From a45998152d35bd30bdd4c03a60d659234380cd12 Mon Sep 17 00:00:00 2001 From: expressvpn-raihaan-m <98149193+expressvpn-raihaan-m@users.noreply.github.com> Date: Fri, 28 Jul 2023 11:12:11 +0800 Subject: [PATCH 1/3] api: add he_enable_debugging function --- 3rd_party_deps.yml | 1 + ios/autotools-ios-helper.sh | 4 +++- public/he.h | 8 ++++++++ src/he/ssl_ctx.c | 13 +++++++++++++ src/he/ssl_ctx.h | 8 ++++++++ windows/wolfssl-user_settings-common.h | 4 ++++ 6 files changed, 37 insertions(+), 1 deletion(-) diff --git a/3rd_party_deps.yml b/3rd_party_deps.yml index c73ac9c8..cbe9034e 100644 --- a/3rd_party_deps.yml +++ b/3rd_party_deps.yml @@ -11,6 +11,7 @@ --disable-dilithium --enable-aes-bitsliced --enable-curve25519 + --enable-debug --enable-dtls --enable-dtls13 --enable-dtls-frag-ch diff --git a/ios/autotools-ios-helper.sh b/ios/autotools-ios-helper.sh index 0b87497f..ecc94618 100755 --- a/ios/autotools-ios-helper.sh +++ b/ios/autotools-ios-helper.sh @@ -66,7 +66,9 @@ build() { --enable-aes-bitsliced \ --enable-experimental \ --enable-sha3 \ - --enable-kyber=all,original,ml-kem + --enable-kyber=all,original,ml-kem \ + --enable-debug + make clean mkdir -p "${EXEC_PREFIX}" make V=1 -j"${MAKE_JOBS}" --debug=j diff --git a/public/he.h b/public/he.h index 6982a85c..505340a1 100644 --- a/public/he.h +++ b/public/he.h @@ -644,6 +644,14 @@ he_return_code_t he_init(void); */ he_return_code_t he_cleanup(void); +typedef void (*he_log_cb_t)(const int log_level, const char *const log_msg); + +/** + * @brief Enable WolfSSL debug logging and set the log callback + * @return HE_SUCCESS on success, HE_ERR_FAILED on any error. + */ +he_return_code_t he_enable_debugging(he_log_cb_t log_cb); + /** * @brief Checks whether the client context has the basic configuration to allow Helium to connect. * @param ctx A pointer to a valid SSL context configuration diff --git a/src/he/ssl_ctx.c b/src/he/ssl_ctx.c index 1591c2ce..5c32f545 100644 --- a/src/he/ssl_ctx.c +++ b/src/he/ssl_ctx.c @@ -52,6 +52,19 @@ he_return_code_t he_cleanup() { return HE_SUCCESS; } +he_return_code_t he_enable_debugging(he_log_cb_t log_cb) { + int rc = wolfSSL_Debugging_ON(); + if(rc) { + return HE_ERR_FAILED; + } + if(log_cb) { + if(wolfSSL_SetLoggingCb(log_cb)) { + return HE_ERR_FAILED; + } + }; + return HE_SUCCESS; +} + static he_return_code_t he_ssl_ctx_is_valid_common(he_ssl_ctx_t *ctx) { if(!ctx) { return HE_ERR_NULL_POINTER; diff --git a/src/he/ssl_ctx.h b/src/he/ssl_ctx.h index 5429cbdb..5080cdf5 100644 --- a/src/he/ssl_ctx.h +++ b/src/he/ssl_ctx.h @@ -55,6 +55,14 @@ he_return_code_t he_init(void); */ he_return_code_t he_cleanup(void); +typedef void (*he_log_cb_t)(const int log_level, const char *const log_msg); + +/** + * @brief Enable WolfSSL debug logging and set the log callback + * @return HE_SUCCESS on success, HE_ERR_FAILED on any error. + */ +he_return_code_t he_enable_debugging(he_log_cb_t log_cb); + /** * @brief Checks whether the client context has the basic configuration to allow Helium to connect. * @param ctx A pointer to a valid SSL context configuration diff --git a/windows/wolfssl-user_settings-common.h b/windows/wolfssl-user_settings-common.h index 42a92737..a28de1cf 100644 --- a/windows/wolfssl-user_settings-common.h +++ b/windows/wolfssl-user_settings-common.h @@ -209,4 +209,8 @@ #undef WOLFSSL_SHAKE256 #define WOLFSSL_SHAKE256 +// Turn on debugging +#undef DEBUG_WOLFSSL +#define DEBUG_WOLFSSL + #endif /* _WIN_USER_SETTINGS_COMMON_H_ */ From 065b3e4f5578df4552357a04338444c52c3f1516 Mon Sep 17 00:00:00 2001 From: Raihaan Shouhell Date: Mon, 17 Mar 2025 20:57:47 +0800 Subject: [PATCH 2/3] wolfssl: add patch to fix debug messages --- windows_32.yml | 1 + windows_64.yml | 1 + windows_64_multithread.yml | 1 + ...