS -c DEFAULT_CXXFLAGS = $($(OPSYS)_CFLAGS) DEFAULT_LD = link DEFAULT_LD_CXX = link @@ -36,7 +36,7 @@ DEFAULT_LDXXFLAGS = $($(OPSYS)_LDFLAGS) DEFAULT_SLDFLAGS = -dll $($(OPSYS)_LDFLAGS) DEFAULT_ARFLAGS = -lib -nologo -out:$@ DEFAULT_release_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib -DEFAULT_debug_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib +DEFAULT_debug_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib DEFAULT_LDLIBS = -DYNAMICBASE -NXCOMPAT $($(OPSYS)_$(CONFIG)_LDLIBS) DEFAULT_OBJSUFX = .obj DEFAULT_EXESUFX = .exe @@ -45,9 +45,9 @@ DEFAULT_SHLPRFX = DEFAULT_SHLSUFX = .dll DEFAULT_STLPRFX = DEFAULT_STLSUFX = .lib -DEFAULT_debug_STRIP = touch -DEFAULT_release_STRIP = touch -DEFAULT_OUT = -Fo +DEFAULT_debug_STRIP = touch +DEFAULT_release_STRIP = touch +DEFAULT_OUT = -Fo DEFAULT_CFLAGS2 = $($(OPSYS)_CFLAGS) DEFAULT_LDFLAGS2 = $($(OPSYS)_LDFLAGS) DEFAULT_SLDFLAGS2 = $($(OPSYS)_SLDFLAGS) @@ -72,14 +72,14 @@ $(OPSYS)_CXX = $(DEFAULT_CXX) $(OPSYS)_debug_CFLAGS = $(DEFAULT_debug_CFLAGS) $(OPSYS)_release_CFLAGS = $(DEFAULT_release_CFLAGS) $(OPSYS)_CFLAGS = $(DEFAULT_CFLAGS) -$(OPSYS)_CXXFLAGS = $($(OPSYS)_CFLAGS) +$(OPSYS)_CXXFLAGS = $($(OPSYS)_CFLAGS) $(OPSYS)_LD = $(DEFAULT_LD) $(OPSYS)_LD_CXX = $(DEFAULT_LD_CXX) $(OPSYS)_SLD = $(DEFAULT_LD) $(OPSYS)_AR = $(DEFAULT_AR) $(OPSYS)_debug_LDFLAGS = $(DEFAULT_debug_LDFLAGS) $(OPSYS)_LDFLAGS = $(DEFAULT_LDFLAGS) -$(OPSYS)_LDXXFLAGS = $($(OPSYS)_LDFLAGS) +$(OPSYS)_LDXXFLAGS = $($(OPSYS)_LDFLAGS) $(OPSYS)_SLDFLAGS = $(DEFAULT_SLDFLAGS) $(OPSYS)_ARFLAGS = $(DEFAULT_ARFLAGS) $(OPSYS)_release_LDLIBS = $(DEFAULT_release_LDLIBS) @@ -91,13 +91,13 @@ $(OPSYS)_SHLPRFX = $(DEFAULT_SHLPRFX) $(OPSYS)_SHLSUFX = $(DEFAULT_SHLSUFX) $(OPSYS)_STLPRFX = $(DEFAULT_STLPRFX) $(OPSYS)_STLSUFX = $(DEFAULT_STLSUFX) -$(OPSYS)_debug_STRIP = $(DEFAULT_debug_STRIP) -$(OPSYS)_release_STRIP = $(DEFAULT_release_STRIP) -$(OPSYS)_OUT = $(DEFAULT_OUT) +$(OPSYS)_debug_STRIP = $(DEFAULT_debug_STRIP) +$(OPSYS)_release_STRIP = $(DEFAULT_release_STRIP) +$(OPSYS)_OUT = $(DEFAULT_OUT) $(OPSYS)_CFLAGS2 = $(DEFAULT_CFLAGS2) $(OPSYS)_LDFLAGS2 = $(DEFAULT_LDFLAGS2) $(OPSYS)_SLDFLAGS2 = $(DEFAULT_SLDFLAGS2) -$(OPSYS)_MT = $(DEFAULT_MT) +$(OPSYS)_MT = $(DEFAULT_MT) $(OPSYS)_MUPPET = $(DEFAULT_MUPPET) #--- VisualC++ definitions on Win32 @@ -116,7 +116,7 @@ WIN32_SLD = $(WIN32_LD) WIN32_AR = $(WIN32_LD) WIN32_debug_LDFLAGS = WIN32_LDFLAGS = -DYNAMICBASE -NXCOMPAT -nologo -DEBUG -out:$@ -WIN32_SLDFLAGS = -dll $(WIN32_LDFLAGS) +WIN32_SLDFLAGS = -dll $(WIN32_LDFLAGS) WIN32_ARFLAGS = -lib -nologo -out:$@ WIN32_release_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib WIN32_debug_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib @@ -191,7 +191,7 @@ WIN32_VS2013_AR = $(WIN32_LD) WIN32_VS2013_debug_LDFLAGS = WIN32_VS2013_LDFLAGS = -DYNAMICBASE -NXCOMPAT -nologo -DEBUG -out:$@ WIN32_VS2013_SLDFLAGS = -dll $(WIN32_VS2013_LDFLAGS) -WIN32_VS2013_ARFLAGS = -lib -nologo -out:$@ +WIN32_VS2013_ARFLAGS = -lib -nologo -out:$@ WIN32_VS2013_release_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib WIN32_VS2013_debug_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib WIN32_VS2013_LDLIBS = -DYNAMICBASE -NXCOMPAT $(WIN32_$(CONFIG)_LDLIBS) @@ -903,10 +903,10 @@ S390_LINUX_CP = cp -f S390_LINUX_DEBUGGER = ddd S390_LINUX_CC = $(LINUX_CC) S390_LINUX_CXX = $(LINUX_CXX) -S390_LINUX_CFLAGS = -m31 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c +S390_LINUX_CFLAGS = -m31 -std=gnu99 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c S390_LINUX_debug_CFLAGS = S390_LINUX_release_CFLAGS = -S390_LINUX_CXXFLAGS = -m31 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +S390_LINUX_CXXFLAGS = -m31 -std=gnu99 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c S390_LINUX_LD = $(S390_LINUX_CC) S390_LINUX_LD_CXX = $(S390_LINUX_CXX) S390_LINUX_SLD = $(S390_LINUX_LD) @@ -981,7 +981,7 @@ ZOS_CFLAGS = $(ZOS_$(CONFIG)_CFLAGS) -DCHARSET_EBCDIC -DOPEN_THREADS=2 - # and similar files exported no symbols... -D_REENTRANT -c ZOS_LD = $(ZOS_CC) # Correct, use the C compiler to link. -ZOS_LD_CXX = $(ZOS_CC) +ZOS_LD_CXX = $(ZOS_CXX) ZOS_SLD = $(ZOS_LD) ZOS_AR = ar ZOS_LDFLAGS = -Wl,dll,xplink,lp64 $(ZOS_OUT) $@ @@ -1017,7 +1017,7 @@ ZOSA_CXXFLAGS = $(ZOSA_CFLAGS) # and similar files exported no symbols... -D_REENTRANT -c ZOSA_LD = $(ZOSA_CC) # Correct, use the C compiler to link. -ZOSA_LD_CXX = $(ZOSA_CC) +ZOSA_LD_CXX = $(ZOSA_CXX) ZOSA_SLD = $(ZOSA_LD) ZOSA_AR = ar ZOSA_LDFLAGS = -Wl,dll,xplink,lp64 $(ZOS_OUT) $@ @@ -1053,7 +1053,7 @@ ZOS31_CFLAGS = $(ZOS31_$(CONFIG)_CFLAGS) -DCHARSET_EBCDIC -DOPEN_THREADS # and similar files exported no symbols... -D_REENTRANT -c ZOS31_LD = $(ZOS31_CC) # Correct, use the C compiler to link. -ZOS31_LD_CXX = $(ZOS31_CC) +ZOS31_LD_CXX = $(ZOS31_CXX) ZOS31_SLD = $(ZOS31_LD) ZOS31_AR = ar ZOS31_LDFLAGS = -Wl,dll,xplink $(ZOS31_OUT) $@ @@ -1086,7 +1086,7 @@ ZOSA31_CFLAGS = $(ZOSA31_$(CONFIG)_CFLAGS) -DOPEN_THREADS=2 -D_XOPEN_SOU # and similar files exported no symbols... -D_REENTRANT -c ZOSA31_LD = $(ZOSA31_CC) # Correct, use the C compiler to link. -ZOSA31_LD_CXX = $(ZOSA31_CC) +ZOSA31_LD_CXX = $(ZOSA31_CXX) ZOSA31_SLD = $(ZOSA31_LD) ZOSA31_AR = ar ZOSA31_LDFLAGS = -Wl,dll,xplink $(ZOSA31_OUT) $@ @@ -1383,7 +1383,7 @@ HPUX_LDFLAGS = $(HPUX_OUT) $@ HPUX_SLDFLAGS = -z -b $(HPUX_LDFLAGS) +b \$$ORIGIN:/usr/lib -B direct -B symbolic +s HPUX_ICCLIB_LNK = +I iccSLInitializer HPUX_ARFLAGS = -ruv $@ -HPUX_LDLIBS = -lpthread -ldld -lrt +HPUX_LDLIBS = -lpthread -ldld -lrt HPUX_OBJSUFX = .o HPUX_EXESUFX = HPUX_SHLPRFX = lib diff --git a/icc/platforms/1.1.1/API/aes_ccm.c b/icc/platforms/1.1.1/API/aes_ccm.c index 4a478a7..4c4bb71 100644 --- a/icc/platforms/1.1.1/API/aes_ccm.c +++ b/icc/platforms/1.1.1/API/aes_ccm.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/platforms/1.1.1/API/aes_ccm.h b/icc/platforms/1.1.1/API/aes_ccm.h index fe55a17..90278e2 100644 --- a/icc/platforms/1.1.1/API/aes_ccm.h +++ b/icc/platforms/1.1.1/API/aes_ccm.h @@ -2,8 +2,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/platforms/1.1.1/API/aes_gcm.c b/icc/platforms/1.1.1/API/aes_gcm.c index a0ba319..af54a3f 100644 --- a/icc/platforms/1.1.1/API/aes_gcm.c +++ b/icc/platforms/1.1.1/API/aes_gcm.c @@ -483,10 +483,10 @@ int AES_GCM_EncryptUpdate(AES_GCM_CTX *ain, unsigned char *aad, if (NULL != data) { rv = EVP_EncryptUpdate(a->ctx, out, &outl, data, datalen); if (outlen) { - *outlen = outl; + *outlen = outl; + } } } - } return rv; } @@ -534,7 +534,7 @@ int AES_GCM_EncryptUpdate(AES_GCM_CTX *ain, unsigned char *aad, if (NULL != data) { rv = EVP_DecryptUpdate(a->ctx, out, &outl, data, datalen); if (outlen) { - *outlen = outl; + *outlen = outl; } } } diff --git a/icc/platforms/1.1.1/API/aes_gcm.h b/icc/platforms/1.1.1/API/aes_gcm.h index 9704d95..3bdd936 100644 --- a/icc/platforms/1.1.1/API/aes_gcm.h +++ b/icc/platforms/1.1.1/API/aes_gcm.h @@ -2,8 +2,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tools.mk b/icc/tools.mk index 6eebfcd..0dfbefb 100644 --- a/icc/tools.mk +++ b/icc/tools.mk @@ -17,9 +17,12 @@ TOOLS = \ smalltest$(EXESUFX) \ smalltest4$(EXESUFX) \ GenRndData2$(EXESUFX) \ - GenRndDataFIPS$(EXESUFX) \ + nist_algs$(EXESUFX) \ sha256x$(EXESUFX) +# Not currently built because it's the same as GenRndData +# GenRndDataFIPS$(EXESUFX) + # Disabled. Tried, didn't work # FIPS_mem_collector$(EXESUFX) \ # FIPS_filter_lt$(EXESUFX) \ @@ -115,16 +118,16 @@ icclib_sa$(OBJSUFX): icclib.c loaded.c loaded.h tracer.h extsig.h $(SDK_DIR)/mys icclib_sa$(EXESUFX): icclib_sa$(OBJSUFX) $(ARGON) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile extsig$(OBJSUFX) signer$(EXESUFX) $(LD) $(LDFLAGS) icclib_sa$(OBJSUFX) $(ARGON) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/*$(OBJSUFX) $(LDLIBS) $(PQCLIBS) - $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCLIB_SA.txt privkey.rsa -SELF -FILE icclib_sa$(EXESUFX) $(TWEAKS) + $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCLIB_SA.txt privkey.rsa -SELF -FILE icclib_sa$(EXESUFX) $(TWEAKS) #- Build ICC test executables -smalltest$(OBJSUFX): tools/smalltest.