-messages-while-preserving-semantics.patch | 42 +++++++++++++++++++ 4 files changed, 45 insertions(+) create mode 100644 wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch diff --git a/windows_32.yml b/windows_32.yml index 334925fb..17c999d6 100644 --- a/windows_32.yml +++ b/windows_32.yml @@ -21,6 +21,7 @@ - git apply ../../wolfssl/0007-fix-kyber-prf-non-avx2.patch - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch + - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-32.h >> wolfssl/user_settings.h" - "cp -f wolfssl/user_settings.h IDE/WIN/user_settings.h" diff --git a/windows_64.yml b/windows_64.yml index bea96cc0..e8f6bf28 100644 --- a/windows_64.yml +++ b/windows_64.yml @@ -21,6 +21,7 @@ - git apply ../../wolfssl/0007-fix-kyber-prf-non-avx2.patch - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch + - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-64.h >> wolfssl/user_settings.h" - "cp -f wolfssl/user_settings.h IDE/WIN/user_settings.h" diff --git a/windows_64_multithread.yml b/windows_64_multithread.yml index 89fd1bb5..814ba099 100644 --- a/windows_64_multithread.yml +++ b/windows_64_multithread.yml @@ -21,6 +21,7 @@ - git apply ../../wolfssl/0007-fix-kyber-prf-non-avx2.patch - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch + - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-64.h >> wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-multithread.h >> wolfssl/user_settings.h" diff --git a/wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch b/wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch new file mode 100644 index 00000000..bdfcd29f --- /dev/null +++ b/wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch @@ -0,0 +1,42 @@ +From bb11833d885eb4867fe9ec0f73fb65d5a26412f7 Mon Sep 17 00:00:00 2001 +From: Raihaan Shouhell +Date: Mon, 17 Mar 2025 20:55:57 +0800 +Subject: [PATCH] rng: move debug messages while preserving semantics + +--- + wolfcrypt/src/random.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c +index 278e2d72c..7c32cc024 100644 +--- a/wolfcrypt/src/random.c ++++ b/wolfcrypt/src/random.c +@@ -1719,15 +1719,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, + #else + ret = wc_GenerateSeed(&rng->seed, seed, seedSz); + #endif /* WC_RNG_SEED_CB */ +- if (ret == 0) +- ret = wc_RNG_TestSeed(seed, seedSz); +- else { ++ if (ret != 0) { + #if defined(DEBUG_WOLFSSL) +- WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret); ++ WOLFSSL_MSG_EX("Seed generation failed... %d", ret); + #endif + ret = DRBG_FAILURE; + rng->status = DRBG_FAILED; + } ++ if (ret == 0) ++ ret = wc_RNG_TestSeed(seed, seedSz); ++ ++ #if defined(DEBUG_WOLFSSL) ++ if (ret != 0) { ++ WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret); ++ } ++ #endif + + if (ret == DRBG_SUCCESS) + ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg, +-- +2.48.1 + From ac779dc9493e643593bd43a186b866580b68296d Mon Sep 17 00:00:00 2001 From: Raihaan Shouhell Date: Tue, 18 Mar 2025 13:11:58 +0800 Subject: [PATCH 3/3] wolfssl: allow fallback from rdseed --- windows_32.yml | 1 + windows_64.yml | 1 + windows_64_multithread.yml | 1 + ...