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h - $(CC) $(CFLAGS) -I./ -I $(SDK_DIR) tools/smalltest.c +smalltest$(OBJSUFX): tools/smalltest.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h + $(CC) $(CFLAGS) -I./ -I $(SDK_DIR) tools/smalltest.c smalltest$(EXESUFX): $(ICCDLL) $(ICCLIB) smalltest$(OBJSUFX) - $(LD) $(LDFLAGS) smalltest$(OBJSUFX) $(ICCLIB) $(LDLIBS) + $(LD) $(LDFLAGS) smalltest$(OBJSUFX) $(ICCLIB) $(LDLIBS) smalltest4$(OBJSUFX): tools/smalltest4.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h -$(CC) $(CFLAGS) -I./ -I $(SDK_DIR) tools/smalltest4.c @@ -220,4 +223,4 @@ squeeze$(OBJSUFX): tools/squeeze.c $(TRNG_DIR)/ext_filter.c squeeze$(EXESUFX): squeeze$(OBJSUFX) -$(LD) $(LDFLAGS) squeeze$(OBJSUFX) -#============================= END TRNG components ================================ \ No newline at end of file +#============================= END TRNG components ================================ diff --git a/icc/tracer.h b/icc/tracer.h index 6d8bd4a..94aa10d 100644 --- a/icc/tracer.h +++ b/icc/tracer.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/zlib.mk b/icc/zlib.mk index 9065c35..b71a238 100644 --- a/icc/zlib.mk +++ b/icc/zlib.mk @@ -1,28 +1,33 @@ -## -## * Copyright IBM Corp. 2023 -## * -## * Licensed under the Apache License 2.0 (the "License"). You may not use -## * this file except in compliance with the License. You can obtain a copy -## * in the file LICENSE in the source distribution. -## - -ZLIB_VER = 1.2.13 - -ZLIB = zlib-$(ZLIB_VER) +# +# Copyright IBM Corp. 2023 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution. +# +# Description: Make stub for building the zlib files used in ICC +# + +#ZLIB_VER = 1.2.13 +ZLIB_VER = 1.3.1 + +ZLIB=zlib +ZLIB_NAME = $(ZLIB)-$(ZLIB_VER) +ZLIB_TAR = $(ICC_ROOT)/openssl_source/$(ZLIB_NAME).tar.gz # EX_SUFFIX (=_ex) is defined to build from source already extracted from tar file and # checked into source control. This option is used by iSeries/OS400 for Clearcase builds. -ZLIB_DIR = $(ICC_ROOT)/$(ZLIB)$(EX_SUFFIX) +# removed zlib version from ZLIB_DIR so that the name does not keep changing so that MSVC projects are possible +ZLIB_DIR = $(ICC_ROOT)/zlib$(EX_SUFFIX) + +ZLIB_SRC = $(ZLIB_DIR)/adler32.c $(ZLIB_DIR)/compress.c $(ZLIB_DIR)/crc32.c \ + $(ZLIB_DIR)/deflate.c $(ZLIB_DIR)/trees.c $(ZLIB_DIR)/zutil.c + +ZLIB_SRC2 = $(ZLIB_DIR)/inffast.c $(ZLIB_DIR)/inflate.c $(ZLIB_DIR)/infback.c $(ZLIB_DIR)/inftrees.c $(ZLIB_DIR)/uncompr.c -ZLIB_SRC = $(ZLIB_DIR)/adler32.c $(ZLIB_DIR)/compress.c $(ZLIB_DIR)/crc32.c \ - $(ZLIB_DIR)/deflate.c $(ZLIB_DIR)/inffast.c $(ZLIB_DIR)/inflate.c \ - $(ZLIB_DIR)/infback.c $(ZLIB_DIR)/inftrees.c $(ZLIB_DIR)/trees.c \ - $(ZLIB_DIR)/uncompr.c $(ZLIB_DIR)/zutil.c +ZLIB_OBJ = adler32$(OBJSUFX) compress$(OBJSUFX) crc32$(OBJSUFX) deflate$(OBJSUFX) trees$(OBJSUFX) zutil$(OBJSUFX) -ZLIB_OBJ = adler32$(OBJSUFX) compress$(OBJSUFX) crc32$(OBJSUFX) \ - deflate$(OBJSUFX) inffast$(OBJSUFX) inflate$(OBJSUFX) \ - infback$(OBJSUFX) inftrees$(OBJSUFX) trees$(OBJSUFX) \ - uncompr$(OBJSUFX) zutil$(OBJSUFX) +ZLIB_OBJ2 = inffast$(OBJSUFX) inflate$(OBJSUFX) infback$(OBJSUFX) inftrees$(OBJSUFX) uncompr$(OBJSUFX) make_zlib: $(STLPRFX)zlib$(STLSUFX) @@ -70,10 +75,15 @@ zutil$(OBJSUFX): $(ZLIB_DIR)/zutil.c $(ZLIB_DIR)/zlib.h #- Nothing to do if using extracted source in Clearcase (for iSeries builds) #- -create_zlib: ../openssl_source/$(ZLIB).tar.gz +create_zlib: $(ZLIB_TAR) + if [ -e $(ZLIB_DIR) ] ; then rm -r $(ZLIB_DIR) ; fi [ -n "$(EX_SUFFIX)" ] || \ - ( cd .. ;\ - tar xzf openssl_source/$(ZLIB).tar.gz ;\ + ( cd .. ; \ + rm -rf x; mkdir x; cd x; \ + tar xzf $(ZLIB_TAR) ; \ + sleep 1 ; \ + mv $(ZLIB_NAME) $(ZLIB_DIR) ; \ + cd ..; \ ) [ -n "$(EX_SUFFIX)" ] || \ ( cd $(ZLIB_DIR); \ diff --git a/iccpkg/Makefile b/iccpkg/Makefile index b8bf986..7b14b38 100644 --- a/iccpkg/Makefile +++ b/iccpkg/Makefile @@ -178,7 +178,7 @@ pqc_tests: echo "No dks pqc support" else pqc_tests: - $(MAKE) -C pqc tests + "$(MAKE)" -C pqc tests endif # cache_test$(EXESUFX) Specify manually as a target, may not build/run on all platforms due @@ -336,7 +336,7 @@ $(GSK_SDK)/argon2_example.c: $(GSK_SDK) Argon2/argon2_example.c $(CP) Argon2/argon2_example.c $@ pqc/kemtest$(EXESUFX): - $(MAKE) -C pqc all + "$(MAKE)" -C pqc all $(GSK_SDK)/kemtest$(EXESUFX): $(GSK_SDK) pqc/kemtest$(EXESUFX) $(CP) pqc/kemtest$(EXESUFX) $@ @@ -345,7 +345,7 @@ $(GSK_SDK)/kemtest.c: $(GSK_SDK) pqc/kemtest.c $(CP) pqc/kemtest.c $@ pqc/sigtest$(EXESUFX): - $(MAKE) -C pqc all + "$(MAKE)" -C pqc all $(GSK_SDK)/sigtest$(EXESUFX): $(GSK_SDK) pqc/sigtest$(EXESUFX) $(CP) pqc/sigtest$(EXESUFX) $@ @@ -465,9 +465,9 @@ clean: clean_jgsk clean_ickc -$(RM) -r $(GSK_SDK)/* -$(RM) -r $(TMP_SRC) $(TMP_OBJS) -$(RM) exports_old/*.exp exports_old/iccstepZOS.h - -$(MAKE) -C TOTP clean + "$(MAKE)" -C TOTP clean -$(RM) Doxyfile - -$(MAKE) -C pqc clean + "$(MAKE)" -C pqc clean # Note: Need to rm after copy as Windows looks