-allow-rdseed-to-fallback-on-windows.patch | 54 +++++++++++++++++++ 4 files changed, 57 insertions(+) create mode 100644 wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch diff --git a/windows_32.yml b/windows_32.yml index 17c999d6..dbd8e614 100644 --- a/windows_32.yml +++ b/windows_32.yml @@ -22,6 +22,7 @@ - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch + - git apply ../../wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-32.h >> wolfssl/user_settings.h" - "cp -f wolfssl/user_settings.h IDE/WIN/user_settings.h" diff --git a/windows_64.yml b/windows_64.yml index e8f6bf28..4ed45296 100644 --- a/windows_64.yml +++ b/windows_64.yml @@ -22,6 +22,7 @@ - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch + - git apply ../../wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-64.h >> wolfssl/user_settings.h" - "cp -f wolfssl/user_settings.h IDE/WIN/user_settings.h" diff --git a/windows_64_multithread.yml b/windows_64_multithread.yml index 814ba099..3e6b2cfa 100644 --- a/windows_64_multithread.yml +++ b/windows_64_multithread.yml @@ -22,6 +22,7 @@ - git apply ../../wolfssl/0008-intel-illegal-instruction.patch - git apply ../../wolfssl/0009-reverse-only-with-avx12.patch - git apply ../../wolfssl/0010-rng-move-debug-messages-while-preserving-semantics.patch + - git apply ../../wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch - "cp ../../windows/wolfssl-user_settings-common.h wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-64.h >> wolfssl/user_settings.h" - "cat ../../windows/wolfssl-user_settings-multithread.h >> wolfssl/user_settings.h" diff --git a/wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch b/wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch new file mode 100644 index 00000000..cd0910e9 --- /dev/null +++ b/wolfssl/0011-random-allow-rdseed-to-fallback-on-windows.patch @@ -0,0 +1,54 @@ +From b84924d610c609673e00f61630e53039ae209a61 Mon Sep 17 00:00:00 2001 +From: Raihaan Shouhell +Date: Tue, 18 Mar 2025 13:09:33 +0800 +Subject: [PATCH] random: allow rdseed to fallback on windows + +--- + wolfcrypt/src/random.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c +index 7c32cc024..cdd7eb73a 100644 +--- a/wolfcrypt/src/random.c ++++ b/wolfcrypt/src/random.c +@@ -2695,17 +2695,31 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + + #ifdef HAVE_INTEL_RDSEED + if (IS_INTEL_RDSEED(intel_flags)) { +- if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) { +- /* success, we're done */ +- return 0; +- } ++ #if defined(DEBUG_WOLFSSL) ++ WOLFSSL_MSG_EX("Using RDSEED"); ++ #endif ++ if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) { ++ if (wc_RNG_TestSeed(output, sz) == 0) { ++ /* success, we're done */ ++ return 0; ++ } ++ #if defined(DEBUG_WOLFSSL) ++ else { ++ WOLFSSL_MSG_EX("Using RDSEED returned bad data"); ++ } ++ #endif ++ } + #ifdef FORCE_FAILURE_RDSEED +- /* don't fall back to CryptoAPI */ +- return READ_RAN_E; ++ /* don't fall back to CryptoAPI */ ++ return READ_RAN_E; + #endif + } + #endif /* HAVE_INTEL_RDSEED */ + ++ #if defined(DEBUG_WOLFSSL) ++ WOLFSSL_MSG_EX("Using WinCryptRandom"); ++ #endif ++ + if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + return WINCRYPT_E; +-- +2.48.1 +