in the same directory as exe's @@ -523,9 +523,7 @@ cache_test$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_ca # Note different from icc/icctest which links direct to the module icctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) - $(CP) $(ICC_ROOT)/icc/icctest.c . - $(CC) $(CFLAGS) -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG icctest.c - -$(RM) icctest.c + $(CC) $(CFLAGS) -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG $(ICC_ROOT)/icc/icctest.c icctest$(EXESUFX): icctest$(OBJSUFX) $(GSK_LIB) $(LD) $(LDFLAGS) icctest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) @@ -630,21 +628,21 @@ pktest_direct$(EXESUFX): pktest$(OBJSUFX) pktest_common$(OBJSUFX) \ # Build the performance test code for ICCPKG $(ICCPKG_PERF): $(GSK_LIB) - $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) gsk + $(SETUP_ICCSPEED) "$(MAKE)" -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) gsk $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/icc_perf$(EXESUFX) $@ $(JICC_PERF): $(JGSK_LIB) - $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) jgsk; + $(SETUP_ICCSPEED) "$(MAKE)" -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) jgsk; $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/jicc_perf$(EXESUFX) $@ $(ICC_ROOT)/pk11/keystoretool$(EXESUFX): - $(MAKE) -C $(ICC_ROOT)/pk11 keystoretool$(EXESUFX) + "$(MAKE)" -C $(ICC_ROOT)/pk11 keystoretool$(EXESUFX) $(GSK_SDK)/keystoretool$(EXESUFX): $(ICC_ROOT)/pk11/keystoretool$(EXESUFX) $(CP) $(ICC_ROOT)/pk11/keystoretool$(EXESUFX) $@ $(PK11_PERF): $(GSK_LIB) - $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) pkcs11 + $(SETUP_ICCSPEED) "$(MAKE)" -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) pkcs11 $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/pkcs11_thread$(EXESUFX) $@ $(GSK_RNG): $(GSK_LIB) GenRndData2$(EXESUFX) diff --git a/iccpkg/gsk_crypto.mk b/iccpkg/gsk_crypto.mk index 744a9a5..b3152ec 100644 --- a/iccpkg/gsk_crypto.mk +++ b/iccpkg/gsk_crypto.mk @@ -8,16 +8,20 @@ # GSkit version we are building for GSK_VER = 8 +# ref PACKAGE_DIR +$(ICC_ROOT)/package: + $(MKDIR) $@ + # Where we park the binaries GSK_DIR = $(ICC_ROOT)/package/gskit_crypto -$(GSK_DIR): +$(GSK_DIR): $(ICC_ROOT)/package $(MKDIR) $@ # Where we find the header files for using GSkit-crypto GSK_SDK = $(ICC_ROOT)/package/gsk_sdk -$(GSK_SDK): +$(GSK_SDK): $(ICC_ROOT)/package $(MKDIR) $@ # static lib must be seperate from the shared lib @@ -43,11 +47,11 @@ $(GSK_SDK)/iccglobals.h: $(ICC_ROOT)/icc/iccglobals.h $(GSK_SDK) # Directories for Java version of GSkit_Crypto # JGSK_DIR = $(ICC_ROOT)/package/jgskit_crypto -$(JGSK_DIR): +$(JGSK_DIR) $(JGSK_DIR)/: $(ICC_ROOT)/package $(MKDIR) $@ JGSK_SDK = $(ICC_ROOT)/package/jgsk_sdk -$(JGSK_SDK): +$(JGSK_SDK) $(JGSK_SDK)/: $(ICC_ROOT)/package $(MKDIR) $@ $(JGSK_SDK)/docs: $(JGSK_SDK) $(MKDIR) $@ @@ -64,11 +68,11 @@ $(JGSK_SDK)/debug: $(JGSK_SDK) # Directories for ICKC_ namespaced version # ICKC_DIR = $(ICC_ROOT)/package/ickc_crypto -$(ICKC_DIR): +$(ICKC_DIR): $(ICC_ROOT)/package $(MKDIR) $@ ICKC_SDK = $(ICC_ROOT)/package/ickc_sdk -$(ICKC_SDK): +$(ICKC_SDK): $(ICC_ROOT)/package $(MKDIR) $@ $(ICKC_SDK)/docs: $(ICKC_SDK) $(MKDIR) $@ diff --git a/iccpkg/platforms/AIX64_.mk b/iccpkg/platforms/AIX64_.mk index 6afb04e..942b0ae 100644 --- a/iccpkg/platforms/AIX64_.mk +++ b/iccpkg/platforms/AIX64_.mk @@ -21,12 +21,9 @@ $(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ ifneq ($(strip $(MUPPET)),) # ar x not working on AIX64 for some reason # will need to link $(MUPPET) in icctest_s -#OLD_ICC_OBJ=icc$(OBJSUFX) -#OLD_ICC_OBJ_AR=$(AR) t $(MUPPET) ; $(AR) x $(MUPPET) $(OLD_ICC_OBJ) -#OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) -OLD_ICC_OBJ= -OLD_ICC_OBJ_AR= -OLD_ICC_OBJ_CLEAN= +OLD_ICC_OBJ=icc$(OBJSUFX) +OLD_ICC_OBJ_AR=$(AR) t $(MUPPET) ; $(AR) -X64 -x $(MUPPET) +OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) endif # Static lib diff --git a/libdks_icc/defs.mk b/libdks_icc/defs.mk index eb1e88f..fdcc375 100644 --- a/libdks_icc/defs.mk +++ b/libdks_icc/defs.mk @@ -38,7 +38,8 @@ endif # Expliticly set for if platform specific flag modifications are needed # linux64 needs c99 for nistkat/*.c on phelix -AMD64_LINUX_CFLAGS := -std=gnu99 $(filter-out -Wpedantic -Wvla -m32,$(LINUX_CFLAGS)) +# linux64 needs -O3 on CONFIG=debug builds or KAT times out +AMD64_LINUX_CFLAGS := -std=gnu99 -O3 $(filter-out -O0 -std=gnu99 -Wpedantic -Wvla -m32,$(LINUX_CFLAGS)) LINUX_CFLAGS := -std=gnu99 -m32 $(filter-out -Wpedantic -Wvla -Wno-unused-result -m32,$(LINUX_CFLAGS)) PPC64_LINUX_CFLAGS := -m64 $(filter-out -Wpedantic -Wvla -z noexecstack -m32,$(LINUX_CFLAGS)) S390X_LINUX_CFLAGS := -std=c99 $(filter-out -Wpedantic -Wvla -m32,$(LINUX_CFLAGS)) diff --git a/libdks_icc/sphincs/ref/Makefile b/libdks_icc/sphincs/ref/Makefile index 5a3178b..dc44bd2 100644 --- a/libdks_icc/sphincs/ref/Makefile +++ b/libdks_icc/sphincs/ref/Makefile @@ -3,7 +3,10 @@ PARAMS = sphincs-$(VARIANT) THASH = robust CC=/usr/bin/gcc +# -O3 because KAT runs too slow for CI with -O0 LINUX_CFLAGS=-Wall -Wextra -Wpedantic -O3 -std=c99 -Wconversion -Wmissing-prototypes +# 64 bit picks up these +LINUX_debug_CFLAGS = -g3 -O3 MY_CFLAGS=-DPARAMS=$(PARAMS) $(EXTRA_CFLAGS) @@ -31,8 +34,8 @@ HEADERS += $(HASH_HEADERS) SOURCES = $(LIB_SOURCES) $(addprefix $(VARIANT)-,randombytes.c) -DET_SOURCES = $(SOURCES:randombytes.%=rng.%) -DET_HEADERS = $(HEADERS:randombytes.%=rng.%) +DET_SOURCES = $(SOURCES:$(VARIANT)-randombytes.%=$(VARIANT)-rng.%) $(HASH_SOURCES) +DET_HEADERS = $(HEADERS:$(VARIANT)-randombytes.%=$(VARIANT)-rng.%) $(HASH_HEADERS) TESTS = test/fors \ test/spx \ @@ -44,7 +47,7 @@ OS=WIN .PHONY: default clean test benchmark static -default: PQCgenKAT_sign +default: nistkat ICC_ROOT=../../.. include ../../defs.mk @@ -54,12 +57,15 @@ CFLAGS+=$(MY_CFLAGS) Makefile: ../../defs.mk touch $@ -all: static PQCgenKAT_sign tests benchmarks +all: static nistkat tests benchmarks -tests: $(TESTS) +tests: + $(OPENSSL_PATH_SETUP) ./PQCgenKAT_$(VARIANT)-sign$(EXESUFX) test: $(TESTS:=.exec) +nistkat: PQCgenKAT_$(VARIANT)-sign$(EXESUFX) + benchmarks: $(BENCHMARK) benchmark: $(BENCHMARK:=.exec) @@ -76,17 +82,17 @@ libsphincs_ref-hash-$(PARAMS)$(STLSUFX): $(HASH_SOURCES) $(HASH_HEADERS) Makefil $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(HASH_SOURCES)) $(RM) $(subst .c,$(OBJ_EXT), $(HASH_SOURCES)) -PQCgenKAT_sign: PQCgenKAT_sign.c $(DET_SOURCES) $(DET_HEADERS) - $(CC) $(CFLAGS) -o $@ $(DET_SOURCES) $< -lcrypto +PQCgenKAT_$(VARIANT)-sign$(EXESUFX): PQCgenKAT_sign.c $(DET_SOURCES) $(DET_HEADERS) + $(CC) $(filter-out -c, $(CFLAGS)) -o $@ $(DET_SOURCES) $< $(LIBS) -test/benchmark: test/benchmark.c test/cycles.c $(SOURCES) $(HEADERS) - $(CC) $(CFLAGS) -o $@ test/cycles.c $(SOURCES) $< $(LDLIBS) +test/benchmark$(EXESUFX): test/benchmark.c test/cycles.c $(SOURCES) $(HEADERS) + $(CC) $(CFLAGS) -o $@ test/cycles.c $(SOURCES) $< $(LIBS) test/%: test/%.c $(SOURCES) $(HEADERS) - $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) + $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LIBS) -test/haraka: test/haraka.c $(filter-out haraka.c,$(SOURCES)) $(HEADERS) - $(CC) $(CFLAGS) -o $@ $(filter-out haraka.c,$(SOURCES)) $< $(LDLIBS) +test/haraka$(EXESUFX): test/haraka.c $(filter-out haraka.c,$(SOURCES)) $(HEADERS) + $(CC) $(CFLAGS) -o $@ $(filter-out haraka.c,$(SOURCES)) $< $(LIBS) test/%.exec: test/% @$< @@ -94,6 +100,7 @@ test/%.exec: test/% clean: -$(RM) $(TESTS) -$(RM) $(BENCHMARK) - -$(RM) PQCgenKAT_sign + -$(RM) PQCgenKAT_$(VARIANT)-sign$(EXESUFX) + -$(RM) *.o *.obj -$(RM) PQCsignKAT_*.rsp -$(RM) PQCsignKAT_*.req diff --git a/openssl_source/zlib-1.3.1.tar.gz b/openssl_source/zlib-1.3.1.tar.gz new file mode 100644 index 0000000..53fa48b Binary files /dev/null and b/openssl_source/zlib-1.3.1.tar.gz differ